From 29a972196f941981fc4b1219af027a99f28b4d8e Mon Sep 17 00:00:00 2001
From: mychidarko <mickdd22@gmail.com>
Date: Thu, 2 Mar 2023 01:11:23 +0000
Subject: [PATCH] feat: set passwordIsValid to false

---
 src/Auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Auth.php b/src/Auth.php
index 6dcc016..6ae211b 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -51,13 +51,13 @@ public static function login(array $credentials)
         }
 
         if (static::$settings['AUTH_NO_PASS'] === false) {
-            $passwordIsValid = true;
+            $passwordIsValid = false;
 
             if (static::$settings['PASSWORD_VERIFY'] !== false && isset($user[$passKey])) {
                 if (is_callable(static::$settings['PASSWORD_VERIFY'])) {
                     $passwordIsValid = call_user_func(static::$settings['PASSWORD_VERIFY'], $password, $user[$passKey]);
                 } else if (static::$settings['PASSWORD_VERIFY'] === Password::MD5) {
-                    $passwordIsValid = (md5($password) === $user[$passKey]);
+                    $passwordIsValid = md5($password) === $user[$passKey];
                 } else {
                     $passwordIsValid = Password::verify($password, $user[$passKey]);
                 }