contributte / http / #120

                $user = $request->getUrl()->getUser();

                $password = $request->getUrl()->getPassword();

                if (!$this->auth($user, $password)) {

                        if (class_exists(Debugger::class)) {

                                Debugger::$productionMode = true;

                        $response->setHeader('WWW-Authenticate', sprintf('Basic realm="%s"', $this->title));

                        $response->setCode(IResponse::S401_UNAUTHORIZED);

                        echo '<h1>Authentication failed.</h1>';

                        die;

        }

                if (!isset($this->users[$user])) {

                        return false;

                        ($this->users[$user]['unsecured'] === true && !hash_equals($password, $this->users[$user]['password'])) ||

                        ($this->users[$user]['unsecured'] === false && !password_verify($password, $this->users[$user]['password']))

                        return false;

                return true;