Use === operator in authentication.

This commit is contained in:
Michael Save 2013-01-29 22:13:35 +11:00
parent e5bf2a91fc
commit 774e27caf5

View File

@ -49,7 +49,7 @@ function login($username, $password, $makehash=true) {
'username' => $username, 'username' => $username,
'hash' => mkhash($username, $password), 'hash' => mkhash($username, $password),
'boards' => explode(',', $user['boards']) 'boards' => explode(',', $user['boards'])
); );
} else return false; } else return false;
} }
@ -108,7 +108,7 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
$user = $query->fetch(); $user = $query->fetch();
// validate password hash // validate password hash
if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) { if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies // Malformed cookies
destroyCookies(); destroyCookies();
error($config['error']['malformed']); error($config['error']['malformed']);