diff --git a/GameEngine/Account.php b/GameEngine/Account.php index 5e9a001d..4ce9f4bf 100755 --- a/GameEngine/Account.php +++ b/GameEngine/Account.php @@ -179,7 +179,6 @@ class Account { private function Login() { global $database,$session,$form; $user = $_POST['user']; - $user = mysqli_real_escape_string($GLOBALS['link'], $user); if(!isset($_POST['user']) || $_POST['user'] == "") { $form->addError("user",$user); } @@ -192,32 +191,34 @@ class Account { else if(!$database->login($_POST['user'],$_POST['pw']) && !$database->sitterLogin($_POST['user'],$_POST['pw'])) { $form->addError("pw",LOGIN_PW_ERROR); } + if($database->getUserField($_POST['user'],"act",1) != "") { $form->addError("activate",$_POST['user']); } + // Vacation mode by Shadow if($database->getUserField($_POST['user'],"vac_mode",1) == 1 && $database->getUserField($_POST['user'],"vac_time",1) > time()) { - $form->addError("vacation","Vacation mode is still enabled"); + $form->addError("vacation","Vacation mode is still enabled"); } + // Vacation mode by Shadow if($form->returnErrors() > 0) { $_SESSION['errorarray'] = $form->getErrors(); $_SESSION['valuearray'] = $_POST; header("Location: login.php"); - } - else { - $userid = $database->getUserArray($_POST['user'], 0); - // Vacation mode by Shadow - $database->removevacationmode($userid['id']); - // Vacation mode by Shadow - if($database->login($_POST['user'],$_POST['pw'])){ - $database->UpdateOnline("login" ,$_POST['user'],time(),$userid['id']); - }else if($database->sitterLogin($_POST['user'],$_POST['pw'])){ - $database->UpdateOnline("sitter" ,$_POST['user'],time(),$userid['id']); - } - setcookie("COOKUSR",$_POST['user'],time()+COOKIE_EXPIRE,COOKIE_PATH); - $session->login($_POST['user']); + } else { + $userid = $database->getUserArray($_POST['user'], 0); + // Vacation mode by Shadow + $database->removevacationmode($userid['id']); + // Vacation mode by Shadow + if($database->login($_POST['user'],$_POST['pw'])){ + $database->UpdateOnline("login" ,$_POST['user'],time(),$userid['id']); + }else if($database->sitterLogin($_POST['user'],$_POST['pw'])){ + $database->UpdateOnline("sitter" ,$_POST['user'],time(),$userid['id']); + } + setcookie("COOKUSR",$_POST['user'],time()+COOKIE_EXPIRE,COOKIE_PATH); + $session->login($_POST['user']); } } diff --git a/GameEngine/Database.php b/GameEngine/Database.php index 2db0b94d..8f616859 100755 --- a/GameEngine/Database.php +++ b/GameEngine/Database.php @@ -29,6 +29,7 @@ class MYSQLi_DB { } function escape($value) { + $value = stripslashes($value); return mysqli_real_escape_string($this->dblink, $value); } @@ -38,7 +39,8 @@ class MYSQLi_DB { $ret = []; for ($i = 0; $i < $numargs; $i++) { - if (!is_object($arg_list[$i])) { + if (is_string($arg_list[$i])) { + $arg_list[$i] = stripslashes($arg_list[$i]); $res[] = mysqli_real_escape_string($this->dblink, $arg_list[$i]); } else { $res[] = $arg_list[$i]; @@ -268,7 +270,6 @@ class MYSQLi_DB { function login($username, $password) { list($username, $password) = $this->escape_input($username, $password); - $q = "SELECT password,sessid FROM " . TB_PREFIX . "users where username = '$username'"; $result = mysqli_query($this->dblink,$q); $dbarray = mysqli_fetch_array($result); diff --git a/GameEngine/Session.php b/GameEngine/Session.php index 1bc748c8..e398fcb0 100755 --- a/GameEngine/Session.php +++ b/GameEngine/Session.php @@ -84,7 +84,7 @@ class Session { global $database, $generator, $logging; $this->logged_in = true; $_SESSION['sessid'] = $generator->generateRandID(); - $_SESSION['username'] = $database->escape($user); + $_SESSION['username'] = $user; $_SESSION['checker'] = $generator->generateRandStr(3); $_SESSION['mchecker'] = $generator->generateRandStr(5); $_SESSION['qst'] = $database->getUserField($_SESSION['username'], "quest", 1);