[BUGFIX] Empty admin password should not generate hash

During installation, a empty admin password should put an empty
password in configuration so admin interface is disabled.
Before this fix, a empty password would be a valid password
without disabling the admin interface.

Signed-off-by: Jerome Jutteau <j.jutteau@gmail.com>

diff --git a/install.php b/install.php
index 2739bc8ab7a103202927321a04bed920c40bc1e5..b400988b2ac38d0f778cfe89d082eb64e1e653f0 100644 (file)
--- a/install.php
+++ b/install.php
@@ -154,7 +154,11 @@ if (isset($_POST['step']) && isset($_POST['next'])) {
         break;
 
     case 2:
-        $cfg['admin_password'] = hash('sha256', $_POST['admin_password']);
+        if (strlen($_POST['admin_password'])) {
+            $cfg['admin_password'] = hash('sha256', $_POST['admin_password']);
+        } else {
+            $cfg['admin_password'] = '';
+        }
         jirafeau_export_cfg($cfg);
         break;