Revision 350
Added by stefan over 18 years ago
trunk/wb/account/signup2.php | ||
---|---|---|
37 | 37 |
// Get details entered |
38 | 38 |
$group_id = FRONTEND_SIGNUP; |
39 | 39 |
$active = 1; |
40 |
$username = strtolower($wb->get_post('username'));
|
|
41 |
$display_name = $wb->get_post('display_name');
|
|
40 |
$username = strtolower($wb->add_slashes(strip_tags($wb->get_post('username'))));
|
|
41 |
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
|
|
42 | 42 |
$email = $wb->get_post('email'); |
43 | 43 |
|
44 | 44 |
// Create a javascript back link |
... | ... | |
58 | 58 |
} else { |
59 | 59 |
$wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false); |
60 | 60 |
} |
61 |
|
|
62 |
$email = $wb->add_slashes($email); |
|
63 |
|
|
61 | 64 |
// Captcha |
62 | 65 |
if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg') AND CAPTCHA_VERIFICATION) { /* Make's sure GD library is installed */ |
63 | 66 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){ |
... | ... | |
91 | 94 |
} |
92 | 95 |
|
93 | 96 |
// Check if the email already exists |
94 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($_POST['email'])."'");
|
|
97 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '$email'");
|
|
95 | 98 |
if($results->numRows() > 0) { |
96 | 99 |
if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) { |
97 | 100 |
$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false); |
Also available in: Unified diff
Fixes security issue #237.