summaryrefslogtreecommitdiff
path: root/lib/Multi
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2010-12-05 18:39:58 +0100
committerYorhel <git@yorhel.nl>2010-12-05 18:39:58 +0100
commit1c3df5b1f154cb1a7f5f3ae8d3e4cffcd7043a7e (patch)
tree1232c48cbb0fb889ffc9ed8dde0640a27b7b935b /lib/Multi
parent9e13837c11c41e9b6f2286b1dbd5b2154ce8bc68 (diff)
Multi::API: Check for existence of user/pass rather than their value
A login with an empty username and password shouldn't work...
Diffstat (limited to 'lib/Multi')
-rw-r--r--lib/Multi/API.pm4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/Multi/API.pm b/lib/Multi/API.pm
index 1f16f29f..67002701 100644
--- a/lib/Multi/API.pm
+++ b/lib/Multi/API.pm
@@ -384,11 +384,11 @@ sub login {
}
return cerr $c, badarg => 'Unknown protocol version', field => 'protocol' if $arg->{protocol} ne '1';
return cerr $c, badarg => 'The fields "username" and "password" must either both be present or both be missing.', field => 'username'
- if $arg->{username} && !$arg->{password} || $arg->{password} && !$arg->{username};
+ if exists $arg->{username} && !exists $arg->{password} || exists $arg->{password} && !exists $arg->{username};
return cerr $c, badarg => 'Invalid client name', field => 'client' if $arg->{client} !~ /^[a-zA-Z0-9 _-]{3,50}$/;
return cerr $c, badarg => 'Invalid client version', field => 'clientver' if $arg->{clientver} !~ /^[a-zA-Z0-9_.\/-]{1,25}$/;
- if($arg->{username}) {
+ if(exists $arg->{username}) {
# fetch user info
$_[KERNEL]->post(pg => query => "SELECT rank, salt, encode(passwd, 'hex') as passwd FROM users WHERE username = ?",
[ $arg->{username} ], 'login_res', [ $c, $arg ]);