Revision 423
Added by ryan almost 18 years ago
| class.login.php | ||
|---|---|---|
| 103 | 103 |
// User has been "remembered" |
| 104 | 104 |
// Get the users password |
| 105 | 105 |
$database = new database(); |
| 106 |
$query_details = $database->query("SELECT * FROM ".$this->USERS_TABLE." WHERE user_id = '".substr($_COOKIE['REMEMBER_KEY'], 0, 11)."' LIMIT 1");
|
|
| 106 |
$query_details = $database->query("SELECT * FROM ".$this->USERS_TABLE." WHERE user_id = '".$this->get_safe_remember_key()."' LIMIT 1");
|
|
| 107 | 107 |
$fetch_details = $query_details->fetchRow(); |
| 108 | 108 |
$this->username = $fetch_details['username']; |
| 109 | 109 |
$this->password = $fetch_details['password']; |
| ... | ... | |
| 287 | 287 |
if(isset($_COOKIE['REMEMBER_KEY']) AND $_COOKIE['REMEMBER_KEY'] != '') {
|
| 288 | 288 |
// Check if the remember key is correct |
| 289 | 289 |
$database = new database(); |
| 290 |
$check_query = $database->query("SELECT user_id FROM ".$this->USERS_TABLE." WHERE remember_key = '".$_COOKIE['REMEMBER_KEY']."' LIMIT 1");
|
|
| 290 |
$check_query = $database->query("SELECT user_id FROM ".$this->USERS_TABLE." WHERE remember_key = '".$this->get_safe_remember_key()."' LIMIT 1");
|
|
| 291 | 291 |
if($check_query->numRows() > 0) {
|
| 292 | 292 |
$check_fetch = $check_query->fetchRow(); |
| 293 | 293 |
$user_id = $check_fetch['user_id']; |
| ... | ... | |
| 370 | 370 |
$template->pparse('output', 'page');
|
| 371 | 371 |
} |
| 372 | 372 |
} |
| 373 |
|
|
| 374 |
// convert "REMEMBER_KEY" to a number and then repad |
|
| 375 |
// any non numeric character will cause intval to return null thus returning 11 0's |
|
| 376 |
function get_safe_remember_key() {
|
|
| 377 |
return str_pad(intval(substr($_COOKIE['REMEMBER_KEY'],0,11)),11,"0",STR_PAD_LEFT); // SQL Injection prevention |
|
| 378 |
} |
|
| 373 | 379 |
|
| 374 | 380 |
// Warn user that they have had to many login attemps |
| 375 | 381 |
function warn() {
|
Also available in: Unified diff
Copied bug fix from trunk into 2.6.x branch