From 7afbcc75eb0a2caa502114575f8155b1920c5c55 Mon Sep 17 00:00:00 2001
From: Johan Cwiklinski <jcwiklinski@teclib.com>
Date: Mon, 4 Mar 2019 16:15:04 +0100
Subject: [PATCH] Strict check

---
 inc/auth.class.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/auth.class.php b/inc/auth.class.php
index c779441ed0a..0ed1aa19d32 100644
--- a/inc/auth.class.php
+++ b/inc/auth.class.php
@@ -276,14 +276,14 @@ static function checkPassword($pass, $hash) {
          $ok = password_verify($pass, $hash);
 
       } else if (strlen($hash)==32) {
-         $ok = md5($pass) == $hash;
+         $ok = md5($pass) === $hash;
 
       } else if (strlen($hash)==40) {
-         $ok = sha1($pass) == $hash;
+         $ok = sha1($pass) === $hash;
 
       } else {
          $salt = substr($hash, 0, 8);
-         $ok = ($salt.sha1($salt.$pass) == $hash);
+         $ok = ($salt.sha1($salt.$pass) === $hash);
       }
 
       return $ok;