From 3684f1fd79a8032b1fbe83a22c41d3c7e3febca3 Mon Sep 17 00:00:00 2001
From: Gurjot Singh <gsmanu007@gmail.com>
Date: Tue, 3 May 2016 00:13:20 +0530
Subject: [PATCH 1/2] Added files via upload

---
 login.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/login.php b/login.php
index a197154..ea37028 100644
--- a/login.php
+++ b/login.php
@@ -12,8 +12,9 @@
 	else if(isset($_POST['action'])) {
 		$username = mysql_real_escape_string($_POST['username']);
 		if($_POST['action']=='login') {
-			if(trim($username) == "" or trim($_POST['password']) == "")
+			if(trim($username) == "" or trim($_POST['password']) == ""){
 				header("Location: login.php?derror=1"); // empty entry
+      }
 			else {
 				// code to login the user and start a session
 				connectdb();
@@ -29,9 +30,12 @@
 			}
 		} else if($_POST['action']=='register') {
 			// register the user
-			$email = mysql_real_escape_string($_POST['email']);
-			if(trim($username) == "" or trim($_POST['password']) == "" or trim($email) == "")
-				header("Location: login.php?derror=1"); // empty entry
+			//$email = mysql_real_escape_string($_POST['email']);
+      $username = array_key_exists('username', $_POST) ? trim($_POST['username']) : null;
+      $email = array_key_exists('email', $_POST) ? trim($_POST['email']) : null;
+			if(trim($username) == "" and trim($_POST['password']) == "" and trim($email) == ""){
+				header("Location: login.php?derror=1"); // empty entry\
+      }
 			else {
 				// create the entry in the users table
 				connectdb();
@@ -42,7 +46,7 @@
 				else {
 					$salt = randomAlphaNum(5);
 					$hash = crypt($_POST['password'], $salt);
-					$sql="INSERT INTO `users` ( `username` , `salt` , `hash` , `email` ) VALUES ('".$username."', '$salt', '$hash', '".$email."')";
+					$sql="INSERT INTO `users` ( `username` , `salt` , `hash` , `email`, `status` ) VALUES ('".$username."', '$salt', '$hash', '".$email."', '1')";
 					mysql_query($sql);
 					header("Location: login.php?registered=1");
 				}

From 036d5dc60352981bfaa6fd647cbbc9f8e605e3af Mon Sep 17 00:00:00 2001
From: Gurjot Singh <gsmanu007@gmail.com>
Date: Tue, 3 May 2016 00:19:02 +0530
Subject: [PATCH 2/2] Added files via upload

Login and registering new users issues improved
---
 login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/login.php b/login.php
index ea37028..e78f7c9 100644
--- a/login.php
+++ b/login.php
@@ -10,7 +10,7 @@
 	if(loggedin())
 		header("Location: index.php");
 	else if(isset($_POST['action'])) {
-		$username = mysql_real_escape_string($_POST['username']);
+		$username = array_key_exists('username', $_POST) ? trim($_POST['username']) : null;
 		if($_POST['action']=='login') {
 			if(trim($username) == "" or trim($_POST['password']) == ""){
 				header("Location: login.php?derror=1"); // empty entry