2 files changed, 13 insertions, 23 deletions
diff --git a/central/trunk/includes/instadisc.php b/central/trunk/includes/instadisc.php
index 95aeb88..e6fc862 100644
--- a/central/trunk/includes/instadisc.php
+++ b/central/trunk/includes/instadisc.php

@@ -11,8 +11,7 @@ function instaDisc_checkVerification($username, $verification, $verificationID,
        $getverid2 = mysql_query($getverid);
        $getverid3 = mysql_fetch_array($getverid2);
        if ($getverid3['id'] != $verificationID)
-        {
+        {               $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
-                $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
                $getitem2 = mysql_query($getitem);
                $getitem3 = mysql_fetch_array($getitem2);
                if ($getitem3[$nameField] == $username)
@@ -233,7 +232,11 @@ function instaDisc_deactivateAccount($username, $penKey)
 function instaDisc_verifyUser($username, $password)
 {
-        return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password');
+        $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username). "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
+        $getuser2 = mysql_query($getuser);
+        $getuser3 = mysql_fetch_array($getuser2);
+        return ($getuser3['username'] == $username);
 }
 function instaDisc_deleteAccount($username)
diff --git a/central/trunk/login.php b/central/trunk/login.php
index fc3fe21..b40b467 100644
--- a/central/trunk/login.php
+++ b/central/trunk/login.php

@@ -12,29 +12,16 @@ if (!isset($_GET['submit']))
        $numOfErrors = 0;
        $errors = array();
-        $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_POST['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['password'])) . "\"";
+        if (instaDisc_verifyUser($_POST['username'], $_POST['password']))
-        $getuser2 = mysql_query($getuser);
-        $getuser3 = mysql_fetch_array($getuser2);
-        if ($getuser3['username'] != $_POST['username'])
        {
-                addError($numOfErrors, $errors, '', 'Account could not be found');
+                $_SESSION['username'] == $_POST['username'];
-        }
-        if ($numOfErrors > 0)
+                $template = new FITemplate('loggedin');
-        {
+                $template->add('SITENAME', instaDisc_getConfig('siteName'));
-                showForm($_POST['username'], $_POST['password'], $errors);
+                $template->display();
        } else {
-                if (instaDisc_verifyUser($_POST['username'], $_POST['password']))
+                addError($numOfErrors, $errors, '', 'Account could not be found');
-                {
+                showForm($_POST['username'], $_POST['password'], $errors);
-                        $_SESSION['username'] == $_POST['username'];
-                        $template = new FITemplate('loggedin');
-                        $template->add('SITENAME', instaDisc_getConfig('siteName'));
-                        $template->display();
-                } else {
-                        addError($numOfErrors, $errors, '', 'Account could not be found');
-                        showForm($_POST['username'], $_POST['password'], $errors);
-                }
        }
 }