Skip to content
Snippets Groups Projects
Commit 5e9e1054 authored by Andreas Gohr's avatar Andreas Gohr
Browse files

do not allow empty passwords

When a username but no password is submitted, the login is denied right
away instead of relying on the backend to refuse the login.
parent 395c2f0f
No related branches found
No related tags found
No related merge requests found
......@@ -229,7 +229,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
if(!empty($user)) {
//usual login
if($auth->checkPass($user, $pass)) {
if(!empty($pass) && $auth->checkPass($user, $pass)) {
// make logininfo globally available
$INPUT->server->set('REMOTE_USER', $user);
$secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment