forked from GNUsocial/gnu-social
never allow blank passwords
darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz
This commit is contained in:
parent
08a3c5ac7f
commit
4cc84c3225
@ -493,6 +493,10 @@ function common_munge_password($password, $id) {
|
||||
|
||||
# check if a username exists and has matching password
|
||||
function common_check_user($nickname, $password) {
|
||||
# NEVER allow blank passwords, even if they match the DB
|
||||
if (mb_strlen($password) == 0) {
|
||||
return false;
|
||||
}
|
||||
$user = User::staticGet('nickname', $nickname);
|
||||
if (is_null($user)) {
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user