EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace password hash check with password_verify

Browse Source
This commit is contained in:
Naiel
2026-01-26 10:18:45 +01:00
committed by GitHub
parent 04dfa477d2
commit d1f41a19c9
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
public_html/_incl/auth_redir.php
View File

@@ -13,7 +13,7 @@ if (str_starts_with($ua, "SysAdminAuth/")) {
header("HTTP/1.1 403 Forbidden"); header("HTTP/1.1 403 Forbidden");
die(); die();
} }
if ($userdata["password"] !== hash("sha256", $userpass)) { if (password_verify($userpass, $userdata["password"])) {
header("HTTP/1.1 403 Forbidden"); header("HTTP/1.1 403 Forbidden");
die(); die();
} }
@@ -32,4 +32,4 @@ if (!$_SESSION["auth_ok"]) {
if (!in_array("$APP_CODE:access", $_SESSION["auth_data"]["permissions"])) { if (!in_array("$APP_CODE:access", $_SESSION["auth_data"]["permissions"])) {
header("Location: /index.php?_resultcolor=red&_result=" . urlencode("No tienes permisos para acceder a $APP_NAME.")); header("Location: /index.php?_resultcolor=red&_result=" . urlencode("No tienes permisos para acceder a $APP_NAME."));
die(); die();
} }