kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix logic password. case sensitive username

Browse Source
This commit is contained in:
Ibnu Maksum 2024-08-12 13:34:19 +07:00
parent 3f7c17d9b1
commit 6765a6b17c
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
radius.php
View File

@ -41,7 +41,7 @@ try {
$CHAPassword = _req('CHAPassword');
$CHAPchallenge = _req('CHAPchallenge');
if (!empty($CHAPassword)) {
$c = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one();
$c = ORM::for_table('tbl_customers')->select('password')->whereRaw("BINARY `username` = '$username'")->find_one();
//if verified
if (Password::chap_verify($c['password'], $CHAPassword, $CHAPchallenge)) {
$password = $c['password'];
@ -67,7 +67,7 @@ try {
$username = Text::alphanumeric($username, "-_.,");
$d = ORM::for_table('tbl_voucher')->whereRaw("BINARY `code` = '$username'")->find_one();
} else {
$d = ORM::for_table('tbl_customers')->where('username', $username)->find_one();
$d = ORM::for_table('tbl_customers')->whereRaw("BINARY `username` = '$username'")->find_one();
if ($d['password'] != $password) {
if ($d['pppoe_password'] != $password) {
unset($d);
@ -91,7 +91,7 @@ try {
$CHAPassword = _req('CHAPassword');
$CHAPchallenge = _req('CHAPchallenge');
if (!empty($CHAPassword)) {
$c = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one();
$c = ORM::for_table('tbl_customers')->select('password')->whereRaw("BINARY `username` = '$username'")->find_one();
//if verified
if (Password::chap_verify($c['password'], $CHAPassword, $CHAPchallenge)) {
$password = $c['password'];
@ -115,10 +115,10 @@ try {
], 401);
}
}
$tur = ORM::for_table('tbl_user_recharges')->where('username', $username)->find_one();
$tur = ORM::for_table('tbl_user_recharges')->whereRaw("BINARY `username` = '$username'")->find_one();
if ($tur) {
if (!$isVoucher) {
$d = ORM::for_table('tbl_customers')->select('password')->where('username', $username)->find_one();
if (!$isVoucher && empty($CHAPassword)) {
$d = ORM::for_table('tbl_customers')->select('password')->whereRaw("BINARY `username` = '$username'")->find_one();
if ($d['password'] != $password) {
if ($d['pppoe_password'] != $password) {
show_radius_result(['Reply-Message' => 'Username or Password is wrong'], 401);