[Bug] Admin Password as plaintext

[Inf3rnal]

[Fixed] Admin Password as plaintext

When installing the script. You make the admin account before you add the salt.
This ends up making the admin password plaintext and there for useless to login.

Example:
Install new site fill out admin information as:

Username: 1
Password: 1

In the database your password ends up as:
1 (In plain text.)

When you login using "1" it fails due to not being hashed & salted.
Basically the admin account your create in the install is useless.

EDIT:
I figured it out. There is a link on the last page of the install a few lines above the "View Your Website" link.
It's says "Encrypt My Password".

Sorry for the confusion.

 

[RoconzaArt]

I had to make a new account and change it to admin with the database even though I used userencrypt.php

 

[Hall of Famer]

Well this is not a glitch at all... Did you run the adminencrypt.php? If not, do it right now as it will encrypt your password to 128 characters SHA512 format with salts and pepper merged.

 

[RoconzaArt]

I dunno I my self ran userencrypt.php and it still could not login.

 

[alonaria]

It worked perfectly fine for me. Odd.

 

[Inf3rnal]

Actually I just noticed the admincrypt.php part a few minutes ago...

Yeah disregard this clicking the admincrypt.php link after submitting fixes everything.

 

[Hall of Famer]

I see, good to know you've fixed the problem. The reason the installer was designed this way was that it always generated an error/warning message if I include functions.php in the installer(looks like the session script was the cause, but I cant seem to fix it atm). Because of this, no pre-defined functions can be loaded within installer and you will have to encrypt passwords after installation. It was then the pre-defined functions such as grabanysettings() and passencr() can be used.