From 5094e208d5ad7265979c33d8258b6c234275f52b Mon Sep 17 00:00:00 2001 From: 8chan Admin Date: Thu, 13 Feb 2014 01:04:32 +0000 Subject: [PATCH] Security: capitalization of mods username is significant --- inc/mod/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/mod/auth.php b/inc/mod/auth.php index f2003dfe..0223b4b3 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -39,7 +39,7 @@ function login($username, $password, $makehash=true) { $password = sha1($password); } - $query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE `username` = :username"); + $query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE BINARY `username` = :username"); $query->bindValue(':username', $username); $query->execute() or error(db_error($query));