// Admin is not registered so we have to inform the user
if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
- // Hash the password with our new generateHash() function
- $hashedPass = generateHash($_POST['pass']);
-
- // If the password has not been hashed we have to fall-back to md5()
- if ($hashedPass == $_POST['pass']) $hashedPass = md5($hashedPass);
+ // Hash the password with the old function because we are here in install mode
+ $hashedPass = md5($hashedPass);
// Do registration
$ret = REGISTER_ADMIN($_POST['login'], $hashedPass);
switch ($ret)
{
case "done":
- admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0);
+ admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
if (!_FATAL) {
// Registering is done
LOAD_URL(URL."/modules.php?module=admin&action=login®ister=done");
}
if (!isBooleanConstantAndTrue('admin_registered')) {
// Write to config that registration is done
- admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0);
+ admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
// Load URL for login
$URL = URL."/modules.php?module=admin&action=login";
// Try to register the session variables
if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)))) && (set_session("admin_login", $_POST['login'])) && (set_session("admin_last", time())) && (set_session("admin_to", $_POST['timeout']))) {
// Construct URL and redirect
- die("OK");
$URL = URL."/modules.php?module=admin&";
// Rewrite overview module
}
} else {
// Maybe an Admin want's to login?
- $ret = CHECK_ADMIN_COOKIES('admin_login', 'admin_md5');
+ $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5')));
switch ($ret) {
case "done":
// Cookie-Data accepted