Server side :

* Trim password and login before instertion * Can use empty master key to see user passwords * Fix a bug : can't decode multiple queries from client Client side : * Don't send empty username * Update README
2013-10-17 18:26:54 +02:00
parent 4fd1f1e92f
commit 67d21ff3ef
5 changed files with 12 additions and 9 deletions
--- a/server/ref/index.php
+++ b/server/ref/index.php
@@ -45,7 +45,8 @@ for ($i=0; isset($_POST["k$i"]); $i++)
 {
    $statement->bindValue(":login", $_POST["k$i"]);
    $result = $statement->execute();
-    $row = $result->fetchArray();
+    $row = $result->fetchArray(SQLITE3_ASSOC);
+    $result->finalize();
    if (isset($row["password"]))
    {
        echo "pass=" . $row["password"] . "\n";