diff options
| author | cassio <cassiopc@gmail.com> | 2015-09-15 11:03:11 +0000 |
|---|---|---|
| committer | cassio <cassiopc@gmail.com> | 2015-09-15 11:03:11 +0000 |
| commit | af0e5ce80abb5ebb92672541d9c9603f92e80292 (patch) | |
| tree | 5104ce602358b947edee4c36fc53ddd7626e8e3b /src | |
| parent | bb1fbd0815d82ecb3da2f298056a6422b47f0dc8 (diff) | |
| download | boca-af0e5ce80abb5ebb92672541d9c9603f92e80292.tar.gz boca-af0e5ce80abb5ebb92672541d9c9603f92e80292.zip | |
better order of checks for login
Diffstat (limited to 'src')
| -rw-r--r-- | src/flog.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/flog.php b/src/flog.php index 5aef8e0..0024727 100644 --- a/src/flog.php +++ b/src/flog.php @@ -138,12 +138,6 @@ function DBLogInContest($name,$pass,$contest,$msg=true) { $p = myhash($a["userpassword"] . session_id()); $_SESSION['usertable']['userpassword'] = $p; - if ($a["userpassword"] != "" && $p != $pass) { - LOGLevel("User $name tried to log in contest $contest but password was incorrect.",2); - if($msg) MSGError("Incorrect password."); - unset($_SESSION["usertable"]); - return false; - } if ($d["sitepermitlogins"]=="f" && $a["usertype"] != "admin" && $a["usertype"] != "judge" && $a["usertype"] != "site") { LOGLevel("User $name tried to login contest $contest but logins are denied.",2); if($msg) MSGError("Logins are not allowed."); @@ -156,6 +150,12 @@ function DBLogInContest($name,$pass,$contest,$msg=true) { unset($_SESSION["usertable"]); return false; } + if ($a["userpassword"] != "" && $p != $pass) { + LOGLevel("User $name tried to log in contest $contest but password was incorrect.",2); + if($msg) MSGError("Incorrect password."); + unset($_SESSION["usertable"]); + return false; + } $gip=getIP(); if ($a["userip"] != $gip && $a["userip"] != "" && $a["usertype"] != "score") { LOGLevel("User $name is using two different IPs: " . $a["userip"] . |