Cookie auth now autogenerates blowfish_secret, but it has some limitations and you still should set it in config file

2008-09-03 13:27:43 +00:00
parent 737b292e0d
commit 85cdc82d4d
4 changed files with 45 additions and 30 deletions
--- a/main.php
+++ b/main.php
@@ -283,6 +283,14 @@ if (! @extension_loaded('mbstring')) {
    trigger_error($strMbExtensionMissing, E_USER_WARNING);
 }

+/**
+ * Check if user does not have defined blowfish secret and it is being used.
+ */
+if (!empty($_SESSION['auto_blowfish_secret']) &&
+        empty($GLOBALS['cfg']['blowfish_secret'])) {
+    trigger_error($strSecretRequired, E_USER_WARNING);
+}
+
 /**
 * Warning about different MySQL library and server version
 * (a difference on the third digit does not count).