fix security bug in login (only allow plaintext password 'password')
This commit is contained in:
Andrew Dolgov
parent
4e51dd2bc0
commit
09829e2a32
1 changed files with 2 additions and 1 deletions
|
|
@ -685,7 +685,8 @@
|
||||||
$pwd_hash = 'SHA1:' . sha1($password);
|
$pwd_hash = 'SHA1:' . sha1($password);
|
||||||
|
|
||||||
$result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE
|
$result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE
|
||||||
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
|
login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password')
|
||||||
|
OR pwd_hash = '$pwd_hash')");
|
||||||
|
|
||||||
if (db_num_rows($result) == 1) {
|
if (db_num_rows($result) == 1) {
|
||||||
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
|
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue