diff options
| author | Erik Dubbelboer <erik@dubbelboer.com> | 2021-10-05 21:45:52 +0300 |
|---|---|---|
| committer | Erik Dubbelboer <erik@dubbelboer.com> | 2021-10-05 21:45:52 +0300 |
| commit | 31aa7661e6db6f4dffbf9a635817832a0a11c7d9 (patch) | |
| tree | 9527cb45acc355ccd8164fb3db58f9fe1c28e3a7 | |
| parent | 59c90d7182dcb7e61390fc0ae5f8f72551a23280 (diff) | |
Fix magic hash attack
| -rw-r--r-- | includes/login.inc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/login.inc.php b/includes/login.inc.php index 75ed28d..8cfb26d 100644 --- a/includes/login.inc.php +++ b/includes/login.inc.php @@ -56,7 +56,7 @@ function authHttpDigest() $response = md5($password.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.md5($_SERVER['REQUEST_METHOD'].':'.$data['uri'])); - if ($data['response'] != $response) { + if ($data['response'] !== $response) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"'); die('Invalid username and/or password combination.'); |