diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php index ff8376e7..4189c0d7 100644 --- a/GameEngine/Profile.php +++ b/GameEngine/Profile.php @@ -95,8 +95,12 @@ class Profile { global $database,$session,$form; if($post['pw2'] == $post['pw3']) { if($database->login($session->username,$post['pw1'])) { + if ($_POST['uid'] != $session->uid){ + die("Hacking Attempr"); + } else { $database->updateUserField($post['uid'],"password",md5($post['pw2']),1); } + } else { $form->addError("pw",LOGIN_PW_ERROR); } @@ -161,4 +165,4 @@ class Profile { } }; $profile = new Profile; -?> \ No newline at end of file +?>