Admin Login

50) { $err = 'Invalid username.'; } elseif ($pass === '') { $err = 'Password is required.'; } else { // Prepared statement => SQLi safe $st = pdo()->prepare("SELECT id, username, pass_hash FROM admin_users WHERE username = ? LIMIT 1"); $st->execute([$user]); $a = $st->fetch(PDO::FETCH_ASSOC); if (!$a || empty($a['pass_hash']) || !password_verify($pass, (string)$a['pass_hash'])) { $err = 'Wrong username or password.'; } else { $algo = defined('PASSWORD_ARGON2ID') ? PASSWORD_ARGON2ID : PASSWORD_DEFAULT; $opts = ['memory_cost' => 1 << 17, 'time_cost' => 4, 'threads' => 2]; if (password_needs_rehash((string)$a['pass_hash'], $algo, $opts)) { try { $newHash = password_hash($pass, $algo, $opts); $up = pdo()->prepare("UPDATE admin_users SET pass_hash=? WHERE id=?"); $up->execute([$newHash, (int)$a['id']]); } catch (Throwable $e) { // best-effort; continue login } } admin_login($a, $remember); header('Location: ' . url_path('/public/admin/dashboard.php')); exit; } } } ?> Admin Login

Welcome back

Secure