fix(login comparison): fix string comparison operator

YesWiki · Oct 5, 2021 · f6b9653 · f6b9653
1 parent 45f9b84
commit f6b9653
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/includes/User.class.php b/includes/User.class.php
@@ -375,7 +375,7 @@ public function getAllProperties($format = 'array')
      */
     public function checkPassword($pwd, $newUser = '')
     {
-        if (empty($newUser) && $this->properties['password'] != md5($pwd)) {
+        if (empty($newUser) && $this->properties['password'] !== md5($pwd)) {
             $this->error = _t('USER_WRONG_PASSWORD').' !';
             return false;
         } else {

diff --git a/setup/install.php b/setup/install.php
@@ -100,7 +100,7 @@
     );
     test(
         _t('CHECKING_THE_ADMIN_PASSWORD_CONFIRMATION').' ...',
-        $admin_password == $admin_password_conf,
+        $admin_password === $admin_password_conf,
         _t('ADMIN_PASSWORD_ARE_DIFFERENT'),
         1
     );

diff --git a/tools/login/actions/login.php b/tools/login/actions/login.php
@@ -118,7 +118,7 @@
     // si l'utilisateur existe, on vérifie son mot de passe
     if (isset($_POST["name"]) && $_POST["name"] != '' && $existingUser = $this->LoadUser($_POST["name"])) {
         // si le mot de passe est bon, on créée le cookie et on redirige sur la bonne page
-        if ($existingUser["password"] == md5($_POST["password"])) {
+        if ($existingUser["password"] === md5($_POST["password"])) {
             $this->SetUser($existingUser, $_POST["remember"]);
 
             // si l'on veut utiliser la page d'accueil correspondant au nom d'utilisateur