diff options
| author | Ermal LUÇI <eri@pfsense.org> | 2015-01-12 11:43:21 +0100 |
|---|---|---|
| committer | Ermal LUÇI <eri@pfsense.org> | 2015-01-12 11:43:28 +0100 |
| commit | 545c4435ef6b7b747cb02229ca934ad7ec178cc4 (patch) | |
| tree | 6974952a2d7b178614a6b9ebf37777875db5057f /etc | |
| parent | 21165e6455f1402eb6b319dd515a6b43f0bb0e04 (diff) | |
| download | pfsense-545c4435ef6b7b747cb02229ca934ad7ec178cc4.zip pfsense-545c4435ef6b7b747cb02229ca934ad7ec178cc4.tar.gz | |
Do not override the passwd string. First it prevents the md5 working if the crypt() check fails and also is useless to override it since the parameter is passed by value and not by reference.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/auth.inc | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index a125741..ceaa9e5 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -302,15 +302,13 @@ function local_backed($username, $passwd) { if ($user['password']) { - $passwd = crypt($passwd, $user['password']); - if ($passwd == $user['password']) + if (crypt($passwd, $user['password']) == $user['password']) return true; } if ($user['md5-hash']) { - $passwd = md5($passwd); - if ($passwd == $user['md5-hash']) + if (md5($passwd) == $user['md5-hash']) return true; } |
