From d1f41a19c92ca0570db634a09d3473de426fce3d Mon Sep 17 00:00:00 2001
From: Naiel <109038805+naielv@users.noreply.github.com>
Date: Mon, 26 Jan 2026 10:18:45 +0100
Subject: [PATCH] Replace password hash check with password_verify

---
 public_html/_incl/auth_redir.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/public_html/_incl/auth_redir.php b/public_html/_incl/auth_redir.php
index 09a34d8..64badbf 100755
--- a/public_html/_incl/auth_redir.php
+++ b/public_html/_incl/auth_redir.php
@@ -13,7 +13,7 @@ if (str_starts_with($ua, "SysAdminAuth/")) {
         header("HTTP/1.1 403 Forbidden");
         die();
     }
-    if ($userdata["password"] !== hash("sha256", $userpass)) {
+    if (password_verify($userpass, $userdata["password"])) {
         header("HTTP/1.1 403 Forbidden");
         die();
     }
@@ -32,4 +32,4 @@ if (!$_SESSION["auth_ok"]) {
 if (!in_array("$APP_CODE:access", $_SESSION["auth_data"]["permissions"])) {
     header("Location: /index.php?_resultcolor=red&_result=" . urlencode("No tienes permisos para acceder a $APP_NAME."));
     die();
-}
\ No newline at end of file
+}