From f9d2bd80b18cfec0d565eae678e18ca2f83d3dc0 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Wed, 11 Apr 2012 12:47:22 +0200
Subject: Fix password verification

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/muser.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'application/models/muser.php')

diff --git a/application/models/muser.php b/application/models/muser.php
index e9a38cfad..10d67e18f 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -21,7 +21,15 @@ class Muser extends CI_Model {
 			WHERE `username` = ?
 			', array($username))->row_array();
 
-		if (crypt($password, $query["password"] == $password)) {
+		if (!isset($query["username"]) || $query["username"] !== $username) {
+			return false;
+		}
+
+		if (!isset($query["password"])) {
+			return false;
+		}
+
+		if (crypt($password, $query["password"]) === $query["password"]) {
 			$this->session->set_userdata('logged_in', true);
 			$this->session->set_userdata('username', $username);
 			return true;
-- 
cgit v1.2.3-24-g4f1b