context); if ($loginPage->formWasSent) { $loginPage->fieldUsername = trim($loginPage->fieldUsername); // find user $user = User::byName($loginPage->fieldUsername); // check password // (use a dummy hash if no user was found, to make timing attacks harder) $pwHash = $user?->pwHash ?? '$argon2id$v=19$m=65536,t=4,p=1$WmxPVmd5aGdkandaNWZTcA$6hcqXkBJIGgWkcGLdqZeHhkV83JKtn5Ke7jXRS31X2s'; $pwValid = password_verify($loginPage->fieldPassword, $pwHash); if ($pwValid && !empty($user)) { $this->context->session = Session::create($user); return new LoginRedirection($this->context); } else { $loginPage->errorLoginDataInvalid = true; } } return $loginPage; } }