From c74b7d042daa0c419edfeaa97efbf7d8a216ac57 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Sat, 16 Aug 2008 16:30:53 +0000 Subject: Central: Fixed instaDisc_verifyUser() Previously, instaDisc_verifyUser() was lazy and checked a user's existance by routing the input through instaDisc_checkVerification() with the static Verification ID of 0, but it was forgotten that a static Verification ID would work once and be rejected after that. Refs #25 --- central/trunk/includes/instadisc.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'central/trunk/includes') diff --git a/central/trunk/includes/instadisc.php b/central/trunk/includes/instadisc.php index 95aeb88..e6fc862 100644 --- a/central/trunk/includes/instadisc.php +++ b/central/trunk/includes/instadisc.php @@ -11,8 +11,7 @@ function instaDisc_checkVerification($username, $verification, $verificationID, $getverid2 = mysql_query($getverid); $getverid3 = mysql_fetch_array($getverid2); if ($getverid3['id'] != $verificationID) - { - $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; + { $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; $getitem2 = mysql_query($getitem); $getitem3 = mysql_fetch_array($getitem2); if ($getitem3[$nameField] == $username) @@ -233,7 +232,11 @@ function instaDisc_deactivateAccount($username, $penKey) function instaDisc_verifyUser($username, $password) { - return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password'); + $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username). "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\""; + $getuser2 = mysql_query($getuser); + $getuser3 = mysql_fetch_array($getuser2); + + return ($getuser3['username'] == $username); } function instaDisc_deleteAccount($username) -- cgit 1.4.1