Fix : Added Password_hash() #31

README.md

@@ -5,7 +5,7 @@ It is a simple, fast and small file manager with single php file. It is also a w
 
 ## Requirements
 
-- PHP 5.2 or higher.
+- PHP 5.5.0 or higher.
 - [Zip extension](http://php.net/manual/en/book.zip.php) for zip and unzip actions.
 - Fileinfo, iconv and mbstring extensions are strongly recommended.
 

tinyfilemanager.php

@@ -14,8 +14,8 @@ $use_auth = true;
 
 // Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
 $auth_users = array(
-    'admin' => 'admin',
+    'admin' => password_hash('admin', PASSWORD_DEFAULT),
-    'user' => '12345',
+    'user' => password_hash('12345', PASSWORD_DEFAULT)
 );
 
 // Readonly users (usernames array)
@@ -124,7 +124,7 @@ if ($use_auth) {
     } elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'])) {
         // Logging In
         sleep(1);
-        if (isset($auth_users[$_POST['fm_usr']]) && $_POST['fm_pwd'] === $auth_users[$_POST['fm_usr']]) {
+        if (isset($auth_users[$_POST['fm_usr']]) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']])) {
             $_SESSION['logged'] = $_POST['fm_usr'];
             fm_set_msg('You are logged in');
             fm_redirect(FM_SELF_URL . '?p=');