Use === operator in authentication.
This commit is contained in:
parent
e5bf2a91fc
commit
774e27caf5
@ -108,7 +108,7 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
|
||||
$user = $query->fetch();
|
||||
|
||||
// validate password hash
|
||||
if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
|
||||
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
|
||||
// Malformed cookies
|
||||
destroyCookies();
|
||||
error($config['error']['malformed']);
|
||||
|
Loading…
Reference in New Issue
Block a user