nojimage · February 18, 2011 13:27 · nojimage · Feb 18, 2011
diff --git a/accesscheck.php.patch b/accesscheck.php.patch
 diff --git a/loudblog/inc/accesscheck.php b/loudblog/inc/accesscheck.php
 index 01f43f9..457eb0e 100644
 --- a/loudblog/inc/accesscheck.php
 +++ b/loudblog/inc/accesscheck.php
 @@ -68,15 +68,15 @@ else {
     //compare with the login-data from session and from post
     foreach ($result as $row) {
         if ((isset($_SESSION['nickname']))
 -        AND ($row['nickname'] == $_SESSION['nickname'])
 -        AND ($row['password'] == $_SESSION['password'] OR $row['password'] == md5($_SESSION['password']))
 -        AND ($_SERVER['REMOTE_ADDR'] == $_SESSION['ipnumber'])) {
 +        AND ($row['nickname'] === $_SESSION['nickname'])
 +        AND ($row['password'] === $_SESSION['password'] OR $row['password'] === md5($_SESSION['password']))
 +        AND ($_SERVER['REMOTE_ADDR'] === $_SESSION['ipnumber'])) {
         $access = true;
                }
         elseif (isset($_POST['nickname'])) {
             if ((isset($_POST['nickname']))
 -            AND ($row['nickname'] == $_POST['nickname'])
 -            AND ($row['password'] == md5($_POST['password'])))
 +            AND ($row['nickname'] === $_POST['nickname'])
 +            AND ($row['password'] === md5($_POST['password'])))
             $access = true;
         }
                else {
 @@ -88,7 +88,7 @@ else {
                                
                                #var_dump($cookie_string);
                                
 -                               if ($cookie_string == $_COOKIE['lbauth'] OR $cookie_string2 = $_COOKIE['lbauth']) {
 +                               if ($cookie_string === $_COOKIE['lbauth'] OR $cookie_string2 === $_COOKIE['lbauth']) {
                                        
                                        $_POST['nickname'] = $row['nickname'];
                                        $_POST['password'] = $row['password'];
	diff --git a/loudblog/inc/accesscheck.php b/loudblog/inc/accesscheck.php
	index 01f43f9..457eb0e 100644
	--- a/loudblog/inc/accesscheck.php
	+++ b/loudblog/inc/accesscheck.php
	@@ -68,15 +68,15 @@ else {
	//compare with the login-data from session and from post
	foreach ($result as $row) {
	if ((isset($_SESSION['nickname']))
	- AND ($row['nickname'] == $_SESSION['nickname'])
	- AND ($row['password'] == $_SESSION['password'] OR $row['password'] == md5($_SESSION['password']))
	- AND ($_SERVER['REMOTE_ADDR'] == $_SESSION['ipnumber'])) {
	+ AND ($row['nickname'] === $_SESSION['nickname'])
	+ AND ($row['password'] === $_SESSION['password'] OR $row['password'] === md5($_SESSION['password']))
	+ AND ($_SERVER['REMOTE_ADDR'] === $_SESSION['ipnumber'])) {
	$access = true;
	}
	elseif (isset($_POST['nickname'])) {
	if ((isset($_POST['nickname']))
	- AND ($row['nickname'] == $_POST['nickname'])
	- AND ($row['password'] == md5($_POST['password'])))
	+ AND ($row['nickname'] === $_POST['nickname'])
	+ AND ($row['password'] === md5($_POST['password'])))
	$access = true;
	}
	else {
	@@ -88,7 +88,7 @@ else {

	#var_dump($cookie_string);

	- if ($cookie_string == $_COOKIE['lbauth'] OR $cookie_string2 = $_COOKIE['lbauth']) {
	+ if ($cookie_string === $_COOKIE['lbauth'] OR $cookie_string2 === $_COOKIE['lbauth']) {

	$_POST['nickname'] = $row['nickname'];
	$_POST['password'] = $row['password'];