summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@prodromou.name>2008-08-25 14:52:45 -0400
committerEvan Prodromou <evan@prodromou.name>2008-08-25 14:52:45 -0400
commit4cc84c3225fb1ba5ac1641b5c73bf2821ff74011 (patch)
tree08c76c70bc2627c72c784a46af3d84bb8bcb6fec
parent08a3c5ac7f88f86e28dce0e899ac36433a68add0 (diff)
never allow blank passwords
darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz
-rw-r--r--lib/util.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/util.php b/lib/util.php
index efd86ad50..e14cc36ac 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -493,6 +493,10 @@ function common_munge_password($password, $id) {
# check if a username exists and has matching password
function common_check_user($nickname, $password) {
+ # NEVER allow blank passwords, even if they match the DB
+ if (mb_strlen($password) == 0) {
+ return false;
+ }
$user = User::staticGet('nickname', $nickname);
if (is_null($user)) {
return false;