summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2012-04-11 12:47:22 +0200
committerFlorian Pritz <bluewind@xinu.at>2012-04-11 12:47:22 +0200
commitf9d2bd80b18cfec0d565eae678e18ca2f83d3dc0 (patch)
tree2af2a3ab851d022599ac5028fca9181b7ba626d0
parentce6162603ec08565f9ef9ff406e321b4bae2f038 (diff)
Fix password verification
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--application/models/muser.php10
1 files changed, 9 insertions, 1 deletions
diff --git a/application/models/muser.php b/application/models/muser.php
index e9a38cfad..10d67e18f 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -21,7 +21,15 @@ class Muser extends CI_Model {
WHERE `username` = ?
', array($username))->row_array();
- if (crypt($password, $query["password"] == $password)) {
+ if (!isset($query["username"]) || $query["username"] !== $username) {
+ return false;
+ }
+
+ if (!isset($query["password"])) {
+ return false;
+ }
+
+ if (crypt($password, $query["password"]) === $query["password"]) {
$this->session->set_userdata('logged_in', true);
$this->session->set_userdata('username', $username);
return true;