r81: - Removed sanitize() call [register.php]

- Added checking of email validity [register.php]
- Converted all fetch_random_chars() calls to funct::rand() [register.php]
- Converted all mymail() calls to mail::send() [register.php]
- Changed all mysetcookie() calls to funct::cookie() [login.php]

diff --git a/login.php b/login.php
index 34b9d197636e899f8c2a7ba0afcaf3a981d3383e..8c112b10749b2b5bde2dd812f7aa7dc169fd58c0 100755 (executable)
--- a/login.php
+++ b/login.php
@@ -53,20 +53,20 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
        $userinfo = $db->query_first("SELECT * FROM user WHERE email = '" . $bugsys->in['email'] . "'");
        if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password'])
        {
-               mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $rememberme);
-               mysetcookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $rememberme);
+               $funct->cookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $rememberme);
+               $funct->cookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $rememberme);
        }
        else
        {
-               mysetcookie(COOKIE_PREFIX . 'userid');
-               mysetcookie(COOKIE_PREFIX . 'authkey');
+               $funct->cookie(COOKIE_PREFIX . 'userid');
+               $funct->cookie(COOKIE_PREFIX . 'authkey');
                echo 'Invalid email or password.';
                exit;
        }
        
        if ($_POST['do'] == 'cplogin')
        {
-               mysetcookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])), false);
+               $funct->cookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])), false);
        }
        
        echo 'You are now logged in :-)';
@@ -80,7 +80,7 @@ if ($_REQUEST['do'] == 'logout')
 {
        if ($bugsys->userinfo['userid'])
        {
-               mysetcookie(COOKIE_PREFIX . 'userid');
+               $funct->cookie(COOKIE_PREFIX . 'userid');
                mysetcookie(COOKIE_PREFIX . 'authkey');
        }
        else

diff --git a/register.php b/register.php
index 863cdc2f5b2976001394324309f670d5d55c9371..f11a2b51f70454bbdda7ab33d45229ee9509b510 100755 (executable)
--- a/register.php
+++ b/register.php
@@ -47,8 +47,6 @@ if (empty($_REQUEST['do']))
 
 if ($_POST['do'] == 'insert')
 {
-       sanitize(array('email' => STR_NOHTML, 'confirmemail' => STR_NOHTML, 'displayname' => STR_NOHTML, 'password' => STR, 'confirmpassword' => STR, 'showemail' => INT, 'languageid' => INT));
-       
        if ($bugsys->in['email'] != $bugsys->in['confirmemail'])
        {
                $errors[] = 'The emails you entered do not match.';
@@ -69,6 +67,11 @@ if ($_POST['do'] == 'insert')
                $errors[] = 'The password you specified was blank.';
        }
        
+       if (!$funct->is_valid_email($bugsys->in['email']))
+       {
+               $errors[] = 'The specified email is invalid.';
+       }
+       
        if (is_array($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "'")))
        {
                $errors[] = 'The specified email is already in use.';
@@ -80,7 +83,7 @@ if ($_POST['do'] == 'insert')
                exit;
        }
        
-       $salt = fetch_random_chars(15);
+       $salt = $funct->rand(15);
        
        if ($bugsys->options['verifyemail'])
        {
@@ -118,11 +121,14 @@ if ($_POST['do'] == 'insert')
        // Verify email address
        if ($usergroupid == 3)
        {
-               $activationid = fetch_random_chars(25);
+               $activationid = $funct->rand(25);
                
                $db->query("INSERT INTO " . TABLE_PREFIX . "useractivation (userid, activator, dateline, usergroupid) VALUES ($userid, '$activationid', " . NOW . ", 2)");
                
-               mymail($bugsys->in['email'], 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . $bugsys->in['displayname'] . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid);
+               $mail->to = $bugsys->in['email'];
+               $mail->subject =  'Welcome to ' . $bugsys->options['trackertitle'];
+               $mail->body = "Hi " . $bugsys->in['displayname'] . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid;
+               $mail->send();
        
                echo 'You now need to activate your account via email.';
        }
@@ -130,7 +136,9 @@ if ($_POST['do'] == 'insert')
        {
                if ($bugsys->options['sendwelcomemail'])
                {
-                       mymail($bugsys->in['email'], 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . $bugsys->in['displayname'] . " and welcome to the " . $bugsys->options['trackertitle'] . " bug tracker! Thanks for registering.");
+                       $mail->to = $bugsys->in['email'];
+                       $mail->subject = 'Welcome to ' . $bugsys->options['trackertitle'];
+                       $mail->body = "Hi " . $bugsys->in['displayname'] . " and welcome to the " . $bugsys->options['trackertitle'] . " bug tracker! Thanks for registering.";
                }
                
                if ($usergroupid == 4)