diff options
| author | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-16 16:30:53 +0000 |
|---|---|---|
| committer | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-16 16:30:53 +0000 |
| commit | c74b7d042daa0c419edfeaa97efbf7d8a216ac57 (patch) | |
| tree | 3066530bab48e527d3697a53f011fa76b37ce24b /central/trunk/includes | |
| parent | b4e87de5d010650481a66981e78ea3c6a4cbb00c (diff) | |
| download | instadisc-c74b7d042daa0c419edfeaa97efbf7d8a216ac57.tar.gz instadisc-c74b7d042daa0c419edfeaa97efbf7d8a216ac57.tar.bz2 instadisc-c74b7d042daa0c419edfeaa97efbf7d8a216ac57.zip | |
Central: Fixed instaDisc_verifyUser()
Previously, instaDisc_verifyUser() was lazy and checked a user's existance by routing the input through instaDisc_checkVerification() with the static Verification ID of 0, but it was forgotten that a static Verification ID would work once and be rejected after that. Refs #25
Diffstat (limited to 'central/trunk/includes')
| -rw-r--r-- | central/trunk/includes/instadisc.php | 9 |
1 files changed, 6 insertions, 3 deletions
| diff --git a/central/trunk/includes/instadisc.php b/central/trunk/includes/instadisc.php index 95aeb88..e6fc862 100644 --- a/central/trunk/includes/instadisc.php +++ b/central/trunk/includes/instadisc.php | |||
| @@ -11,8 +11,7 @@ function instaDisc_checkVerification($username, $verification, $verificationID, | |||
| 11 | $getverid2 = mysql_query($getverid); | 11 | $getverid2 = mysql_query($getverid); |
| 12 | $getverid3 = mysql_fetch_array($getverid2); | 12 | $getverid3 = mysql_fetch_array($getverid2); |
| 13 | if ($getverid3['id'] != $verificationID) | 13 | if ($getverid3['id'] != $verificationID) |
| 14 | { | 14 | { $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; |
| 15 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; | ||
| 16 | $getitem2 = mysql_query($getitem); | 15 | $getitem2 = mysql_query($getitem); |
| 17 | $getitem3 = mysql_fetch_array($getitem2); | 16 | $getitem3 = mysql_fetch_array($getitem2); |
| 18 | if ($getitem3[$nameField] == $username) | 17 | if ($getitem3[$nameField] == $username) |
| @@ -233,7 +232,11 @@ function instaDisc_deactivateAccount($username, $penKey) | |||
| 233 | 232 | ||
| 234 | function instaDisc_verifyUser($username, $password) | 233 | function instaDisc_verifyUser($username, $password) |
| 235 | { | 234 | { |
| 236 | return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password'); | 235 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username). "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\""; |
| 236 | $getuser2 = mysql_query($getuser); | ||
| 237 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 238 | |||
| 239 | return ($getuser3['username'] == $username); | ||
| 237 | } | 240 | } |
| 238 | 241 | ||
| 239 | function instaDisc_deleteAccount($username) | 242 | function instaDisc_deleteAccount($username) |