Code:
function is_password_correct($password, $secret, $hash){
return ($hash == md5($secret . $password . $secret) || $hash == md5($secret . trim($password) . $secret));}
if(!is_password_correct($password, $row['secret'], $row['passhash'])){
stderr("Login failed!","<center><b>Error</b>: The username or password is not correct!</center><html><head><meta http-equiv='refresh' content='4;url=/'></head><body style='background:#2F4F4F no-repeat center center fixed;-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;'></body></html>");
}