« on: September 17, 2007, 02:54:58 PM »
Apply this NOW !!
Find:
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) {
global $site_db, $user_table_fields;
if (empty($user_name) || empty($user_password)) {
return false;
}
$sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_password")."
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_name")." = '$user_name' AND ".get_user_table_field("", "user_level")." <> ".USER_AWAITING;
$row = $site_db->query_firstrow($sql);
$user_id = (isset($row[$user_table_fields['user_id']])) ? $row[$user_table_fields['user_id']] : GUEST;
$user_password = md5($user_password);
if ($user_id != GUEST) {
if ($row[$user_table_fields['user_password']] == $user_password) {
$sql = "UPDATE ".SESSIONS_TABLE."
SET session_user_id = $user_id
WHERE session_id = '".addslashes($this->session_id)."'";
$site_db->query($sql);
if ($set_auto_login) {
$this->set_cookie_data("userpass", ($auto_login) ? $user_password : "");
}
$this->start_session($user_id, 1);
return true;
}
}
return false;
}
replace:
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) {
global $site_db, $user_table_fields;
if (empty($user_name) || empty($user_password)) {
return false;
}
if (!empty($user_name)) {
$user_name = preg_replace("/[^a-z0-9_-]+/i", "", $user_name);
$user_name = format_text(trim($user_name), 2);
}
if (!empty($user_password)) {
$user_password = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_password);
$user_password = format_text(trim($user_password), 2);
}
$sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_password")."
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_name")." = '$user_name' AND ".get_user_table_field("", "user_level")." <> ".USER_AWAITING;
$row = $site_db->query_firstrow($sql);
$user_id = (isset($row[$user_table_fields['user_id']])) ? $row[$user_table_fields['user_id']] : GUEST;
$user_password = md5($user_password);
if ($user_id != GUEST) {
if ($row[$user_table_fields['user_password']] == $user_password) {
$sql = "UPDATE ".SESSIONS_TABLE."
SET session_user_id = $user_id
WHERE session_id = '".addslashes($this->session_id)."'";
$site_db->query($sql);
if ($set_auto_login) {
$this->set_cookie_data("userpass", ($auto_login) ? $user_password : "");
}
$this->start_session($user_id, 1);
return true;
}
}
return false;
}
« Last Edit: September 20, 2007, 11:28:39 PM by thunderstrike »
Logged
8 steps need when ask question -
- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?