Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password is always invalid #5

Open
jmfergeau opened this issue Mar 27, 2018 · 1 comment
Open

Password is always invalid #5

jmfergeau opened this issue Mar 27, 2018 · 1 comment

Comments

@jmfergeau
Copy link

jmfergeau commented Mar 27, 2018

No matter how hard I try, the password is always invalid, even if it's right.

I tried with the password testing which has the hash CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90.
I've set in the config.php $backend_password = 'CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90';
Entering testing in the password field returns "invalid password". Also tried with a couple of other passwords and their hashes

@roccons
Copy link

roccons commented May 15, 2018

I had the exact same problem. This is because PHP is generating your hashed password as 'cf80cd8aed482d5d1527d7dc72fceff84e6326592848447d2dc0b0e87dfc9a90', which doesn't match the string you are obtained with the encoding tool.

You need to replace line 47 of file pico_edit.php from:
if( hash('sha256', $_POST['password'] ) == $this->password ) {
to
if( strtoupper( hash('sha256', $_POST['password'])) == $this->password ) {

I already submitted a pull request with this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants