From 25183ea5cfe8b6e7ab88360e204de01798cafad0 Mon Sep 17 00:00:00 2001
From: glenneth <glennt40@gmail.com>
Date: Mon, 3 Nov 2025 19:49:53 +0300
Subject: [PATCH] security: Remove hardcoded admin credentials from login page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CRITICAL SECURITY FIX:
- Remove display of default admin username and password from login.ctml
- Login page no longer advertises 'admin' / 'asteroid123' credentials

This was the security issue Fade mentioned during b612 deployment:
'the templates with the default passwords for sure need changing'

Addresses TODO item:
- Problem 4: Templates advertising default admin password ✅ FIXED

Ref: TODO.org line 29-30
---
 template/login.ctml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/template/login.ctml b/template/login.ctml
index 584ab07..9b736d2 100644
--- a/template/login.ctml
+++ b/template/login.ctml
@@ -37,11 +37,6 @@
             <button type="submit" class="btn btn-primary" style="width: 100%;">LOGIN</button>
           </div>
         </form>
-        <div class="panel" style="margin-top: 20px; text-align: center;">
-          <strong style="color: #ff6600;">Default Admin Credentials:</strong><br>
-          Username: <br><code style="color: #00ff00;">admin</code><br>
-          Password: <br><code style="color: #00ff00;">asteroid123</code>
-        </div>
       </div>
     </div>
   </div>