diff options
author | Andrew Dolgov <[email protected]> | 2005-12-28 14:46:21 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2005-12-28 14:46:21 +0100 |
commit | 09829e2a32770772fa07ce2eff958dc0050939c0 (patch) | |
tree | 11a4690de52d372bfaa285c2af1a2176619b551a /functions.php | |
parent | 4e51dd2bc09dd7931b50c29f3aa17141bc6bdaa0 (diff) |
fix security bug in login (only allow plaintext password 'password')
Diffstat (limited to 'functions.php')
-rw-r--r-- | functions.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/functions.php b/functions.php index 97be0da2a..aececd8d9 100644 --- a/functions.php +++ b/functions.php @@ -685,7 +685,8 @@ $pwd_hash = 'SHA1:' . sha1($password); $result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE - login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')"); + login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password') + OR pwd_hash = '$pwd_hash')"); if (db_num_rows($result) == 1) { $_SESSION["uid"] = db_fetch_result($result, 0, "id"); |