From: Andrew Dolgov <fox@bah.spb.su>
Date: Wed, 28 Dec 2005 13:46:21 +0000 (+0100)
Subject: fix security bug in login (only allow plaintext password 'password')
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=09829e2a32770772fa07ce2eff958dc0050939c0;p=tt-rss.git

fix security bug in login (only allow plaintext password 'password')
---

diff --git a/functions.php b/functions.php
index 97be0da2..aececd8d 100644
--- a/functions.php
+++ b/functions.php
@@ -685,7 +685,8 @@
 		$pwd_hash = 'SHA1:' . sha1($password);
 
 		$result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE 
-			login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
+			login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password')
+				OR pwd_hash = '$pwd_hash')");
 
 		if (db_num_rows($result) == 1) {
 			$_SESSION["uid"] = db_fetch_result($result, 0, "id");