From: Jerome Jutteau Date: Thu, 12 Sep 2019 09:02:40 +0000 (+0200) Subject: [TASK] Remove plaintext password support X-Git-Tag: 4.0.0~19 X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/f45aaf86ea05ed48aff469bdfa61cec93020c023?ds=inline [TASK] Remove plaintext password support Finally remove support for admin password in plaintext Signed-off-by: Jerome Jutteau --- diff --git a/admin.php b/admin.php index 6560f10..3e8f517 100644 --- a/admin.php +++ b/admin.php @@ -65,8 +65,7 @@ if (php_sapi_name() == "cli") { } /* Test web password authentification. */ else if (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) { - if ($cfg['admin_password'] === $_POST['admin_password'] || - $cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) { + if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) { jirafeau_admin_session_start(); } else { require(JIRAFEAU_ROOT . 'lib/template/header.php');