From 2331ce3d0fabaa96ffc0569ba516939fa51a48c5 Mon Sep 17 00:00:00 2001
From: Prasath Mani <pmani@sapient.com>
Date: Tue, 16 Oct 2018 13:53:16 +0530
Subject: [PATCH] Fix : Added Password_hash() #31

---
 README.md           | 2 +-
 tinyfilemanager.php | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 5246ae2..65fb852 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ It is a simple, fast and small file manager with single php file. It is also a w
 
 ## Requirements
 
-- PHP 5.2 or higher.
+- PHP 5.5.0 or higher.
 - [Zip extension](http://php.net/manual/en/book.zip.php) for zip and unzip actions.
 - Fileinfo, iconv and mbstring extensions are strongly recommended.
 
diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index 9b5f67a..6584f82 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -14,8 +14,8 @@ $use_auth = true;
 
 // Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
 $auth_users = array(
-    'admin' => 'admin',
-    'user' => '12345',
+    'admin' => password_hash('admin', PASSWORD_DEFAULT),
+    'user' => password_hash('12345', PASSWORD_DEFAULT)
 );
 
 // Readonly users (usernames array)
@@ -124,7 +124,7 @@ if ($use_auth) {
     } elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'])) {
         // Logging In
         sleep(1);
-        if (isset($auth_users[$_POST['fm_usr']]) && $_POST['fm_pwd'] === $auth_users[$_POST['fm_usr']]) {
+        if (isset($auth_users[$_POST['fm_usr']]) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']])) {
             $_SESSION['logged'] = $_POST['fm_usr'];
             fm_set_msg('You are logged in');
             fm_redirect(FM_SELF_URL . '?p=');