From a677817003fc065a3a6362c429ffe1a611067e49 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Wed, 12 Mar 2008 17:57:46 +0000
Subject: [PATCH] Merged r1231 from trunk.

git-svn-id: http://redmine.rubyforge.org/svn/branches/0.6-stable@1232 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/user.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/models/user.rb b/app/models/user.rb
index 737a8cc8e..d922c2c2c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -74,6 +74,8 @@ class User < ActiveRecord::Base
   
   # Returns the user that matches provided login and password, or nil
   def self.try_to_login(login, password)
+    # Make sure no one can sign in with an empty password
+    return nil if password.to_s.empty?
     user = find(:first, :conditions => ["login=?", login])
     if user
       # user is already in local database