upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-06 17:47:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 31

fix bug where users could use wildcards in username to login

Browse source 
e.g. user Peter could probably login using username Pet%
fixed same problem in the migration script
This commit is contained in:
Daniel 2012-04-15 10:30:22 +02:00
parent 44c34115a4
commit fd16784bcc
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/migrate.php
View file

@ -457,7 +457,7 @@ class OC_Migrate{
);
// Add hash if user export
if( self::$exporttype == 'user' ){
$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid LIKE ?" );
$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid = ?" );
$result = $query->execute( array( self::$uid ) );
$row = $result->fetchRow();
$hash = $row ? $row['password'] : false;

4
lib/user/database.php
View file

@ -122,7 +122,7 @@ class OC_User_Database extends OC_User_Backend {
* Check if the password is correct without logging in the user
*/
public function checkPassword( $uid, $password ){
$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid LIKE ?" );
$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid = ?" );
$result = $query->execute( array( $uid));
$row=$result->fetchRow();
@ -172,7 +172,7 @@ class OC_User_Database extends OC_User_Backend {
* @return boolean
*/
public function userExists($uid){
$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid LIKE ?" );
$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid = ?" );
$result = $query->execute( array( $uid ));
return $result->numRows() > 0;