Use === operator in authentication.
This commit is contained in:
parent
e5bf2a91fc
commit
774e27caf5
@ -49,7 +49,7 @@ function login($username, $password, $makehash=true) {
|
|||||||
'username' => $username,
|
'username' => $username,
|
||||||
'hash' => mkhash($username, $password),
|
'hash' => mkhash($username, $password),
|
||||||
'boards' => explode(',', $user['boards'])
|
'boards' => explode(',', $user['boards'])
|
||||||
);
|
);
|
||||||
} else return false;
|
} else return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -108,7 +108,7 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
|
|||||||
$user = $query->fetch();
|
$user = $query->fetch();
|
||||||
|
|
||||||
// validate password hash
|
// validate password hash
|
||||||
if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
|
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
|
||||||
// Malformed cookies
|
// Malformed cookies
|
||||||
destroyCookies();
|
destroyCookies();
|
||||||
error($config['error']['malformed']);
|
error($config['error']['malformed']);
|
||||||
|
Loading…
Reference in New Issue
Block a user