Replace password hash check with password_verify

2026-01-26 10:18:45 +01:00
parent 04dfa477d2
commit d1f41a19c9
1 changed files with 2 additions and 2 deletions
--- a/public_html/_incl/auth_redir.php
+++ b/public_html/_incl/auth_redir.php
@@ -13,7 +13,7 @@ if (str_starts_with($ua, "SysAdminAuth/")) {
        header("HTTP/1.1 403 Forbidden");
        die();
    }
-    if ($userdata["password"] !== hash("sha256", $userpass)) {
+    if (password_verify($userpass, $userdata["password"])) {
        header("HTTP/1.1 403 Forbidden");
        die();
    }