fix: no double-escaping of SQL queries for login

This commit is contained in:
Martin Ambrus
2017-10-17 12:59:03 +02:00
parent 359f711438
commit 80c70f0f13
3 changed files with 20 additions and 18 deletions
+16 -15
View File
@@ -179,7 +179,6 @@ class Account {
private function Login() {
global $database,$session,$form;
$user = $_POST['user'];
$user = mysqli_real_escape_string($GLOBALS['link'], $user);
if(!isset($_POST['user']) || $_POST['user'] == "") {
$form->addError("user",$user);
}
@@ -192,32 +191,34 @@ class Account {
else if(!$database->login($_POST['user'],$_POST['pw']) && !$database->sitterLogin($_POST['user'],$_POST['pw'])) {
$form->addError("pw",LOGIN_PW_ERROR);
}
if($database->getUserField($_POST['user'],"act",1) != "") {
$form->addError("activate",$_POST['user']);
}
// Vacation mode by Shadow
if($database->getUserField($_POST['user'],"vac_mode",1) == 1 && $database->getUserField($_POST['user'],"vac_time",1) > time()) {
$form->addError("vacation","Vacation mode is still enabled");
$form->addError("vacation","Vacation mode is still enabled");
}
// Vacation mode by Shadow
if($form->returnErrors() > 0) {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: login.php");
}
else {
$userid = $database->getUserArray($_POST['user'], 0);
// Vacation mode by Shadow
$database->removevacationmode($userid['id']);
// Vacation mode by Shadow
if($database->login($_POST['user'],$_POST['pw'])){
$database->UpdateOnline("login" ,$_POST['user'],time(),$userid['id']);
}else if($database->sitterLogin($_POST['user'],$_POST['pw'])){
$database->UpdateOnline("sitter" ,$_POST['user'],time(),$userid['id']);
}
setcookie("COOKUSR",$_POST['user'],time()+COOKIE_EXPIRE,COOKIE_PATH);
$session->login($_POST['user']);
} else {
$userid = $database->getUserArray($_POST['user'], 0);
// Vacation mode by Shadow
$database->removevacationmode($userid['id']);
// Vacation mode by Shadow
if($database->login($_POST['user'],$_POST['pw'])){
$database->UpdateOnline("login" ,$_POST['user'],time(),$userid['id']);
}else if($database->sitterLogin($_POST['user'],$_POST['pw'])){
$database->UpdateOnline("sitter" ,$_POST['user'],time(),$userid['id']);
}
setcookie("COOKUSR",$_POST['user'],time()+COOKIE_EXPIRE,COOKIE_PATH);
$session->login($_POST['user']);
}
}