]> git.p6c8.net - jirafeau_project.git/commitdiff
git.p6c8.net / jirafeau_project.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f07477c)
[TASK] Remove plaintext password support
authorJerome Jutteau <jerome@jutteau.fr>
Thu, 12 Sep 2019 09:02:40 +0000 (11:02 +0200)
committerJerome Jutteau <jerome@jutteau.fr>
Thu, 12 Sep 2019 09:02:40 +0000 (11:02 +0200)
Finally remove support for admin password in plaintext

Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
admin.php patch | blob | history

diff --git a/admin.php b/admin.php
index 6560f10dc7a3d0f56bfac3203d42ba4741f08bc5..3e8f51712e943ffb930862b10c1ec4c19c39f008 100644 (file)
--- a/admin.php
+++ b/admin.php
@@ -65,8 +65,7 @@ if (php_sapi_name() == "cli") {
       }
       /* Test web password authentification. */
       else if (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) {
       }
       /* Test web password authentification. */
       else if (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) {
-          if ($cfg['admin_password'] === $_POST['admin_password'] ||
-              $cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) {
+          if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) {
               jirafeau_admin_session_start();
           } else {
               require(JIRAFEAU_ROOT . 'lib/template/header.php');
               jirafeau_admin_session_start();
           } else {
               require(JIRAFEAU_ROOT . 'lib/template/header.php');
Fork of Jirafeau by a group of developers after mojo42 discontinued it; main repository at https://gitlab.com/jirafeau/Jirafeau

patrick-canterino.de