]> git.wh0rd.org Git - tt-rss.git/commitdiff
fix security bug in login (only allow plaintext password 'password')
authorAndrew Dolgov <fox@bah.spb.su>
Wed, 28 Dec 2005 13:46:21 +0000 (14:46 +0100)
committerAndrew Dolgov <fox@bah.spb.su>
Wed, 28 Dec 2005 13:46:21 +0000 (14:46 +0100)
functions.php

index 97be0da2a6d28b0455e6147b34f67ec1334c9cf6..aececd8d9ad8116d6cbfebecc1039fb37cc2d4cf 100644 (file)
                $pwd_hash = 'SHA1:' . sha1($password);
 
                $result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE 
-                       login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
+                       login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password')
+                               OR pwd_hash = '$pwd_hash')");
 
                if (db_num_rows($result) == 1) {
                        $_SESSION["uid"] = db_fetch_result($result, 0, "id");