do not allow empty passwords

[syp.git] / inc / db / mysql.php

diff --git a/inc/db/mysql.php b/inc/db/mysql.php
index 8c07aa3de81c304922b7376d6d266ef13b9ca2c8..83836074c05a219b4cc8b033d1b9afe6c5ec573a 100644 (file)
--- a/inc/db/mysql.php
+++ b/inc/db/mysql.php
@@ -63,6 +63,9 @@ class mysqlConnection implements anydbConnection {
     }
 
     public function setpwd ($user_name, $pwd) {
+        if (strlen ($pwd) == 0) {
+            throw new Exception (anydbConnection::err_query);
+        }
         $usrname_escaped = mysql_real_escape_string ($user_name);
         if ($this->user_exists ($user_name)) {
             $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';",