kashire/lainchan
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use === operator in authentication.

Browse Source
This commit is contained in:
Michael Save 2013-01-29 22:13:35 +11:00
parent e5bf2a91fc
commit 774e27caf5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
inc/mod/auth.php
View File

@ -49,7 +49,7 @@ function login($username, $password, $makehash=true) {
'username' => $username,
'hash' => mkhash($username, $password),
'boards' => explode(',', $user['boards'])
);
);
} else return false;
}
@ -108,7 +108,7 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
$user = $query->fetch();
// validate password hash
if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies
destroyCookies();
error($config['error']['malformed']);