config: harden admin page password handling

src/game/config.cpp

@@ -75,7 +75,7 @@ string g_stDefaultQuestObjectDir = "./quest/object";
 std::set<string> g_setQuestObjectDir;
 
 std::vector<std::string>	g_stAdminPageIP;
-std::string	g_stAdminPagePassword = "SHOWMETHEMONEY";
+std::string	g_stAdminPagePassword;
 
 string g_stBlockDate = "30000705";
 
@@ -195,7 +195,17 @@ static void FN_log_adminpage()
 		++iter;
 	}
 
-	sys_log(1, "ADMIN_PAGE_PASSWORD = %s", g_stAdminPagePassword.c_str());
+	sys_log(1, "ADMIN_PAGE_PASSWORD = %s", g_stAdminPagePassword.empty() ? "[disabled]" : "[configured]");
+}
+
+static void FN_apply_adminpage_password_env()
+{
+	const char* env_password = std::getenv("METIN2_ADMINPAGE_PASSWORD");
+
+	if (!env_password)
+		return;
+
+	g_stAdminPagePassword = env_password;
 }
 
 
@@ -1128,6 +1138,7 @@ void config_init(const string& st_localeServiceName)
 	LoadStateUserCount();
 
 	CWarMapManager::instance().LoadWarMapInfo(NULL);
+	FN_apply_adminpage_password_env();
 
 	FN_log_adminpage();
 }
@@ -1238,4 +1249,3 @@ bool IsValidFileCRC(DWORD dwCRC)
 	return s_set_dwFileCRC.find(dwCRC) != s_set_dwFileCRC.end();
 }
 
-

src/game/input.cpp

@@ -245,7 +245,7 @@ int CInputHandshake::HandleText(LPDESC d, const char * c_pData)
 			stResult = "YES";
 	}
 	//else if (!stBuf.compare("SHOWMETHEMONEY"))
-	else if (stBuf == g_stAdminPagePassword)
+	else if (!g_stAdminPagePassword.empty() && stBuf == g_stAdminPagePassword)
 	{
 		if (!IsEmptyAdminPage())
 		{