aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2015-05-15 12:44:57 +0000
committerplegall <plg@piwigo.org>2015-05-15 12:44:57 +0000
commit32138f1fbd7637dffaaad0c8ca677e43a0d13831 (patch)
treeb4cbd60a6fd0046179bfba5a85009475cf78c46d
parent42c04a1cb18b52b2a828fded23e413356fcf37a8 (diff)
bug 3223 fixed: make sure we have found a user before validating the connection
git-svn-id: http://piwigo.org/svn/branches/2.7@31167 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/functions_user.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 91bac83bb..96361930a 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1120,7 +1120,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
;';
$row = pwg_db_fetch_assoc(pwg_query($query));
- if ($conf['password_verify']($password, $row['password'], $row['id']))
+ if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id']))
{
log_user($row['id'], $remember_me);
trigger_notify('login_success', stripslashes($username));