Use === operator in authentication.

This commit is contained in:
Michael Save 2013-01-29 22:13:35 +11:00
parent e5bf2a91fc
commit 774e27caf5

View File

@ -108,7 +108,7 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
$user = $query->fetch();
// validate password hash
if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies
destroyCookies();
error($config['error']['malformed']);