From 9c9883134402a9704fc3d9a16cf147bf5a245b74 Mon Sep 17 00:00:00 2001 From: David Date: Sat, 10 Nov 2018 17:08:44 +0100 Subject: [PATCH] =?UTF-8?q?#8=20P=C3=A9pite=20du=20mot=20de=20passe=20admi?= =?UTF-8?q?n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf-dist.php | 6 +----- emailPoubelleAdmin.php | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/conf-dist.php b/conf-dist.php index 9ecf496..3a6ea6b 100644 --- a/conf-dist.php +++ b/conf-dist.php @@ -88,12 +88,8 @@ define('MAINTENANCE_MODE', false); define('MAINTENANCE_IP', '10.0.0.1'); -// Usage de password-hash https://php.net/manual/fr/function.password-hash.php -// Vous pouvez crtyper le mot de passe en ligne avec les outils : -// http://www.passwordtool.hu/php5-password-hash-generator -// https://php-password-hash-online-tool.herokuapp.com/password_hash (PASSWORD_DEFAULT, no auto-generated, no cost 10) // Mot de passe par défaut "admin" : -define('ADMIN_PASSWORD', '$2y$10$BncfiLy8VEYtkLVIlL5Ar.TVPY9Q3KbllJrdHNuSU5WCRnKafWM5K'); +define('ADMIN_PASSWORD', 'admin'); ?> diff --git a/emailPoubelleAdmin.php b/emailPoubelleAdmin.php index 394e55f..b669d3d 100644 --- a/emailPoubelleAdmin.php +++ b/emailPoubelleAdmin.php @@ -17,7 +17,7 @@ if (isset($_POST['adminPassword'])) { $_SESSION['adminPasswordHash'] = password_hash($_POST['adminPassword'], PASSWORD_DEFAULT); } if (isset($_SESSION['adminPasswordHash'])) { - if (password_verify('admin', $_SESSION['adminPasswordHash'])) { + if (password_verify(ADMIN_PASSWORD, $_SESSION['adminPasswordHash'])) { $auth=true; } else { $auth=false;