From e94146b4903ecaf072db0726a3b151a3d002790b Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Tue, 1 Nov 2022 11:32:02 +0900
Subject: [PATCH] Return error if user_id is empty after removing all
 non-numerical characters

---
 modules/member/member.controller.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
index a11034b4f..5040a74c8 100644
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@@ -2168,7 +2168,11 @@ class memberController extends member
 	function doLogin($user_id, $password = '', $keep_signed = false)
 	{
 		$user_id = strtolower($user_id);
-		if(!$user_id) return new BaseObject(-1, 'null_user_id');
+		if (!$user_id)
+		{
+			return new BaseObject(-1, 'null_user_id');
+		}
+		
 		// Call a trigger before log-in (before)
 		$trigger_obj = new stdClass();
 		$trigger_obj->user_id = $user_id;
@@ -2219,6 +2223,11 @@ class memberController extends member
 			}
 			
 			$numbers_only = preg_replace('/[^0-9]/', '', $user_id);
+			if (!$numbers_only)
+			{
+				return $this->recordLoginError(-1, 'null_user_id');
+			}
+			
 			$member_info = MemberModel::getMemberInfoByPhoneNumber($numbers_only, $phone_country);
 			$used_identifier = 'phone_number';
 			if(!$member_info || preg_replace('/[^0-9]/', '', $member_info->phone_number) !== $numbers_only)