forked from GNUsocial/gnu-social
never allow blank passwords
darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz
This commit is contained in:
parent
08a3c5ac7f
commit
4cc84c3225
@ -493,6 +493,10 @@ function common_munge_password($password, $id) {
|
|||||||
|
|
||||||
# check if a username exists and has matching password
|
# check if a username exists and has matching password
|
||||||
function common_check_user($nickname, $password) {
|
function common_check_user($nickname, $password) {
|
||||||
|
# NEVER allow blank passwords, even if they match the DB
|
||||||
|
if (mb_strlen($password) == 0) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$user = User::staticGet('nickname', $nickname);
|
$user = User::staticGet('nickname', $nickname);
|
||||||
if (is_null($user)) {
|
if (is_null($user)) {
|
||||||
return false;
|
return false;
|
||||||
|
Loading…
Reference in New Issue
Block a user