Revision 40d26f65
Added by Jim Pingle almost 7 years ago
| src/usr/local/www/head.inc | ||
|---|---|---|
| 546 | 546 |
if ($_SESSION['Username'] == "admin") {
|
| 547 | 547 |
$cu = getUserEntry("admin");
|
| 548 | 548 |
|
| 549 |
if ($cu['bcrypt-hash'] == '$2b$10$13u6qwCOwODv34GyCMgdWub6oQF3RX0rG7c3d3X4JvzuEmAXLYDd2') {
|
|
| 550 |
print('<div class="alert alert-danger">' . gettext('<strong>WARNING:</strong> The <i>admin</i> account password is still set to the default. ' .
|
|
| 549 |
if (password_verify($g['factory_shipped_password'], $cu['bcrypt-hash'])) {
|
|
| 550 |
print('<div class="alert alert-danger">' . gettext('<strong>WARNING:</strong> The <i>admin</i> account password is set to the default value. ' .
|
|
| 551 | 551 |
' <a href="/system_usermanager.php?act=edit&userid=' . $cu['uid'] . '">Change the <i>admin</i> password in the User Manager.</a>') . |
| 552 | 552 |
'</div>'); |
| 553 | 553 |
} |
Also available in: Unified diff
Test the password, not the hash, or it won't detect if the user reset password from the console or otherwise changed it to the default manually. Issue #8596