From af3b816f928724afe463389c20baa7631eab293f Mon Sep 17 00:00:00 2001 From: NIKO28it Date: Sat, 23 Feb 2013 14:31:04 +0100 Subject: [PATCH] FIX HACK --- GameEngine/Profile.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php index ff8376e7..4189c0d7 100644 --- a/GameEngine/Profile.php +++ b/GameEngine/Profile.php @@ -95,8 +95,12 @@ class Profile { global $database,$session,$form; if($post['pw2'] == $post['pw3']) { if($database->login($session->username,$post['pw1'])) { + if ($_POST['uid'] != $session->uid){ + die("Hacking Attempr"); + } else { $database->updateUserField($post['uid'],"password",md5($post['pw2']),1); } + } else { $form->addError("pw",LOGIN_PW_ERROR); } @@ -161,4 +165,4 @@ class Profile { } }; $profile = new Profile; -?> \ No newline at end of file +?>