From da3066e7778dae4f10629515745b18bda4342c9c Mon Sep 17 00:00:00 2001
From: mauirixxx <mauirixxx@paytonohana.net>
Date: Mon, 30 Jul 2018 11:30:25 -1000
Subject: [PATCH] better password hashing maybe?

---
 login.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/login.php b/login.php
index 278f9c9..aa3591e 100644
--- a/login.php
+++ b/login.php
@@ -12,7 +12,8 @@ $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
 session_start();
 $username = mysqli_real_escape_string($con, $_POST['username']);
 $password = mysqli_real_escape_string($con, $_POST['password']);
-$password = sha1($password);
+# $password = sha1($password); //this is the original line of code, just found sha1isn't any better than md5
+$password = password_hash($password, PASSWORD_BCRYPT);
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');
 }