Commit 458c354f authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Use the salt being null for plaintext check instead of **

parent da12a397
......@@ -64,11 +64,11 @@ class Auth_Internal extends Auth {
}
private static function validate_password($theysent, $wehave, $salt) {
if (substr($wehave, 0, 2) == '**') {
if ($salt == null) {
// This allows "plaintext" passwords, which are eaiser for an admin to
// create by hacking in the database directly. The application does not
// create passwords in this form.
return "**$theysent" == $wehave;
return $theysent == $wehave;
}
// The main type - a salted sha1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment