paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fix password issue on first login when adding new admin

master
andryyy 2021-09-06 11:46:09 +02:00
parent bc7714b8f3
commit 4d5ebafc1a
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
data/web/inc/functions.admin.inc.php
View File

@ -15,8 +15,8 @@ function admin($_action, $_data = null) {
!isset($_data_log['password2']) ?: $_data_log['password2'] = '*'; !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
switch ($_action) { switch ($_action) {
case 'add': case 'add':
$username = strtolower(trim($_data['username'])); $username = strtolower(trim($_data['username']));
$password = $_data['password']; $password = $_data['password'];
$password2 = $_data['password2']; $password2 = $_data['password2'];
$active = intval($_data['active']); $active = intval($_data['active']);
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') { if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
@ -51,7 +51,7 @@ function admin($_action, $_data = null) {
if (password_check($password, $password2) !== true) { if (password_check($password, $password2) !== true) {
return false; return false;
} }
$password_hashed = hash_password($password_new); $password_hashed = hash_password($password);
$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`) $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
VALUES (:username, :password_hashed, '1', :active)"); VALUES (:username, :password_hashed, '1', :active)");
$stmt->execute(array( $stmt->execute(array(