diff --git a/mailscanner/checklogin.php b/mailscanner/checklogin.php index 33e91c8b..22adacd0 100644 --- a/mailscanner/checklogin.php +++ b/mailscanner/checklogin.php @@ -104,6 +104,12 @@ && (false === $_SESSION['user_imap']) ) { $passwordInDb = database::mysqli_result($result, 0, 'password'); + if(!is_string($passwordInDb)) { + header('Location: login.php?error=baduser'); + logFailedLogin($myusername); + exit; + } + if (!password_verify($mypassword, $passwordInDb)) { if (!hash_equals(md5($mypassword), $passwordInDb)) { header('Location: login.php?error=baduser');