From 6acf188c2f3a4df999b043305b6117a6ae3f1ef4 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Thu, 30 Jan 2014 10:27:30 -0800
Subject: [PATCH] Don't store invalid credentials to session (bug #376)

---
 adminer/include/auth.inc.php | 2 +-
 changes.txt                  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index ef2d7dc3..f46030ed 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -109,7 +109,7 @@ function auth_error($exception = null) {
 }
 
 function set_password($vendor, $server, $username, $password) {
-	$_SESSION["pwds"][$vendor][$server][$username] = ($_COOKIE["adminer_key"]
+	$_SESSION["pwds"][$vendor][$server][$username] = ($_COOKIE["adminer_key"] && is_string($password)
 		? array(encrypt_string($password, $_COOKIE["adminer_key"]))
 		: $password
 	);
diff --git a/changes.txt b/changes.txt
index 7ad8f38f..e5e30488 100644
--- a/changes.txt
+++ b/changes.txt
@@ -2,6 +2,7 @@ Adminer 4.0.3-dev:
 MongoDB: insert, truncate, indexes
 SimpleDB, MongoDB: insert more fields at once
 SQLite: Fix creating table and altering primary key, bug since Adminer 4.0.0
+Don't store invalid credentials to session, bug since Adminer 4.0.0
 Norweigan translation
 
 Adminer 4.0.2 (released 2014-01-11):