Don't use shadow if the flag is not defined

server/conf.php

@@ -50,10 +50,7 @@ $PBKDF2_LEVEL=1000;
   encrypted login/password values and remove them.
   It's a kind of challenge.
 
-  This option is backward compatible with old version < 0.6, but
+  This option is backward compatible with old version < 0.6
-  once activated it cannot be reverted as access tokens will be
-  generated for all values. So, if you want to test it, make
-  a copy of your databases before !
 
   For now it's deactivated because it requires high cpu bandwidth
   (one derivation + two decryption for each password !). When

server/functions.php

@@ -251,6 +251,8 @@ function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow
 
 function list_entries($user)
 {
+    global $USE_SHADOW_LOGINS;
+
     $db = load_database($user);
 
     if ($db == null) return;
@@ -265,7 +267,7 @@ function list_entries($user)
     {
         if ($first) echo ",";
         else $first = true;
-        if (!strlen($row['shadow_login']))
+        if (!strlen($row['shadow_login']) || !$USE_SHADOW_LOGINS)
             echo "{\"login\" : \"" . $row['login'] . "\", \"password\" : \"" . $row['password'] . "\" }\n";
         else
             echo "{\"shadow_login\" : \"" . $row['shadow_login'] . "\", \"salt\" : \"" . $row['salt'] . "\" }\n";

server/index.php

@@ -18,9 +18,8 @@
   along with gPass.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-include('functions.php');
-
 include('conf.php');
+include('functions.php');
 
 session_start();