From 7963ae985424147c490b3e8c85ac9482a3220f54 Mon Sep 17 00:00:00 2001
From: Kanti <git@kanti.de>
Date: Wed, 6 Aug 2014 07:09:40 +0200
Subject: [PATCH] Added Blackcodec's password security code

---
 config/users/username.ini.example |  4 ++++
 system/admin/admin.php            | 12 ++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/config/users/username.ini.example b/config/users/username.ini.example
index befaed5..6154b62 100644
--- a/config/users/username.ini.example
+++ b/config/users/username.ini.example
@@ -1,5 +1,9 @@
 ;Password
 password = yourpassword
+encryption = clear
+; encryption: not set, leave blank or set to clear or none to use plain text password for the user,
+; else set to encryption algoritm supported by hash function of php to use the selected
+; encryption
 
 ;Role
 role = admin
\ No newline at end of file
diff --git a/system/admin/admin.php b/system/admin/admin.php
index 6f8dce8..90c9922 100644
--- a/system/admin/admin.php
+++ b/system/admin/admin.php
@@ -15,16 +15,20 @@ function user($key, $user = null) {
 // Create a session
 function session($user, $pass, $str = null) {
     $user_file = 'config/users/' . $user . '.ini';
+    $user_enc = user('encryption', $user);
     $user_pass = user('password', $user);
+    $password = (strlen($user_enc) > 0 && $user_enc !== 'clear' && $user_enc !== 'none')?hash($user_enc,$pass):$pass;
 
-    if (file_exists($user_file)) {
-        if ($pass === $user_pass) {
+    if(file_exists($user_file)) {
+        if($pass === $user_pass) {
             $_SESSION[config("site.url")]['user'] = $user;
             header('location: admin');
-        } else {
+        }
+        else {
             return $str = '<li>Your username and password mismatch.</li>';
         }
-    } else {
+    }
+    else {
         return $str = '<li>Username not found in our record.</li>';
     }
 }