fix security bug in login (only allow plaintext password 'password')

diff --git a/functions.php b/functions.php
index 97be0da2a6d28b0455e6147b34f67ec1334c9cf6..aececd8d9ad8116d6cbfebecc1039fb37cc2d4cf 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -685,7 +685,8 @@
                $pwd_hash = 'SHA1:' . sha1($password);
 
                $result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE 
-                       login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
+                       login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password')
+                               OR pwd_hash = '$pwd_hash')");
 
                if (db_num_rows($result) == 1) {
                        $_SESSION["uid"] = db_fetch_result($result, 0, "id");