auth_internal: use type-strict comparison when checking OTP code

author: Andrew Dolgov <[email protected]> 2020-09-17 08:46:57 +0300
committer: Andrew Dolgov <[email protected]> 2020-09-17 08:46:57 +0300
commit: 0757ad04066019ec670ef97c07462ef02331cf45 (patch)
tree: 23998c7cd0061dc66979d0a58348eb2209d9d82c /plugins/auth_internal/init.php
parent: 89d53a7f492c3875b14cf1c259c8049ff3757b6a (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index ad32d29b9..d029e249e 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -52,7 +52,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
 						$totp_legacy = new \OTPHP\TOTP($secret_legacy);
 						$otp_check_legacy = $totp_legacy->now();
 
-						if ($otp != $otp_check && $otp != $otp_check_legacy) {
+						if ($otp !== $otp_check && $otp !== $otp_check_legacy) {
 							return false;
 						}
 					} else {
@@ -260,8 +260,8 @@ class Auth_Internal extends Plugin implements IAuthModule {
 	}
 
 	private function check_app_password($login, $password, $service) {
-		$sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid 
-			FROM ttrss_app_passwords p, ttrss_users u 
+		$sth = $this->pdo->prepare("SELECT p.id, p.pwd_hash, u.id AS uid
+			FROM ttrss_app_passwords p, ttrss_users u
 			WHERE p.owner_uid = u.id AND u.login = ? AND service = ?");
 		$sth->execute([$login, $service]);
author	Andrew Dolgov <[email protected]>	2020-09-17 08:46:57 +0300
committer	Andrew Dolgov <[email protected]>	2020-09-17 08:46:57 +0300
commit	0757ad04066019ec670ef97c07462ef02331cf45 (patch)
tree	23998c7cd0061dc66979d0a58348eb2209d9d82c /plugins/auth_internal/init.php
parent	89d53a7f492c3875b14cf1c259c8049ff3757b6a (diff)