wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

never allow blank passwords

Browse Source 
darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz
This commit is contained in:
Evan Prodromou 2008-08-25 14:52:45 -04:00
parent 08a3c5ac7f
commit 4cc84c3225
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/util.php
View File

@ -493,6 +493,10 @@ function common_munge_password($password, $id) {
# check if a username exists and has matching password # check if a username exists and has matching password
function common_check_user($nickname, $password) { function common_check_user($nickname, $password) {
# NEVER allow blank passwords, even if they match the DB
if (mb_strlen($password) == 0) {
return false;
}
$user = User::staticGet('nickname', $nickname); $user = User::staticGet('nickname', $nickname);
if (is_null($user)) { if (is_null($user)) {
return false; return false;