--- html/login.php 2008-07-24 16:57:13.000000000 +0200
+++ html/login.php.orig 2011-10-11 18:18:00.000000000 +0200
@@ -188,9 +188,16 @@
# fixed $ServerID, $user_prefix, $hostname, $master_confixx
#
+ /* don't store password in session unless necessary */
+ if (!in_array($_POST['_cat'], array("ftp", "pop3")))
+ $_POST['password'] = "";
+
addSUser( $account_info['login'],
$_POST['password'],
$account_info['type'] );
+
+ /* delete password */
+ $_POST['password'] = "";
if( $account_info['type'] == USERTYPE_MASTER ){