From b362c4db0f8cce03fbfbe63b3f1e3a1014d5c8ac Mon Sep 17 00:00:00 2001
From: Marco Dickert <marco@misterunknown.de>
Date: Fri, 26 Feb 2016 16:37:13 +0100
Subject: [PATCH] misterunknown: fixed some authentication bugs

---
 ifm.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ifm.php b/ifm.php
index 0f1b42e..0638426 100644
--- a/ifm.php
+++ b/ifm.php
@@ -1529,12 +1529,12 @@ function checkCredentials($user, $pass) {
 			list($uname, $hash) = explode(":", $srcopt);
 			break;
 		case "file":
-			if(file_exists($srcopt) && is_readable($srcopt)) {
-				list($uname, $hash) = explode(":", fgets(fopen($file, 'r')));
+			if(@file_exists($srcopt) && @is_readable($srcopt)) {
+				list($uname, $hash) = explode(":", fgets(fopen($srcopt, 'r')));
 			}
 			break;
 	}
-	return password_verify($pass, $hash)?($uname == $user):false;
+	return password_verify($pass, trim($hash))?($uname == $user):false;
 }
 // print login form
 function loginForm($loginFailed=false) {