Skip to content

Commit

Permalink
Update account.login.php
Browse files Browse the repository at this point in the history 
MySQLi real escape string is a better method because it will catch all potential dangerous characters such as the single and double quote.
  • Loading branch information
Josh authored Dec 13, 2017
1 parent 80b536b commit b149053
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions inc/account/account.login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@
if(isset($_GET['exec']) && $_GET['exec'] == "login")
{

$login = str_replace("'", "", $_POST['login']);
$login = $RDB->real_escape_string($_POST['login']);
$pass = $Account->sha_password($login, $_POST['pass']);
$account_id = $RDB->selectCell("SELECT `id` FROM `account` WHERE `username` = '".$_POST['login']."' LIMIT 1");
$account_id = $RDB->selectCell("SELECT `id` FROM `account` WHERE `username` = '$login' LIMIT 1");

// initiate the login array, and send it in
$params = array('username' => $login, 'sha_pass_hash' => $pass);
Expand Down

0 comments on commit b149053

Please sign in to comment.