diff options
| author | Evan Prodromou <evan@prodromou.name> | 2008-08-25 14:52:45 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@prodromou.name> | 2008-08-25 14:52:45 -0400 |
| commit | 4cc84c3225fb1ba5ac1641b5c73bf2821ff74011 (patch) | |
| tree | 08c76c70bc2627c72c784a46af3d84bb8bcb6fec | |
| parent | 08a3c5ac7f88f86e28dce0e899ac36433a68add0 (diff) | |
never allow blank passwords
darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz
| -rw-r--r-- | lib/util.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/util.php b/lib/util.php index efd86ad50..e14cc36ac 100644 --- a/lib/util.php +++ b/lib/util.php @@ -493,6 +493,10 @@ function common_munge_password($password, $id) { # check if a username exists and has matching password function common_check_user($nickname, $password) { + # NEVER allow blank passwords, even if they match the DB + if (mb_strlen($password) == 0) { + return false; + } $user = User::staticGet('nickname', $nickname); if (is_null($user)) { return false; |