From 80b536be58266a1db3a582bb115b6d775999368a Mon Sep 17 00:00:00 2001
From: ConradBunton <wownemesisserver@gmail.com>
Date: Wed, 13 Dec 2017 11:04:56 +0100
Subject: [PATCH 1/2] Update account.login.php

Fix SQL hack vulnerability
---
 inc/account/account.login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/account/account.login.php b/inc/account/account.login.php
index 9cb0ccc..6a9672c 100644
--- a/inc/account/account.login.php
+++ b/inc/account/account.login.php
@@ -21,7 +21,7 @@
 if(isset($_GET['exec']) && $_GET['exec'] == "login")
 {
 
-	$login = $_POST['login'];
+	$login = str_replace("'", "", $_POST['login']);
 	$pass = $Account->sha_password($login, $_POST['pass']);
 	$account_id = $RDB->selectCell("SELECT `id` FROM `account` WHERE `username` = '".$_POST['login']."' LIMIT 1");
 	

From b149053ac60fd4f70fca92885fb56ccb34d0dfdb Mon Sep 17 00:00:00 2001
From: Josh <paintballrefjosh@gmail.com>
Date: Wed, 13 Dec 2017 10:58:34 -0600
Subject: [PATCH 2/2] Update account.login.php

MySQLi real escape string is a better method because it will catch all potential dangerous characters such as the single and double quote.
---
 inc/account/account.login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/account/account.login.php b/inc/account/account.login.php
index 6a9672c..d4eb983 100644
--- a/inc/account/account.login.php
+++ b/inc/account/account.login.php
@@ -21,9 +21,9 @@
 if(isset($_GET['exec']) && $_GET['exec'] == "login")
 {
 
-	$login = str_replace("'", "", $_POST['login']);
+	$login = $RDB->real_escape_string($_POST['login']);
 	$pass = $Account->sha_password($login, $_POST['pass']);
-	$account_id = $RDB->selectCell("SELECT `id` FROM `account` WHERE `username` = '".$_POST['login']."' LIMIT 1");
+	$account_id = $RDB->selectCell("SELECT `id` FROM `account` WHERE `username` = '$login' LIMIT 1");
 	
 	// initiate the login array, and send it in
 	$params = array('username' => $login, 'sha_pass_hash' => $pass);