From a30ae06fb5f14e0552fbc7e7d442126d3e2bd5e9 Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Wed, 8 May 2024 17:54:22 +0200
Subject: [PATCH] fix: aligned code logic for logins (#2943)

---
 phpmyfaq/admin/index.php | 12 ++++++------
 phpmyfaq/index.php       |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/phpmyfaq/admin/index.php b/phpmyfaq/admin/index.php
index d9156a7b89..7d9a4d70cb 100755
--- a/phpmyfaq/admin/index.php
+++ b/phpmyfaq/admin/index.php
@@ -135,11 +135,11 @@
 // Authenticate current user
 //
 $error = '';
-$faqusername = Filter::filterInput(INPUT_POST, 'faqusername', FILTER_SANITIZE_SPECIAL_CHARS);
-$faqpassword = Filter::filterInput(INPUT_POST, 'faqpassword', FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
-$faqremember = Filter::filterInput(INPUT_POST, 'faqrememberme', FILTER_SANITIZE_SPECIAL_CHARS);
-$token = Filter::filterInput(INPUT_POST, 'token', FILTER_SANITIZE_SPECIAL_CHARS);
-$userid = Filter::filterInput(INPUT_POST, 'userid', FILTER_VALIDATE_INT);
+$faqusername = Filter::filterVar($request->request->get('faqusername'), FILTER_SANITIZE_SPECIAL_CHARS);
+$faqpassword = Filter::filterVar($request->request->get('faqpassword'), FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
+$rememberMe = Filter::filterVar($request->request->get('faqrememberme'), FILTER_VALIDATE_BOOLEAN);
+$token = Filter::filterVar($request->request->get('token'), FILTER_SANITIZE_SPECIAL_CHARS);
+$userid = Filter::filterVar($request->request->get('userid'), FILTER_VALIDATE_INT);
 
 //
 // Logging user in if 2FA is enabled and token is given and validated, if not: returns error message
@@ -180,7 +180,7 @@
 //
 // Login via local DB or LDAP or SSO
 //
-if (!is_null($faqusername) && !is_null($faqpassword)) {
+if ($faqusername !== '' && $faqpassword !== '') {
     $userAuth = new UserAuthentication($faqConfig, $user);
     $userAuth->setRememberMe($faqremember ?? false);
     try {
diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
index 4ee927983d..cb399764be 100755
--- a/phpmyfaq/index.php
+++ b/phpmyfaq/index.php
@@ -169,7 +169,7 @@
 }
 
 // Login via local DB or LDAP or SSO
-if (!is_null($faqusername) && (!is_null($faqpassword) || $faqConfig->get('security.ssoSupport'))) {
+if ($faqusername !== '' && ($faqpassword !== '' || $faqConfig->get('security.ssoSupport'))) {
     $userAuth = new UserAuthentication($faqConfig, $user);
     $userAuth->setRememberMe($rememberMe ?? false);
     try {