Revision 350
Added by stefan over 19 years ago
| trunk/wb/account/signup2.php | ||
|---|---|---|
| 37 | 37 |
// Get details entered |
| 38 | 38 |
$group_id = FRONTEND_SIGNUP; |
| 39 | 39 |
$active = 1; |
| 40 |
$username = strtolower($wb->get_post('username'));
|
|
| 41 |
$display_name = $wb->get_post('display_name');
|
|
| 40 |
$username = strtolower($wb->add_slashes(strip_tags($wb->get_post('username'))));
|
|
| 41 |
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
|
|
| 42 | 42 |
$email = $wb->get_post('email');
|
| 43 | 43 |
|
| 44 | 44 |
// Create a javascript back link |
| ... | ... | |
| 58 | 58 |
} else {
|
| 59 | 59 |
$wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false); |
| 60 | 60 |
} |
| 61 |
|
|
| 62 |
$email = $wb->add_slashes($email); |
|
| 63 |
|
|
| 61 | 64 |
// Captcha |
| 62 | 65 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg') AND CAPTCHA_VERIFICATION) { /* Make's sure GD library is installed */
|
| 63 | 66 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
|
| ... | ... | |
| 91 | 94 |
} |
| 92 | 95 |
|
| 93 | 96 |
// Check if the email already exists |
| 94 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'");
|
|
| 97 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '$email'");
|
|
| 95 | 98 |
if($results->numRows() > 0) {
|
| 96 | 99 |
if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {
|
| 97 | 100 |
$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false); |
Also available in: Unified diff
Fixes security issue #237.