# HG changeset patch
# User Ethan Zonca <ez@ethanzonca.com>
# Date 2010-12-02 22:02:07
# Node ID 6c07ae1b7762c3c5ec50887030952089a4c44a04
# Parent  f1b1459508704c1ef10a784a7ebd97a1750ba179

Config changes and minor fixes for admin auth

diff --git a/admin.php b/admin.php
--- a/admin.php
+++ b/admin.php
@@ -25,10 +25,11 @@
   if(!isset($admin_pass)) {
     echo "<p>Administration password not configured. See config.inc for more information.</p>";
     $adminpage->foot();
+    exit;
   }
 
   // Force authentication
-  else if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_PW'] != $admin_pass) {
+  else if (!isset($_SERVER['PHP_AUTH_USER']) || (!isset($_SERVER['PHP_AUTH_PW'])) || $_SERVER['PHP_AUTH_PW'] != $admin_pass) {
     header('WWW-Authenticate: Basic realm="My Realm"');
     header('HTTP/1.0 401 Unauthorized');
     echo '<p>You must authenticate to view this page.</p>';
diff --git a/inc/config.inc.example b/inc/config.inc.example
--- a/inc/config.inc.example
+++ b/inc/config.inc.example
@@ -68,4 +68,10 @@
 /* $reCaptcha_priv = ''; */
 /* $reCaptcha_pub = ''; */ 
 
+/**
+ * \brief
+ *   Password to be used for administration page (admin.php). Setting this variable enables the administration page.
+ *
+ */
+/* $admin_pass = ''; */