From 4cc84c3225fb1ba5ac1641b5c73bf2821ff74011 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 25 Aug 2008 14:52:45 -0400 Subject: [PATCH] never allow blank passwords darcs-hash:20080825185245-84dde-f2ad86c1aedc2a42f7b468775234be53a7e84d5b.gz --- lib/util.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/util.php b/lib/util.php index efd86ad509..e14cc36ace 100644 --- a/lib/util.php +++ b/lib/util.php @@ -493,6 +493,10 @@ function common_munge_password($password, $id) { # check if a username exists and has matching password function common_check_user($nickname, $password) { + # NEVER allow blank passwords, even if they match the DB + if (mb_strlen($password) == 0) { + return false; + } $user = User::staticGet('nickname', $nickname); if (is_null($user)) { return false; -- 2.39.5