Fix changing a user password to not incorrectly handle logging out old sessions; closes #3531

app/Http/Requests/Api/Client/Account/UpdateEmailRequest.php

@@ -3,6 +3,8 @@
 namespace Pterodactyl\Http\Requests\Api\Client\Account;
 
 use Pterodactyl\Models\User;
+use Illuminate\Container\Container;
+use Illuminate\Contracts\Hashing\Hasher;
 use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
 use Pterodactyl\Exceptions\Http\Base\InvalidPasswordProvidedException;
 
@@ -17,8 +19,10 @@ class UpdateEmailRequest extends ClientApiRequest
             return false;
         }
 
+        $hasher = Container::getInstance()->make(Hasher::class);
+
         // Verify password matches when changing password or email.
-        if (!password_verify($this->input('password'), $this->user()->password)) {
+        if (!$hasher->check($this->input('password'), $this->user()->password)) {
             throw new InvalidPasswordProvidedException(trans('validation.internal.invalid_password'));
         }
 

app/Http/Requests/Api/Client/Account/UpdatePasswordRequest.php

@@ -2,6 +2,8 @@
 
 namespace Pterodactyl\Http\Requests\Api\Client\Account;
 
+use Illuminate\Container\Container;
+use Illuminate\Contracts\Hashing\Hasher;
 use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
 use Pterodactyl\Exceptions\Http\Base\InvalidPasswordProvidedException;
 
@@ -16,8 +18,10 @@ class UpdatePasswordRequest extends ClientApiRequest
             return false;
         }
 
+        $hasher = Container::getInstance()->make(Hasher::class);
+
         // Verify password matches when changing password or email.
-        if (!password_verify($this->input('current_password'), $this->user()->password)) {
+        if (!$hasher->check($this->input('current_password'), $this->user()->password)) {
             throw new InvalidPasswordProvidedException(trans('validation.internal.invalid_password'));
         }