From e2d305044e98448e65f3543cd57d35492dedfd24 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Thu, 5 May 2005 02:42:36 +0000 Subject: [PATCH] r81: - Removed sanitize() call [register.php] - Added checking of email validity [register.php] - Converted all fetch_random_chars() calls to funct::rand() [register.php] - Converted all mymail() calls to mail::send() [register.php] - Changed all mysetcookie() calls to funct::cookie() [login.php] --- login.php | 12 ++++++------ register.php | 20 ++++++++++++++------ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/login.php b/login.php index 34b9d19..8c112b1 100755 --- a/login.php +++ b/login.php @@ -53,20 +53,20 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') $userinfo = $db->query_first("SELECT * FROM user WHERE email = '" . $bugsys->in['email'] . "'"); if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password']) { - mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $rememberme); - mysetcookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $rememberme); + $funct->cookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $rememberme); + $funct->cookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $rememberme); } else { - mysetcookie(COOKIE_PREFIX . 'userid'); - mysetcookie(COOKIE_PREFIX . 'authkey'); + $funct->cookie(COOKIE_PREFIX . 'userid'); + $funct->cookie(COOKIE_PREFIX . 'authkey'); echo 'Invalid email or password.'; exit; } if ($_POST['do'] == 'cplogin') { - mysetcookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])), false); + $funct->cookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])), false); } echo 'You are now logged in :-)'; @@ -80,7 +80,7 @@ if ($_REQUEST['do'] == 'logout') { if ($bugsys->userinfo['userid']) { - mysetcookie(COOKIE_PREFIX . 'userid'); + $funct->cookie(COOKIE_PREFIX . 'userid'); mysetcookie(COOKIE_PREFIX . 'authkey'); } else diff --git a/register.php b/register.php index 863cdc2..f11a2b5 100755 --- a/register.php +++ b/register.php @@ -47,8 +47,6 @@ if (empty($_REQUEST['do'])) if ($_POST['do'] == 'insert') { - sanitize(array('email' => STR_NOHTML, 'confirmemail' => STR_NOHTML, 'displayname' => STR_NOHTML, 'password' => STR, 'confirmpassword' => STR, 'showemail' => INT, 'languageid' => INT)); - if ($bugsys->in['email'] != $bugsys->in['confirmemail']) { $errors[] = 'The emails you entered do not match.'; @@ -69,6 +67,11 @@ if ($_POST['do'] == 'insert') $errors[] = 'The password you specified was blank.'; } + if (!$funct->is_valid_email($bugsys->in['email'])) + { + $errors[] = 'The specified email is invalid.'; + } + if (is_array($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "'"))) { $errors[] = 'The specified email is already in use.'; @@ -80,7 +83,7 @@ if ($_POST['do'] == 'insert') exit; } - $salt = fetch_random_chars(15); + $salt = $funct->rand(15); if ($bugsys->options['verifyemail']) { @@ -118,11 +121,14 @@ if ($_POST['do'] == 'insert') // Verify email address if ($usergroupid == 3) { - $activationid = fetch_random_chars(25); + $activationid = $funct->rand(25); $db->query("INSERT INTO " . TABLE_PREFIX . "useractivation (userid, activator, dateline, usergroupid) VALUES ($userid, '$activationid', " . NOW . ", 2)"); - mymail($bugsys->in['email'], 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . $bugsys->in['displayname'] . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid); + $mail->to = $bugsys->in['email']; + $mail->subject = 'Welcome to ' . $bugsys->options['trackertitle']; + $mail->body = "Hi " . $bugsys->in['displayname'] . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid; + $mail->send(); echo 'You now need to activate your account via email.'; } @@ -130,7 +136,9 @@ if ($_POST['do'] == 'insert') { if ($bugsys->options['sendwelcomemail']) { - mymail($bugsys->in['email'], 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . $bugsys->in['displayname'] . " and welcome to the " . $bugsys->options['trackertitle'] . " bug tracker! Thanks for registering."); + $mail->to = $bugsys->in['email']; + $mail->subject = 'Welcome to ' . $bugsys->options['trackertitle']; + $mail->body = "Hi " . $bugsys->in['displayname'] . " and welcome to the " . $bugsys->options['trackertitle'] . " bug tracker! Thanks for registering."; } if ($usergroupid == 4) -- 2.43.5