[geeklog-cvs] geeklog-1.3/public_html users.php,1.69,1.70
dhaun at geeklog.net
dhaun at geeklog.net
Fri Oct 3 09:01:24 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv10905
Modified Files:
users.php
Log Message:
Changed to use COM_applyFilter (also applied some additional checks).
Index: users.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/users.php,v
retrieving revision 1.69
retrieving revision 1.70
diff -C2 -d -r1.69 -r1.70
*** users.php 1 Sep 2003 12:53:06 -0000 1.69
--- users.php 3 Oct 2003 13:01:22 -0000 1.70
***************
*** 663,674 ****
$display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8');
break;
case 'profile':
! $uid = strip_tags ($HTTP_GET_VARS['uid']);
! if (is_numeric ($uid)) {
$display .= COM_siteHeader('menu');
// Call custom registration and account record create function if
// enabled and exists
if ($_CONF['custom_registration'] AND (function_exists(custom_userform))
! AND SEC_hasRights("user.edit")) {
$display .= custom_userform ('moderate', $uid);
} else {
--- 663,675 ----
$display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8');
break;
+
case 'profile':
! $uid = COM_applyFilter ($HTTP_GET_VARS['uid'], true);
! if (is_numeric ($uid) && ($uid > 0)) {
$display .= COM_siteHeader('menu');
// Call custom registration and account record create function if
// enabled and exists
if ($_CONF['custom_registration'] AND (function_exists(custom_userform))
! AND SEC_hasRights('user.edit')) {
$display .= custom_userform ('moderate', $uid);
} else {
***************
*** 680,686 ****
}
break;
case 'create':
! $display .= createuser($HTTP_POST_VARS['username'],$HTTP_POST_VARS['email']);
break;
case 'getpassword':
$display .= COM_siteHeader ('menu');
--- 681,690 ----
}
break;
+
case 'create':
! $display .= createuser (COM_applyFilter ($HTTP_POST_VARS['username']),
! COM_applyFilter ($HTTP_POST_VARS['email']));
break;
+
case 'getpassword':
$display .= COM_siteHeader ('menu');
***************
*** 700,708 ****
$display .= COM_siteFooter ();
break;
case 'newpwd':
! $uid = $HTTP_GET_VARS['uid'];
! $reqid = $HTTP_GET_VARS['rid'];
! if (!empty ($uid) && is_numeric ($uid) && !empty ($reqid)) {
! $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'), array ($uid, $reqid));
if ($valid == 1) {
$display .= COM_siteHeader ('menu');
--- 704,715 ----
$display .= COM_siteFooter ();
break;
+
case 'newpwd':
! $uid = COM_applyFilter ($HTTP_GET_VARS['uid'], true);
! $reqid = COM_applyFilter ($HTTP_GET_VARS['rid']);
! if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) &&
! !empty ($reqid) && (strlen ($reqid) == 16)) {
! $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
! array ($uid, $reqid));
if ($valid == 1) {
$display .= COM_siteHeader ('menu');
***************
*** 720,723 ****
--- 727,731 ----
}
break;
+
case 'setnewpwd':
if (empty ($HTTP_POST_VARS['passwd'])) {
***************
*** 726,732 ****
. '&rid=' . $HTTP_POST_VARS['rid']);
} else {
! $uid = $HTTP_POST_VARS['uid'];
! $reqid = $HTTP_POST_VARS['rid'];
! if (!empty ($uid) && is_numeric ($uid) && !empty ($reqid)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
array ($uid, $reqid));
--- 734,741 ----
. '&rid=' . $HTTP_POST_VARS['rid']);
} else {
! $uid = COM_applyFilter ($HTTP_POST_VARS['uid'], true);
! $reqid = COM_applyFilter ($HTTP_POST_VARS['rid']);
! if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) &&
! !empty ($reqid) && (strlen ($reqid) == 16)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
array ($uid, $reqid));
***************
*** 751,754 ****
--- 760,764 ----
}
break;
+
case 'emailpasswd':
if ($_CONF['passwordspeedlimit'] == 0) {
***************
*** 765,781 ****
. COM_siteFooter ();
} else {
! $username = $HTTP_POST_VARS['username'];
! if (empty ($username) && !empty ($HTTP_POST_VARS['email'])) {
$username = DB_getItem ($_TABLES['users'], 'username',
! "email = '{$HTTP_POST_VARS['email']}'");
}
- $display .= requestpassword ($username, 55);
}
break;
case 'new':
$display .= COM_siteHeader('menu');
// Call custom registration and account record create function
// if enabled and exists
! if ($_CONF['custom_registration'] AND (function_exists(custom_userform))) {
$display .= custom_userform('new');
} else {
--- 775,798 ----
. COM_siteFooter ();
} else {
! $username = COM_applyFilter ($HTTP_POST_VARS['username']);
! $email = COM_applyFilter ($HTTP_POST_VARS['email']);
! if (empty ($username) && !empty ($email)) {
$username = DB_getItem ($_TABLES['users'], 'username',
! "email = '$email'");
! }
! if (!empty ($username)) {
! $display .= requestpassword ($username, 55);
! } else {
! $display = COM_refresh ($_CONF['site_url']
! . '/users.php?mode=getpassword');
}
}
break;
+
case 'new':
$display .= COM_siteHeader('menu');
// Call custom registration and account record create function
// if enabled and exists
! if ($_CONF['custom_registration'] AND (function_exists('custom_userform'))) {
$display .= custom_userform('new');
} else {
***************
*** 784,793 ****
$display .= COM_siteFooter();
break;
default:
if (isset ($HTTP_POST_VARS['loginname'])) {
! $loginname = $HTTP_POST_VARS['loginname'];
}
if (isset ($HTTP_POST_VARS['passwd'])) {
! $passwd = $HTTP_POST_VARS['passwd'];
}
if (!empty($loginname) && !empty($passwd)) {
--- 801,811 ----
$display .= COM_siteFooter();
break;
+
default:
if (isset ($HTTP_POST_VARS['loginname'])) {
! $loginname = COM_applyFilter ($HTTP_POST_VARS['loginname']);
}
if (isset ($HTTP_POST_VARS['passwd'])) {
! $passwd = COM_applyFilter ($HTTP_POST_VARS['passwd']);
}
if (!empty($loginname) && !empty($passwd)) {
***************
*** 877,881 ****
}
! if ($mode != "new" && empty($msg)) {
$msg = $LANG04[31];
}
--- 895,899 ----
}
! if ($mode != 'new' && empty($msg)) {
$msg = $LANG04[31];
}
More information about the geeklog-cvs
mailing list