[geeklog-cvs] geeklog-1.3/public_html users.php,1.67,1.67.2.1
dhaun at geeklog.net
dhaun at geeklog.net
Tue Oct 14 14:37:04 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv29464
Modified Files:
Tag: geeklog_1_3_8_1_1
users.php
Log Message:
Added a few sanity checks ...
Index: users.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/users.php,v
retrieving revision 1.67
retrieving revision 1.67.2.1
diff -C2 -d -r1.67 -r1.67.2.1
*** users.php 25 Jul 2003 08:11:28 -0000 1.67
--- users.php 14 Oct 2003 18:37:01 -0000 1.67.2.1
***************
*** 693,697 ****
case 'profile':
$uid = strip_tags ($HTTP_GET_VARS['uid']);
! if (is_numeric ($uid)) {
$display .= COM_siteHeader('menu');
// Call custom registration and account record create function if
--- 693,697 ----
case 'profile':
$uid = strip_tags ($HTTP_GET_VARS['uid']);
! if (is_numeric ($uid) && ($uid > 0)) {
$display .= COM_siteHeader('menu');
// Call custom registration and account record create function if
***************
*** 731,736 ****
$uid = $HTTP_GET_VARS['uid'];
$reqid = $HTTP_GET_VARS['rid'];
! if (!empty ($uid) && is_numeric ($uid) && !empty ($reqid)) {
! $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'), array ($uid, $reqid));
if ($valid == 1) {
$display .= COM_siteHeader ('menu');
--- 731,738 ----
$uid = $HTTP_GET_VARS['uid'];
$reqid = $HTTP_GET_VARS['rid'];
! if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) && !empty ($reqid) &&
! (strlen ($reqid) == 16)) {
! $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
! array (addslashes ($uid), addslashes ($reqid)));
if ($valid == 1) {
$display .= COM_siteHeader ('menu');
***************
*** 756,762 ****
$uid = $HTTP_POST_VARS['uid'];
$reqid = $HTTP_POST_VARS['rid'];
! if (!empty ($uid) && is_numeric ($uid) && !empty ($reqid)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
! array ($uid, $reqid));
if ($valid == 1) {
$passwd = md5 ($HTTP_POST_VARS['passwd']);
--- 758,765 ----
$uid = $HTTP_POST_VARS['uid'];
$reqid = $HTTP_POST_VARS['rid'];
! if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) &&
! !empty ($reqid) && (strlen ($reqid) == 16)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
! array (addslashes ($uid), addslashes ($reqid)));
if ($valid == 1) {
$passwd = md5 ($HTTP_POST_VARS['passwd']);
***************
*** 798,802 ****
"email = '{$HTTP_POST_VARS['email']}'");
}
! $display .= requestpassword ($username, 55);
}
break;
--- 801,810 ----
"email = '{$HTTP_POST_VARS['email']}'");
}
! if (!empty ($username)) {
! $display .= requestpassword ($username, 55);
! } else {
! $display = COM_refresh ($_CONF['site_url']
! . '/users.php?mode=getpassword');
! }
}
break;
More information about the geeklog-cvs
mailing list