From fd16784bcc4ffbd677d17f423d18ff60dc110f1e Mon Sep 17 00:00:00 2001
From: Daniel <daniel@mars.(none)>
Date: Sun, 15 Apr 2012 10:30:22 +0200
Subject: [PATCH] fix bug where users could use wildcards in username to login
 e.g. user Peter could probably login using username Pet% fixed same problem
 in the migration script

---
 lib/migrate.php       | 2 +-
 lib/user/database.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/migrate.php b/lib/migrate.php
index 1ce86198994..0218229d981 100644
--- a/lib/migrate.php
+++ b/lib/migrate.php
@@ -457,7 +457,7 @@ class OC_Migrate{
 					);
 		// Add hash if user export
 		if( self::$exporttype == 'user' ){
-			$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid LIKE ?" );
+			$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid = ?" );
 			$result = $query->execute( array( self::$uid ) );
 			$row = $result->fetchRow();
 			$hash = $row ? $row['password'] : false;
diff --git a/lib/user/database.php b/lib/user/database.php
index c1bac1bb0b5..4738a8948cb 100644
--- a/lib/user/database.php
+++ b/lib/user/database.php
@@ -122,7 +122,7 @@ class OC_User_Database extends OC_User_Backend {
 	 * Check if the password is correct without logging in the user
 	 */
 	public function checkPassword( $uid, $password ){
-		$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid LIKE ?" );
+		$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid = ?" );
 		$result = $query->execute( array( $uid));
 
 		$row=$result->fetchRow();
@@ -172,7 +172,7 @@ class OC_User_Database extends OC_User_Backend {
 	 * @return boolean
 	 */
 	public function userExists($uid){
-		$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid LIKE ?" );
+		$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid = ?" );
 		$result = $query->execute( array( $uid ));
 		
 		return $result->numRows() > 0;
-- 
GitLab