Put auth hashs in conf file

conf/config.php

@@ -36,3 +36,8 @@ $oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv
 $oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
 $oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
 $oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
+
+// auth (sha256 hashs)
+$oriconf['logins'] = array();
+//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
+//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';

inc/auth.php

@@ -13,16 +13,11 @@
  * @version 1.0
  */
 
-// sha256 hashs (TODO: move in conf file)
-$logins=array();
-$logins['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
-$logins['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
-
 if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
   $username=$_POST['login'];
   $password=$_POST['passw'];
 
-  if (hash("sha256",$password) == $logins[$username]) {
+  if (hash("sha256",$password) == $conf['logins'][$username]) {
     $_SESSION['auth']=1;
     $_SESSION['user']=$username;
     $_SESSION['error']='';