Use 2a algo ident until node bcrypt has 2y support

- 2y algo is identical to 2a except for fixing an issue with unicode input
  strings so this should be safe to do.
- A request to add support for the 2y identifier has been opened here:
  kelektiv/node.bcrypt.js#175 , once this is
  implemented go back to using the origin repo.

lib/password.php

@@ -49,7 +49,7 @@ function password_hash($password, $algo, array $options = array()) {
                 $raw_salt_len = 16;
                 // The length required in the final serialization
                 $required_salt_len = 22;
-                $hash_format = sprintf("$2y$%02d$", $cost);
+                $hash_format = sprintf("$2a$%02d$", $cost);
                 break;
             default:
                 trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
@@ -155,10 +155,10 @@ function password_get_info($hash) {
             'algoName' => 'unknown',
             'options' => array(),
         );
-        if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) {
+        if (substr($hash, 0, 4) == '$2a$' && strlen($hash) == 60) {
             $return['algo'] = PASSWORD_BCRYPT;
             $return['algoName'] = 'bcrypt';
-            list($cost) = sscanf($hash, "$2y$%d$");
+            list($cost) = sscanf($hash, "$2a$%d$");
             $return['options']['cost'] = $cost;
         }
         return $return;