Index: /bureau/class/m_mem.php
===================================================================
--- /bureau/class/m_mem.php	(revision 102)
+++ /bureau/class/m_mem.php	(revision 103)
@@ -1,5 +1,5 @@
 <?php
 /*
- $Id: m_mem.php,v 1.4 2003/06/10 06:45:20 root Exp $
+ $Id: m_mem.php,v 1.5 2003/06/10 06:54:10 root Exp $
  ----------------------------------------------------------------------
  LICENSE
@@ -75,6 +75,7 @@
     global $db,$session,$err;
     $err->log("mem","login",$username);
-    $username=addslashes($username);
-    $password=addslashes($password);
+    //    $username=addslashes($username);
+    //    $password=addslashes($password);
+    $password=stripslashes($password);
     $db->query("select * from membres where login='$username';");
     if ($db->num_rows()==0) {
@@ -236,4 +237,7 @@
     global $db,$err;
     $err->log("mem","passwd");
+    $oldpass=stripslashes($oldpas);
+    $newpass=stripslashes($newpas);
+    $newpass2=stripslashes($newpas2);
     if (!$this->user["canpass"]) {
       $err->raise("mem",11);
@@ -241,15 +245,16 @@
     }
     if ($this->user["pass"]!=$oldpass) {
-      $err->raise("mem",5);
+      $err->raise("mem",6);
       return false;
     }
     if ($newpass!=$newpass2) {
-      $err->raise("mem",6);
+      $err->raise("mem",7);
       return false;
     }
     if (strlen($newpass)<3) {
-      $err->raise("mem",7);
-      return false;
-    }
+      $err->raise("mem",8);
+      return false;
+    }
+    $newpass=addslashes($newpass);
     $db->query("UPDATE membres SET pass='$newpass' WHERE uid=".$this->uid.";");
     $err->error=0;
@@ -381,5 +386,5 @@
       $db->query("SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';");
       if (!$db->num_rows()) {
-	$err->raise("mem",8);
+	$err->raise("mem",9);
 	return false;
       }