]> git.p6c8.net - jirafeau_mojo42.git/commitdiff
[BUGFIX] Empty admin password should not generate hash
authorJerome Jutteau <j.jutteau@gmail.com>
Fri, 21 Apr 2017 16:43:26 +0000 (16:43 +0000)
committerJerome Jutteau <j.jutteau@gmail.com>
Fri, 21 Apr 2017 16:43:26 +0000 (16:43 +0000)
During installation, a empty admin password should put an empty
password in configuration so admin interface is disabled.
Before this fix, a empty password would be a valid password
without disabling the admin interface.

Signed-off-by: Jerome Jutteau <j.jutteau@gmail.com>
install.php

index 2739bc8ab7a103202927321a04bed920c40bc1e5..b400988b2ac38d0f778cfe89d082eb64e1e653f0 100644 (file)
@@ -154,7 +154,11 @@ if (isset($_POST['step']) && isset($_POST['next'])) {
         break;
 
     case 2:
         break;
 
     case 2:
-        $cfg['admin_password'] = hash('sha256', $_POST['admin_password']);
+        if (strlen($_POST['admin_password'])) {
+            $cfg['admin_password'] = hash('sha256', $_POST['admin_password']);
+        } else {
+            $cfg['admin_password'] = '';
+        }
         jirafeau_export_cfg($cfg);
         break;
 
         jirafeau_export_cfg($cfg);
         break;
 

patrick-canterino.de