From f7ac39918c2d53490112774dbffeaf8655d62fe8 Mon Sep 17 00:00:00 2001
From: ConradBunton <wownemesisserver@gmail.com>
Date: Wed, 13 Dec 2017 11:08:35 +0100
Subject: [PATCH 1/2] Update account.register.php

Fix SQL hack vulnerability
---
 inc/account/account.register.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/inc/account/account.register.php b/inc/account/account.register.php
index 6a8935f..07b2956 100644
--- a/inc/account/account.register.php
+++ b/inc/account/account.register.php
@@ -129,14 +129,15 @@ function Register()
 	}
 	
 	// Ext 3 - make sure the username isnt already in use
-	if($Account->isAvailableUsername($_POST['r_login']) == FALSE)
+	$zrlogin  = str_replace("'", "", $_POST['r_login']);
+	if($Account->isAvailableUsername($zrlogin) == FALSE)
 	{
 		$notreturn = TRUE;
 		$err_array[] = $lang['username_taken'];
 	}
 
 	// Ext 4 - make sure password is not username
-	if($_POST['r_login'] == $_POST['r_pass']) 
+	if($zrlogin == $_POST['r_pass']) 
 	{
 		$notreturn = TRUE;
 		$err_array[] = $lang['user_pass_same'];
@@ -152,9 +153,9 @@ function Register()
 		// @$Enter is the main input arrays into the SDL
 		$Enter = $Account->register(
 			array(
-				'username' => strtoupper($_POST['r_login']),
-				'sha_pass_hash' => $Account->sha_password($_POST['r_login'],$_POST['r_pass']),
-				'sha_pass_hash2' => $Account->sha_password($_POST['r_login'],$_POST['r_cpass']),
+				'username' => strtoupper($zrlogin),
+				'sha_pass_hash' => $Account->sha_password($zrlogin,$_POST['r_pass']),
+				'sha_pass_hash2' => $Account->sha_password($zrlogin,$_POST['r_cpass']),
 				'email' => $_POST['r_email'],
 				'expansion' => $_POST['r_account_type'],
 				'password' => $_POST['r_pass']

From 9b61f809fddd97f8484e0caf994207a55e5a5bd3 Mon Sep 17 00:00:00 2001
From: Josh <paintballrefjosh@gmail.com>
Date: Wed, 13 Dec 2017 11:01:37 -0600
Subject: [PATCH 2/2] Update account.register.php

Another good catch.  I made the same change here to use MySQLi real escape string instead.
---
 inc/account/account.register.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/account/account.register.php b/inc/account/account.register.php
index 07b2956..b8df32b 100644
--- a/inc/account/account.register.php
+++ b/inc/account/account.register.php
@@ -129,7 +129,7 @@ function Register()
 	}
 	
 	// Ext 3 - make sure the username isnt already in use
-	$zrlogin  = str_replace("'", "", $_POST['r_login']);
+	$zrlogin  = $DB->real_escape_string($_POST['r_login']);
 	if($Account->isAvailableUsername($zrlogin) == FALSE)
 	{
 		$notreturn = TRUE;