Fixing minor problem caused by the original bug 77473 checkin where an SQL error...

author justdave%syndicomm.com <>

Tue, 17 Jul 2001 02:38:34 +0000 (02:38 +0000)

committer justdave%syndicomm.com <>

Tue, 17 Jul 2001 02:38:34 +0000 (02:38 +0000)
author justdave%syndicomm.com <>
Tue, 17 Jul 2001 02:38:34 +0000 (02:38 +0000)
committer justdave%syndicomm.com <>
Tue, 17 Jul 2001 02:38:34 +0000 (02:38 +0000)
diff --git a/CGI.pl b/CGI.pl

index ede69a9ad9de5886243ab8932c16f3190a3b0703..f248b25998d0356306dcd3851e7d501283b807e5 100644 (file)
--- a/CGI.pl
+++ b/CGI.pl
@@ -727,6 +727,12 @@ sub confirm_login {
                   WHERE login_name = " . SqlQuote($enteredlogin));
          ($userid, $realcryptpwd) = FetchSQLData();
  
+        # Make sure the user exists or throw an error (but do not admit it was a username
+        # error to make it harder for a cracker to find account names by brute force).
+        $userid
+          || DisplayError("The username or password you entered is not valid.")
+          && exit;
+
          # If this is a new user, generate a password, insert a record
          # into the database, and email their password to them.
          if ( defined $::FORM{"PleaseMailAPassword"} && !$userid ) {
author	justdave%syndicomm.com <>
	Tue, 17 Jul 2001 02:38:34 +0000 (02:38 +0000)
committer	justdave%syndicomm.com <>
	Tue, 17 Jul 2001 02:38:34 +0000 (02:38 +0000)