Changeset 103

Timestamp:

02/21/06 23:37:42 (7 years ago)

Author:

anarcat

Message:

[project @ alternc: changeset 2003-06-10 06:54:10 by root]
Correction du bug avec les ' dans le mot de passe des membres

Original author: root
Date: 2003-06-10 06:54:10

File:

• bureau/class/m_mem.php (modified) (5 diffs)

bureau/class/m_mem.php

@@ -1 +1 @@
 <?php
 /*
- $Id: m_mem.php,v 1.4 2003/06/10 06:45:20 root Exp $
+ $Id: m_mem.php,v 1.5 2003/06/10 06:54:10 root Exp $
  ----------------------------------------------------------------------
  LICENSE
@@ -75 +75 @@
     global $db,$session,$err;
     $err->log("mem","login",$username);
-    $username=addslashes($username);
-    $password=addslashes($password);
+    //    $username=addslashes($username);
+    //    $password=addslashes($password);
+    $password=stripslashes($password);
     $db->query("select * from membres where login='$username';");
     if ($db->num_rows()==0) {
@@ -236 +237 @@
     global $db,$err;
     $err->log("mem","passwd");
+    $oldpass=stripslashes($oldpas);
+    $newpass=stripslashes($newpas);
+    $newpass2=stripslashes($newpas2);
     if (!$this->user["canpass"]) {
       $err->raise("mem",11);
@@ -241 +245 @@
     }
     if ($this->user["pass"]!=$oldpass) {
-      $err->raise("mem",5);
+      $err->raise("mem",6);
       return false;
     }
     if ($newpass!=$newpass2) {
-      $err->raise("mem",6);
+      $err->raise("mem",7);
       return false;
     }
     if (strlen($newpass)<3) {
-      $err->raise("mem",7);
-      return false;
-    }
+      $err->raise("mem",8);
+      return false;
+    }
+    $newpass=addslashes($newpass);
     $db->query("UPDATE membres SET pass='$newpass' WHERE uid=".$this->uid.";");
     $err->error=0;
@@ -381 +386 @@
       $db->query("SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';");
       if (!$db->num_rows()) {
-        $err->raise("mem",8);
+        $err->raise("mem",9);
         return false;
       }