From 7f39f202a951a7a71e92cabf7a47d8d24ebd1721 Mon Sep 17 00:00:00 2001 From: CL0Pinette Date: Thu, 9 Apr 2026 11:29:54 +0200 Subject: [PATCH] fix: bad ldap password and null password in db result in error 500 --- mailscanner/checklogin.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mailscanner/checklogin.php b/mailscanner/checklogin.php index 33e91c8bf..22adacd04 100644 --- a/mailscanner/checklogin.php +++ b/mailscanner/checklogin.php @@ -104,6 +104,12 @@ && (false === $_SESSION['user_imap']) ) { $passwordInDb = database::mysqli_result($result, 0, 'password'); + if(!is_string($passwordInDb)) { + header('Location: login.php?error=baduser'); + logFailedLogin($myusername); + exit; + } + if (!password_verify($mypassword, $passwordInDb)) { if (!hash_equals(md5($mypassword), $passwordInDb)) { header('Location: login.php?error=baduser');