}
/* Test web password authentification. */
else if (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) {
- if ($cfg['admin_password'] === $_POST['admin_password'] ||
- $cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) {
+ if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) {
jirafeau_admin_session_start();
} else {
require(JIRAFEAU_ROOT . 'lib/template/header.php');
<td class = "label"><label for = "enter_password">
<?php echo t('ADMIN_PSW') . ':'; ?></label>
</td>
+ </tr>
+ <tr>
<td class = "field"><input type = "password"
name = "admin_password" id = "admin_password"
size = "40" />
</td>
</tr>
<tr class = "nav">
- <td></td>
<td class = "nav next">
<input type = "submit" name = "key" value =
"<?php echo t('LOGIN'); ?>" />
header('Content-Disposition: attachment; filename="' .
$l['file_name'] . '"');
if (file_exists(VAR_FILES . $p . $l['md5'])) {
- readfile(VAR_FILES . $p . $l['md5']);
+ $r = fopen(VAR_FILES . $p . $l['md5'], 'r');
+ while (!feof($r)) {
+ print fread($r, 1024);
+ ob_flush();
+ }
+ fclose($r);
}
exit;
}