Merge pull request #3 from divinity76/patch-1

fixes bug where username / password "0" is unrecognized
Nesseref · Oct 1, 2016 · df225d3 · df225d3
2 parents 7a4f0c7 + 3587eb6
commit df225d3
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/php/login.php b/php/login.php
@@ -6,15 +6,17 @@
 if ($conn->connect_errno) {
         die('Could not connect: ' . $conn->connect_error);
 }
+$username=isset($_POST["username"])?(string)$_POST["username"]:'';
+$password=isset($_POST["password"])?(string)$_POST["password"]:'';
 
-if (empty($_POST["username"]) || empty($_POST["password"])) {
+if ($username==='' || $password==='') {
 	echo "Empty required field";
 	echo "<br><a href=$baseurl/login.html>Go back</a>";
 	die();
 }
 
-$username = mysqli_real_escape_string($conn, $_POST["username"]);
-$password = hash('sha256', $_POST["password"]);
+$username = mysqli_real_escape_string($conn, $username);
+$password = hash('sha256', $password);
 
 $query = "SELECT * FROM $usertablename WHERE username = '$username' AND password = '$password'";
 $result = $conn->query($query);