From f45aaf86ea05ed48aff469bdfa61cec93020c023 Mon Sep 17 00:00:00 2001 From: Jerome Jutteau Date: Thu, 12 Sep 2019 11:02:40 +0200 Subject: [PATCH 1/1] [TASK] Remove plaintext password support Finally remove support for admin password in plaintext Signed-off-by: Jerome Jutteau --- admin.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/admin.php b/admin.php index 6560f10..3e8f517 100644 --- a/admin.php +++ b/admin.php @@ -65,8 +65,7 @@ if (php_sapi_name() == "cli") { } /* Test web password authentification. */ else if (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) { - if ($cfg['admin_password'] === $_POST['admin_password'] || - $cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) { + if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) { jirafeau_admin_session_start(); } else { require(JIRAFEAU_ROOT . 'lib/template/header.php'); -- 2.34.1