Author Topic: [FIX] - includes/sessions.php  (Read 3808 times)

0 Members and 1 Guest are viewing this topic.

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
[FIX] - includes/sessions.php
« on: September 17, 2007, 02:54:58 PM »
Apply this NOW !!

Find:

Quote
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) {
    global $site_db, $user_table_fields;

    if (empty($user_name) || empty($user_password)) {       
      return false;
    }
    $sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_password")."
            FROM ".USERS_TABLE."
            WHERE ".get_user_table_field("", "user_name")." = '$user_name' AND ".get_user_table_field("", "user_level")." <> ".USER_AWAITING;
    $row = $site_db->query_firstrow($sql);

    $user_id = (isset($row[$user_table_fields['user_id']])) ? $row[$user_table_fields['user_id']] : GUEST;   
    $user_password = md5($user_password);
    if ($user_id != GUEST) {                       
      if ($row[$user_table_fields['user_password']] == $user_password) {
        $sql = "UPDATE ".SESSIONS_TABLE."
                SET session_user_id = $user_id
                WHERE session_id = '".addslashes($this->session_id)."'";
        $site_db->query($sql);
        if ($set_auto_login) {
          $this->set_cookie_data("userpass", ($auto_login) ? $user_password : "");
        }
        $this->start_session($user_id, 1);
        return true;
      }
    }
    return false;
  }

replace:

Code: [Select]
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) {
    global $site_db, $user_table_fields;

    if (empty($user_name) || empty($user_password)) {       
      return false;
    }   
    if (!empty($user_name)) {
        $user_name = preg_replace("/[^a-z0-9_-]+/i", "", $user_name);
        $user_name = format_text(trim($user_name), 2);
    }
    if (!empty($user_password)) {
        $user_password = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_password);
        $user_password = format_text(trim($user_password), 2);
    }
    $sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_password")."
            FROM ".USERS_TABLE."
            WHERE ".get_user_table_field("", "user_name")." = '$user_name' AND ".get_user_table_field("", "user_level")." <> ".USER_AWAITING;
    $row = $site_db->query_firstrow($sql);

    $user_id = (isset($row[$user_table_fields['user_id']])) ? $row[$user_table_fields['user_id']] : GUEST;   
    $user_password = md5($user_password);
    if ($user_id != GUEST) {
      if ($row[$user_table_fields['user_password']] == $user_password) {
        $sql = "UPDATE ".SESSIONS_TABLE."
                SET session_user_id = $user_id
                WHERE session_id = '".addslashes($this->session_id)."'";
        $site_db->query($sql);
        if ($set_auto_login) {
          $this->set_cookie_data("userpass", ($auto_login) ? $user_password : "");
        }
        $this->start_session($user_id, 1);
        return true;
      }
    }
    return false;
  }
« Last Edit: September 20, 2007, 11:28:39 PM by thunderstrike »
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?