Commit 458c354f authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Use the salt being null for plaintext check instead of **

parent da12a397
...@@ -64,11 +64,11 @@ class Auth_Internal extends Auth { ...@@ -64,11 +64,11 @@ class Auth_Internal extends Auth {
} }
private static function validate_password($theysent, $wehave, $salt) { private static function validate_password($theysent, $wehave, $salt) {
if (substr($wehave, 0, 2) == '**') { if ($salt == null) {
// This allows "plaintext" passwords, which are eaiser for an admin to // This allows "plaintext" passwords, which are eaiser for an admin to
// create by hacking in the database directly. The application does not // create by hacking in the database directly. The application does not
// create passwords in this form. // create passwords in this form.
return "**$theysent" == $wehave; return $theysent == $wehave;
} }
// The main type - a salted sha1 // The main type - a salted sha1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment