Fix : Added Password_hash() #31

prasathmani · Oct 16, 2018 · 2331ce3 · 2331ce3
1 parent 484faad
commit 2331ce3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@ It is a simple, fast and small file manager with single php file. It is also a w
 
 ## Requirements
 
-- PHP 5.2 or higher.
+- PHP 5.5.0 or higher.
 - [Zip extension](http://php.net/manual/en/book.zip.php) for zip and unzip actions.
 - Fileinfo, iconv and mbstring extensions are strongly recommended.
 

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
@@ -14,8 +14,8 @@
 
 // Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
 $auth_users = array(
-    'admin' => 'admin',
-    'user' => '12345',
+    'admin' => password_hash('admin', PASSWORD_DEFAULT),
+    'user' => password_hash('12345', PASSWORD_DEFAULT)
 );
 
 // Readonly users (usernames array)
@@ -124,7 +124,7 @@
     } elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'])) {
         // Logging In
         sleep(1);
-        if (isset($auth_users[$_POST['fm_usr']]) && $_POST['fm_pwd'] === $auth_users[$_POST['fm_usr']]) {
+        if (isset($auth_users[$_POST['fm_usr']]) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']])) {
             $_SESSION['logged'] = $_POST['fm_usr'];
             fm_set_msg('You are logged in');
             fm_redirect(FM_SELF_URL . '?p=');