From c74b7d042daa0c419edfeaa97efbf7d8a216ac57 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Sat, 16 Aug 2008 16:30:53 +0000
Subject: Central: Fixed instaDisc_verifyUser()

Previously, instaDisc_verifyUser() was lazy and checked a user's
existance by routing the input through instaDisc_checkVerification()
with the static Verification ID of 0, but it was forgotten that a static
Verification ID would work once and be rejected after that. Refs #25
---
 central/trunk/login.php | 27 +++++++--------------------
 1 file changed, 7 insertions(+), 20 deletions(-)

(limited to 'central/trunk/login.php')

diff --git a/central/trunk/login.php b/central/trunk/login.php
index fc3fe21..b40b467 100644
--- a/central/trunk/login.php
+++ b/central/trunk/login.php
@@ -12,29 +12,16 @@ if (!isset($_GET['submit']))
 	$numOfErrors = 0;
 	$errors = array();
 
-	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_POST['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['password'])) . "\"";
-	$getuser2 = mysql_query($getuser);
-	$getuser3 = mysql_fetch_array($getuser2);
-	if ($getuser3['username'] != $_POST['username'])
+	if (instaDisc_verifyUser($_POST['username'], $_POST['password']))
 	{
-		addError($numOfErrors, $errors, '', 'Account could not be found');
-	}
+		$_SESSION['username'] == $_POST['username'];
 
-	if ($numOfErrors > 0)
-	{
-		showForm($_POST['username'], $_POST['password'], $errors);
+		$template = new FITemplate('loggedin');
+		$template->add('SITENAME', instaDisc_getConfig('siteName'));
+		$template->display();
 	} else {
-		if (instaDisc_verifyUser($_POST['username'], $_POST['password']))
-		{
-			$_SESSION['username'] == $_POST['username'];
-
-			$template = new FITemplate('loggedin');
-			$template->add('SITENAME', instaDisc_getConfig('siteName'));
-			$template->display();
-		} else {
-			addError($numOfErrors, $errors, '', 'Account could not be found');
-			showForm($_POST['username'], $_POST['password'], $errors);
-		}
+		addError($numOfErrors, $errors, '', 'Account could not be found');
+		showForm($_POST['username'], $_POST['password'], $errors);
 	}
 }
 
-- 
cgit 1.4.1