Added Blackcodec's password security code

config/users/username.ini.example

@@ -1,5 +1,9 @@
 ;Password
 password = yourpassword
+encryption = clear
+; encryption: not set, leave blank or set to clear or none to use plain text password for the user,
+; else set to encryption algoritm supported by hash function of php to use the selected
+; encryption
 
 ;Role
 role = admin

system/admin/admin.php

@@ -15,16 +15,20 @@ function user($key, $user = null) {
 // Create a session
 function session($user, $pass, $str = null) {
     $user_file = 'config/users/' . $user . '.ini';
+    $user_enc = user('encryption', $user);
     $user_pass = user('password', $user);
+    $password = (strlen($user_enc) > 0 && $user_enc !== 'clear' && $user_enc !== 'none')?hash($user_enc,$pass):$pass;
 
-    if (file_exists($user_file)) {
-        if ($pass === $user_pass) {
+    if(file_exists($user_file)) {
+        if($pass === $user_pass) {
             $_SESSION[config("site.url")]['user'] = $user;
             header('location: admin');
-        } else {
+        }
+        else {
             return $str = '<li>Your username and password mismatch.</li>';
         }
-    } else {
+    }
+    else {
         return $str = '<li>Username not found in our record.</li>';
     }
 }