From c0e1bec960f262ad7af5566fadec87b4a18d2f80 Mon Sep 17 00:00:00 2001 From: SJ Date: Wed, 4 Dec 2013 13:26:05 +0100 Subject: [PATCH] prevent logging in without @ in the email address via imap and pop3 auth methods --- webui/model/user/auth.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/webui/model/user/auth.php b/webui/model/user/auth.php index 9a7c3ec9..aba8dddc 100644 --- a/webui/model/user/auth.php +++ b/webui/model/user/auth.php @@ -253,7 +253,7 @@ class ModelUserAuth extends Model { private function checkLoginAgainstIMAP($username = '', $password = '') { $session = Registry::get('session'); - $user = array(); + if(!strchr($username, '@')) { return 0; } $imap = new Zend_Mail_Protocol_Imap(IMAP_HOST, IMAP_PORT, IMAP_SSL); if($imap->login($username, $password)) { @@ -271,7 +271,6 @@ class ModelUserAuth extends Model { private function checkLoginAgainstPOP3($username = '', $password = '') { - $user = array(); $rc = 0; try {