fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Magic Hash 취약점으로 인한 무단 로그인 방지

Browse source
This commit is contained in:
Been Kyung-yoon 2015-05-13 13:05:57 +09:00
parent 17f764e7e0
commit 9566e1ab83
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
classes/db/DBMysql.class.php
View file

@ -265,7 +265,7 @@ class DBMysql extends DB
$query = sprintf("select password('%s') as password, old_password('%s') as old_password", $this->addQuotes($password), $this->addQuotes($password));
$result = $this->_query($query);
$tmp = $this->_fetch($result);
if($tmp->password == $saved_password || $tmp->old_password == $saved_password)
if($tmp->password === $saved_password || $tmp->old_password === $saved_password)
{
return true;
}