diff options
| -rw-r--r-- | web/html/index.php | 5 | ||||
| -rw-r--r-- | web/lib/acctfuncs.inc | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/web/html/index.php b/web/html/index.php index 5814fec..033a69e 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -19,7 +19,10 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { if (!$login_error) { # Try and authenticate the user # - $dbh = db_connect(); + + #md5 hash it + $_REQUEST["pass"] = md5($_REQUEST["pass"]); + $dbh = db_connect(); $q = "SELECT ID, Suspended FROM Users "; $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' "; $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index d27b96f..e56ceeb 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -245,6 +245,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", if ($TYPE == "new") { # no errors, go ahead and create the unprivileged user # + + #md5hash the password + $P = md5($P); $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, "; $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) "; $q.= "VALUES (1, 0, '".mysql_escape_string($U)."'"; @@ -275,6 +278,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { # no errors, go ahead and modify the user account # + + #md5 hash the password + $P = md5($P); $q = "UPDATE Users SET "; $q.= "Username = '".mysql_escape_string($U)."'"; if ($T) { |