<?php

namespace App\Auth\Providers;

use Illuminate\Auth\EloquentUserProvider;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Support\Facades\Hash;

class MD5UserProvider extends EloquentUserProvider
{
    public function validateCredentials(Authenticatable $user, array $credentials)
    {
        $plain = $credentials['password'];
        $hashed = $user->getAuthPassword();

        // Nếu là Bcrypt → dùng bình thường
        if (!Hash::needsRehash($hashed)) {
            return Hash::check($plain, $hashed);
        }

        // Nếu là MD5 → kiểm tra tay
        if (md5($plain) === $hashed) {
            // Tự động upgrade
            $user->password = Hash::make($plain);
            $user->save();

            return true;
        }

        return false;
    }
}