From a4afbcb4e6518b7b94bd0c1ed7d296f97b9c4cc3 Mon Sep 17 00:00:00 2001
From: nbm <nbm@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Fri, 2 Dec 2005 11:50:33 +0000
Subject: [PATCH] Be slightly stronger in checkPassword - it has to return exactly true for authentication to pass.

---
 presentation/login.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/presentation/login.php b/presentation/login.php
index 972b54e..44ff8bc 100644
--- a/presentation/login.php
+++ b/presentation/login.php
@@ -114,13 +114,13 @@ class LoginPageDispatcher extends KTDispatcher {
         }
         $authenticated = KTAuthenticationUtil::checkPassword($oUser, $password);
 
-        if ($authenticated === false) {
-            $this->simpleRedirectToMain('Login failed.  Please check your username and password, and try again.', $url, $params);
+        if (PEAR::isError($authenticated)) {
+            $this->simpleRedirectToMain('Authentication failure.  Please try again.', $url, $params);
             exit(0);
         }
 
-        if (PEAR::isError($authenticated)) {
-            $this->simpleRedirectToMain('Authentication failure.  Please try again.', $url, $params);
+        if ($authenticated !== true) {
+            $this->simpleRedirectToMain('Login failed.  Please check your username and password, and try again.', $url, $params);
             exit(0);
         }
 
--
libgit2 0.21.4