More cleaning up of the password checking logic.

jkufner · Nov 5, 2015 · 90677d7 · 90677d7
1 parent 9d6340d
commit 90677d7
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/index.php b/index.php
@@ -58,8 +58,8 @@
 }
 
 /**
- * Double check if a password has been configured. If there has not and we are
- * testing the server, exit with HTTP code 401.
+ * If we are testing the server and see that no password has been set, exit with
+ * HTTP code 401.
  */
 if (
     $testing &&
@@ -68,18 +68,18 @@
         !is_string($Password)
     )
 ) {
-    if ($testing) {
-        header($protocol . ' 401 Unauthorized');
-        exit();
-    }
+    header($protocol . ' 401 Unauthorized');
+    exit();
 }
 
 /**
- * If the client did not submit a password, or the submitted password did not
- * match this server's password, exit with HTTP code 403.
+ * Exit with HTTP code 403 if no password has been set on the server, or if the
+ * client did not submit a password, or the submitted password did not match
+ * this server's password.
  */
 if (
     !isset($Password) ||
+    !is_string($Password) ||
     !isset($_POST['password']) ||
     $_POST['password'] !== hash('sha512', $Password)
 ) {