Merge pull request #188 from NIKO28it/patch-1

FIX HACK
This commit is contained in:
yi12345
2013-02-23 07:51:41 -08:00
+5 -1
View File
@@ -95,8 +95,12 @@ class Profile {
global $database,$session,$form;
if($post['pw2'] == $post['pw3']) {
if($database->login($session->username,$post['pw1'])) {
if ($_POST['uid'] != $session->uid){
die("Hacking Attempr");
} else {
$database->updateUserField($post['uid'],"password",md5($post['pw2']),1);
}
}
else {
$form->addError("pw",LOGIN_PW_ERROR);
}
@@ -161,4 +165,4 @@ class Profile {
}
};
$profile = new Profile;
?>
?>