No longer passing through old password

This is now picked up from config.php prior to any changes No need to pass through at all and removed as its a security risk
icecoder · Jun 24, 2012 · 0de026f · 0de026f
1 parent cb3f87d
commit 0de026f
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/lib/settings-screen.php b/lib/settings-screen.php
@@ -90,7 +90,6 @@
 <input type="password" name="accountPassword" onkeydown="showButton()"><br>
 confirm password<br>
 <input type="password" name="confirmPassword" onkeydown="showButton()"><br>
-<input type="hidden" name="oldPassword" value="<?php echo $accountPassword; ?>">
 <br>
 restricted files/folders<br>
 <input type="text" onkeydown="document.settings.changedFileSettings.value='true';showButton()" name="restrictedFiles" value="<?php for($i=0;$i<=count($restrictedFiles)-1;$i++) {echo $restrictedFiles[$i]; if ($i<count($restrictedFiles)-1) {echo ', ';};}; ?>"><br>

diff --git a/lib/settings.php b/lib/settings.php
@@ -41,7 +41,7 @@ function numClean($var) {
 	if ($_POST['codeAssist'])		{$codeAssist = "true";} else {$codeAssist = "false";};
 	if ($_POST['visibleTabs'])		{$visibleTabs = "true";} else {$visibleTabs = "false";};
 	if ($_POST['lockedNav'])		{$lockedNav = "true";} else {$lockedNav = "false";};
-	if ($_POST['accountPassword']!="")	{$accountPassword = generateHash(strClean($_POST['accountPassword']));} else {$accountPassword = strClean($_POST['oldPassword']);};
+	if ($_POST['accountPassword']!="")	{$accountPassword = generateHash(strClean($_POST['accountPassword']));};
 	$restrictedFiles			= 'array("'.str_replace(', ','","',strClean($_POST['restrictedFiles'])).'")';
 	$bannedFiles				= 'array("'.str_replace(', ','","',strClean($_POST['bannedFiles'])).'")';
 	$allowedIPs				= 'array("'.str_replace(', ','","',strClean($_POST['allowedIPs'])).'")';