remove support for plain-text passwords

3 files changed, 5 insertions, 4 deletions

diff --git a/functions.php b/functions.php
index 931774cfd..a7a17f9b5 100644
--- a/functions.php
+++ b/functions.php
@@ -740,8 +740,7 @@
 		$pwd_hash = 'SHA1:' . sha1($password);
 
 		$result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE 
-			login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password')
-				OR pwd_hash = '$pwd_hash')");
+			login = '$login' AND pwd_hash = '$pwd_hash'");
 
 		if (db_num_rows($result) == 1) {
 			$_SESSION["uid"] = db_fetch_result($result, 0, "id");
diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql
index c2357f5b5..a5a6f1db4 100644
--- a/schema/ttrss_schema_mysql.sql
+++ b/schema/ttrss_schema_mysql.sql
@@ -34,7 +34,8 @@ create table ttrss_users (id integer primary key not null auto_increment,
 	index (theme_id),
 	foreign key (theme_id) references ttrss_themes(id)) TYPE=InnoDB;
 
-insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 'password', 10);
+insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 
+	'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 10);
 
 create table ttrss_feed_categories(id integer not null primary key auto_increment,
 	owner_uid integer not null,
diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql
index 2ac43fd6d..4c064bed6 100644
--- a/schema/ttrss_schema_pgsql.sql
+++ b/schema/ttrss_schema_pgsql.sql
@@ -32,7 +32,8 @@ create table ttrss_users (id serial not null primary key,
 	email varchar(250) not null default '',
 	theme_id integer references ttrss_themes(id) default null);
 
-insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 'password', 10);
+insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 
+	'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 10);
 
 create table ttrss_feed_categories(id serial not null primary key,
 	owner_uid integer not null references ttrss_users(id) on delete cascade,