No longer passing through old password

This is now picked up from config.php prior to any changes No need to pass through at all and removed as its a security risk
2026-03-03 07:13:59 +01:00 · 2012-06-24 12:59:28 +01:00
parent cb3f87d4d9
commit 0de026fc2b
2 changed files with 1 additions and 2 deletions
--- a/lib/settings-screen.php
+++ b/lib/settings-screen.php
@@ -90,7 +90,6 @@ new password <span style="font-size: 10px; color: #888">8 chars</span><br>
 <input type="password" name="accountPassword" onkeydown="showButton()"><br>
 confirm password<br>
 <input type="password" name="confirmPassword" onkeydown="showButton()"><br>
-<input type="hidden" name="oldPassword" value="<?php echo $accountPassword; ?>">
 <br>
 restricted files/folders<br>
 <input type="text" onkeydown="document.settings.changedFileSettings.value='true';showButton()" name="restrictedFiles" value="<?php for($i=0;$i<=count($restrictedFiles)-1;$i++) {echo $restrictedFiles[$i]; if ($i<count($restrictedFiles)-1) {echo ', ';};}; ?>"><br>
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -41,7 +41,7 @@ if (isset($_POST["theme"]) && $_POST["theme"] && $_SESSION['userLevel'] == 10) {
 	if ($_POST['codeAssist'])		{$codeAssist = "true";} else {$codeAssist = "false";};
 	if ($_POST['visibleTabs'])		{$visibleTabs = "true";} else {$visibleTabs = "false";};
 	if ($_POST['lockedNav'])		{$lockedNav = "true";} else {$lockedNav = "false";};
-	if ($_POST['accountPassword']!="")	{$accountPassword = generateHash(strClean($_POST['accountPassword']));} else {$accountPassword = strClean($_POST['oldPassword']);};
+	if ($_POST['accountPassword']!="")	{$accountPassword = generateHash(strClean($_POST['accountPassword']));};
 	$restrictedFiles			= 'array("'.str_replace(', ','","',strClean($_POST['restrictedFiles'])).'")';
 	$bannedFiles				= 'array("'.str_replace(', ','","',strClean($_POST['bannedFiles'])).'")';
 	$allowedIPs				= 'array("'.str_replace(', ','","',strClean($_POST['allowedIPs'])).'")';