Revision 1115
Added by Matthias almost 15 years ago
| index.php | ||
|---|---|---|
| 40 | 40 |
// Check if the user has already submitted the form, otherwise show it |
| 41 | 41 |
if(isset($_POST['email']) AND $_POST['email'] != "") {
|
| 42 | 42 |
|
| 43 |
$email = $_POST['email'];
|
|
| 43 |
$email = htmlspecialchars($_POST['email'],ENT_QUOTES);
|
|
| 44 | 44 |
|
| 45 | 45 |
// Check if the email exists in the database |
| 46 | 46 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"; |
| ... | ... | |
| 105 | 105 |
} else {
|
| 106 | 106 |
// Email doesn't exist, so tell the user |
| 107 | 107 |
$message = $MESSAGE['FORGOT_PASS']['EMAIL_NOT_FOUND']; |
| 108 |
// and delete the wrong Email |
|
| 109 |
$email = ''; |
|
| 108 | 110 |
} |
| 109 | 111 |
|
| 110 | 112 |
} else {
|
Also available in: Unified diff
Fixed possible xss injection in login/forgot/index.php