denbooru-php/login.php

<?php
session_start();
$errorMsg = "";
$validUser = $_SESSION["login"] === true;
$hash = "$2y$10\$SfW2H/.Sb.MmnBJxs/svAuK7JGk7hL1GADG8tzj7h.AHApZWtuqYW";
$hash2 = "\$2y\$10\$RxrT9Pqb7iABw0hmeP8DZeIPzf4LtRn43u.R/3GmuChSGZDX9Pkh.";
if(isset($_POST["sub"])) {
  $validUser = $_POST["username"] == "admin" && password_verify($_POST["password"], $hash);
  $validUser = $validUser || ($_POST["username"] == "lidia" && password_verify($_POST["password"], $hash2));
  if(!$validUser) $errorMsg = "Invalid username or password.";
  else{
	  $_SESSION["login"] = true;
	  $_SESSION["username"] = $_POST["username"];
  }
}
if($validUser) {
   header("Location: /index.php"); die();
}
include("include/header.php");
?>
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html;charset=utf-8" />
  <title>Login</title>
</head>
<body>
  <form name="input" action="" method="post">
    <label for="username">Username:</label><input type="text" value="<?= $_POST["username"] ?>" id="username" name="username" /><br/>
    <label for="password">Password:</label><input type="password" value="" id="password" name="password" />
    <div class="error"><?= $errorMsg ?></div>
    <input type="submit" value="Login" name="sub" />
  </form>
</body>
</html>