arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Cannot check for valid password when authenticating, because people might have passwords that dont match the "new" requirements

Browse Source 
Also simplify some of the code (why bother assigning temp vars just to compare?)
This commit is contained in:
james 2007-11-19 21:28:15 +00:00
parent 25de3ace41
commit 93011c9883
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
user_login.php
View File

@ -30,13 +30,16 @@
{ {
/* Ensure sanity of inputs, user should be an email address, but it's stored /* Ensure sanity of inputs, user should be an email address, but it's stored
* in the username field */ * in the username field */
$x = isEmailAddress($user); if(!isEmailAddress($user)) {
if($x == false) {
/* It's possible that it's a username */ /* It's possible that it's a username */
if(user_valid_user($user) == false) return false; if(!user_valid_user($user)) return false;
} }
$x = user_valid_password($pass);
if($x == false) return false; //we cannot check for a valid_password here, because converted users dont enforce password length of 6 which user_valid_password does.
//all we can do is check if its a length >0
//$x = user_valid_password($pass);
if(!strlen($pass))
return false;
$q = mysql_query("SELECT id,username,password $q = mysql_query("SELECT id,username,password
FROM users FROM users