From 32138f1fbd7637dffaaad0c8ca677e43a0d13831 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 15 May 2015 12:44:57 +0000
Subject: bug 3223 fixed: make sure we have found a user before validating the
 connection

git-svn-id: http://piwigo.org/svn/branches/2.7@31167 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_user.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 91bac83bb..96361930a 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1120,7 +1120,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
   WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
 ;';
   $row = pwg_db_fetch_assoc(pwg_query($query));
-  if ($conf['password_verify']($password, $row['password'], $row['id']))
+  if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id']))
   {
     log_user($row['id'], $remember_me);
     trigger_notify('login_success', stripslashes($username));
-- 
cgit v1.2.3