# verify password
$authhash = md5($usertest);
if (isset($inpass)) {
- if (!password_verify($inpass, $usertest)) return;
+ if (substr($usertest, 0, 1) == '$') {
+ if (!password_verify($inpass, $usertest)) return;
+ }
+ else {
+ if ($inpass !== $usertest) return;
+ }
}
else {
if ($inauth !== $authhash) return;
if (function_exists('apache_note')) apache_note('user', $inuser);
+ if ($log = @fopen("$userdir/last.log", 'w')) {
+ fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+ }
+
return [
'name' => $inuser,
'admin' => file_exists("$userdir/.admin"),