diff options
| author | justdave%syndicomm.com <> | 2001-07-17 04:38:34 +0200 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2001-07-17 04:38:34 +0200 |
| commit | 22936f2b8cb70cfec4575989da2db549b60f5b30 (patch) | |
| tree | c67ce8c1af3aa96f19147ae1e5287a7829630f12 /CGI.pl | |
| parent | 022265211b1a3b3dad3fcf679756392c3eb6a285 (diff) | |
| download | bugzilla-22936f2b8cb70cfec4575989da2db549b60f5b30.tar.gz bugzilla-22936f2b8cb70cfec4575989da2db549b60f5b30.tar.xz | |
Fixing minor problem caused by the original bug 77473 checkin where an SQL error was being produced if you tried to log in
with an invalid username.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com
Diffstat (limited to 'CGI.pl')
| -rw-r--r-- | CGI.pl | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -727,6 +727,12 @@ sub confirm_login { WHERE login_name = " . SqlQuote($enteredlogin)); ($userid, $realcryptpwd) = FetchSQLData(); + # Make sure the user exists or throw an error (but do not admit it was a username + # error to make it harder for a cracker to find account names by brute force). + $userid + || DisplayError("The username or password you entered is not valid.") + && exit; + # If this is a new user, generate a password, insert a record # into the database, and email their password to them. if ( defined $::FORM{"PleaseMailAPassword"} && !$userid ) { |