diff options
| author | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-16 16:30:53 +0000 |
|---|---|---|
| committer | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-08-16 16:30:53 +0000 |
| commit | c74b7d042daa0c419edfeaa97efbf7d8a216ac57 (patch) | |
| tree | 3066530bab48e527d3697a53f011fa76b37ce24b /central/trunk/login.php | |
| parent | b4e87de5d010650481a66981e78ea3c6a4cbb00c (diff) | |
| download | instadisc-c74b7d042daa0c419edfeaa97efbf7d8a216ac57.tar.gz instadisc-c74b7d042daa0c419edfeaa97efbf7d8a216ac57.tar.bz2 instadisc-c74b7d042daa0c419edfeaa97efbf7d8a216ac57.zip | |
Central: Fixed instaDisc_verifyUser()
Previously, instaDisc_verifyUser() was lazy and checked a user's existance by routing the input through instaDisc_checkVerification() with the static Verification ID of 0, but it was forgotten that a static Verification ID would work once and be rejected after that. Refs #25
Diffstat (limited to 'central/trunk/login.php')
| -rw-r--r-- | central/trunk/login.php | 27 |
1 files changed, 7 insertions, 20 deletions
| diff --git a/central/trunk/login.php b/central/trunk/login.php index fc3fe21..b40b467 100644 --- a/central/trunk/login.php +++ b/central/trunk/login.php | |||
| @@ -12,29 +12,16 @@ if (!isset($_GET['submit'])) | |||
| 12 | $numOfErrors = 0; | 12 | $numOfErrors = 0; |
| 13 | $errors = array(); | 13 | $errors = array(); |
| 14 | 14 | ||
| 15 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_POST['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['password'])) . "\""; | 15 | if (instaDisc_verifyUser($_POST['username'], $_POST['password'])) |
| 16 | $getuser2 = mysql_query($getuser); | ||
| 17 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 18 | if ($getuser3['username'] != $_POST['username']) | ||
| 19 | { | 16 | { |
| 20 | addError($numOfErrors, $errors, '', 'Account could not be found'); | 17 | $_SESSION['username'] == $_POST['username']; |
| 21 | } | ||
| 22 | 18 | ||
| 23 | if ($numOfErrors > 0) | 19 | $template = new FITemplate('loggedin'); |
| 24 | { | 20 | $template->add('SITENAME', instaDisc_getConfig('siteName')); |
| 25 | showForm($_POST['username'], $_POST['password'], $errors); | 21 | $template->display(); |
| 26 | } else { | 22 | } else { |
| 27 | if (instaDisc_verifyUser($_POST['username'], $_POST['password'])) | 23 | addError($numOfErrors, $errors, '', 'Account could not be found'); |
| 28 | { | 24 | showForm($_POST['username'], $_POST['password'], $errors); |
| 29 | $_SESSION['username'] == $_POST['username']; | ||
| 30 | |||
| 31 | $template = new FITemplate('loggedin'); | ||
| 32 | $template->add('SITENAME', instaDisc_getConfig('siteName')); | ||
| 33 | $template->display(); | ||
| 34 | } else { | ||
| 35 | addError($numOfErrors, $errors, '', 'Account could not be found'); | ||
| 36 | showForm($_POST['username'], $_POST['password'], $errors); | ||
| 37 | } | ||
| 38 | } | 25 | } |
| 39 | } | 26 | } |
| 40 | 27 | ||