From: Evan Prodromou <evan@prodromou.name>
Date: Mon, 25 Aug 2008 18:52:45 +0000 (-0400)
Subject: never allow blank passwords
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=4cc84c3225fb1ba5ac1641b5c73bf2821ff74011;p=quix0rs-gnu-social.git

never allow blank passwords

darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz
---

diff --git a/lib/util.php b/lib/util.php
index efd86ad509..e14cc36ace 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -493,6 +493,10 @@ function common_munge_password($password, $id) {
 
 # check if a username exists and has matching password
 function common_check_user($nickname, $password) {
+	# NEVER allow blank passwords, even if they match the DB
+	if (mb_strlen($password) == 0) {
+		return false;
+	}
 	$user = User::staticGet('nickname', $nickname);
 	if (is_null($user)) {
 		return false;