From ab1ebf581b51bfb2ed4ed8746a9e48a65c2d7e22 Mon Sep 17 00:00:00 2001 From: Mark Crane Date: Mon, 6 Apr 2015 09:08:57 +0000 Subject: [PATCH] Fix code that allowed userid / passwd as well as user_id / password. --- app/provision/resources/classes/provision.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/provision/resources/classes/provision.php b/app/provision/resources/classes/provision.php index a84052bf99..0fa615935c 100644 --- a/app/provision/resources/classes/provision.php +++ b/app/provision/resources/classes/provision.php @@ -174,7 +174,7 @@ include "root.php"; } //check to see if the mac_address exists in devices - if (isset($_REQUEST['user_id']) or isset($_REQUEST['userid'])) { + if (strlen($_REQUEST['user_id']) > 0 || strlen($_REQUEST['userid']) > 0) { if ($this->mac_exists($mac)) { //get the device_template if (strlen($device_template) == 0) { @@ -297,12 +297,12 @@ include "root.php"; } //get the device uuid using the username and password - if (isset($_REQUEST['user_id']) or isset($_REQUEST['userid'])) { + if (strlen($_REQUEST['user_id']) > 0 || strlen($_REQUEST['userid']) > 0) { //set the variables $user_id = $_REQUEST['user_id']; $password = $_REQUEST['password']; - if (isset($_REQUEST['userid'])) { $user_id = $_REQUEST['userid']; } - if (isset($_REQUEST['password'])) { $password = $_REQUEST['passwd']; } + if (strlen($_REQUEST['userid']) > 0) { $user_id = $_REQUEST['userid']; } + if (strlen($_REQUEST['passwd']) > 0) { $password = $_REQUEST['passwd']; } //get the device uuid $sql = "SELECT * FROM v_device_lines "; $sql .= "WHERE user_id = :user_id ";