fix bug where users could use wildcards in username to login

e.g. user Peter could probably login using username Pet% fixed same problem in the migration script

fix bug where users could use wildcards in username to login
fd16784b · Daniel · 44c34115 · fd16784b · fd16784b
Commit fd16784b authored 12 years ago by Daniel
--- a/lib/migrate.php
+++ b/lib/migrate.php
@@ -457,7 +457,7 @@ class OC_Migrate{
 					);
 		// Add hash if user export
 		if( self::$exporttype == 'user' ){
-			$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid LIKE ?" );
+			$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid = ?" );
 			$result = $query->execute( array( self::$uid ) );
 			$row = $result->fetchRow();
 			$hash = $row ? $row['password'] : false;

--- a/lib/user/database.php
+++ b/lib/user/database.php
@@ -122,7 +122,7 @@ class OC_User_Database extends OC_User_Backend {
 	 * Check if the password is correct without logging in the user
 	 */
 	public function checkPassword( $uid, $password ){
-		$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid LIKE ?" );
+		$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid = ?" );
 		$result = $query->execute( array( $uid));

 		$row=$result->fetchRow();
@@ -172,7 +172,7 @@ class OC_User_Database extends OC_User_Backend {
 	 * @return boolean
 	 */
 	public function userExists($uid){
-		$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid LIKE ?" );
+		$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid = ?" );
 		$result = $query->execute( array( $uid ));
 		
 		return $result->numRows() > 0;