diff options
author | Florian Pritz <bluewind@xinu.at> | 2012-04-11 12:47:22 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2012-04-11 12:47:22 +0200 |
commit | f9d2bd80b18cfec0d565eae678e18ca2f83d3dc0 (patch) | |
tree | 2af2a3ab851d022599ac5028fca9181b7ba626d0 /application/models | |
parent | ce6162603ec08565f9ef9ff406e321b4bae2f038 (diff) |
Fix password verification
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/models')
-rw-r--r-- | application/models/muser.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/application/models/muser.php b/application/models/muser.php index e9a38cfad..10d67e18f 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -21,7 +21,15 @@ class Muser extends CI_Model { WHERE `username` = ? ', array($username))->row_array(); - if (crypt($password, $query["password"] == $password)) { + if (!isset($query["username"]) || $query["username"] !== $username) { + return false; + } + + if (!isset($query["password"])) { + return false; + } + + if (crypt($password, $query["password"]) === $query["password"]) { $this->session->set_userdata('logged_in', true); $this->session->set_userdata('username', $username); return true; |