gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 23:42:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check password even for guests if set

Browse Source
This commit is contained in:
Uwe Steinmann 2016-03-23 12:32:47 +01:00
parent 22e2c851e8
commit e5bd281d28
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
op/op.Login.php
View File

@ -190,7 +190,7 @@ if (is_bool($user)) {
// Check if password matches (if not a guest user)
// Assume that the password has been sent via HTTP POST. It would be careless
// (and dangerous) for passwords to be sent via GET.
if (($userid != $settings->_guestID) && (md5($pwd) != $user->getPwd())) {
if (($userid != $settings->_guestID) && (md5($pwd) != $user->getPwd()) || ($userid == $settings->_guestID) && $user->getPwd() && (md5($pwd) != $user->getPwd())) {
_printMessage(getMLText("login_error_title"), getMLText("login_error_text"));
/* if counting of login failures is turned on, then increment its value */
if($settings->_loginFailure) {