From: Jerome Jutteau <j.jutteau@gmail.com>
Date: Fri, 21 Apr 2017 16:43:26 +0000 (+0000)
Subject: [BUGFIX] Empty admin password should not generate hash
X-Git-Tag: 3.2.0~1
X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/commitdiff_plain/e2d6cda643fb68b8f831ee7e4337d5e198cc83dd

[BUGFIX] Empty admin password should not generate hash

During installation, a empty admin password should put an empty
password in configuration so admin interface is disabled.
Before this fix, a empty password would be a valid password
without disabling the admin interface.

Signed-off-by: Jerome Jutteau <j.jutteau@gmail.com>
---

diff --git a/install.php b/install.php
index 2739bc8..b400988 100644
--- a/install.php
+++ b/install.php
@@ -154,7 +154,11 @@ if (isset($_POST['step']) && isset($_POST['next'])) {
         break;
 
     case 2:
-        $cfg['admin_password'] = hash('sha256', $_POST['admin_password']);
+        if (strlen($_POST['admin_password'])) {
+            $cfg['admin_password'] = hash('sha256', $_POST['admin_password']);
+        } else {
+            $cfg['admin_password'] = '';
+        }
         jirafeau_export_cfg($cfg);
         break;