Password is always invalid

[jmfergeau]

No matter how hard I try, the password is always invalid, even if it's right.

I tried with the password testing which has the hash CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90. I've set in the config.php $backend_password = 'CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90'; Entering testing in the password field returns "invalid password". Also tried with a couple of other passwords and their hashes

[roccons]

I had the exact same problem. This is because PHP is generating your hashed password as 'cf80cd8aed482d5d1527d7dc72fceff84e6326592848447d2dc0b0e87dfc9a90', which doesn't match the string you are obtained with the encoding tool.

You need to replace line 47 of file pico_edit.php from: if( hash('sha256', $_POST['password'] ) == $this->password ) { to if( strtoupper( hash('sha256', $_POST['password'])) == $this->password ) {

I already submitted a pull request with this fix.