From e2d305044e98448e65f3543cd57d35492dedfd24 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Thu, 5 May 2005 02:42:36 +0000
Subject: [PATCH] r81: - Removed sanitize() call [register.php] - Added
 checking of email validity [register.php] - Converted all
 fetch_random_chars() calls to funct::rand() [register.php] - Converted all
 mymail() calls to mail::send() [register.php] - Changed all mysetcookie()
 calls to funct::cookie() [login.php]

---
 login.php    | 12 ++++++------
 register.php | 20 ++++++++++++++------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/login.php b/login.php
index 34b9d19..8c112b1 100755
--- a/login.php
+++ b/login.php
@@ -53,20 +53,20 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
 	$userinfo = $db->query_first("SELECT * FROM user WHERE email = '" . $bugsys->in['email'] . "'");
 	if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password'])
 	{
-		mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $rememberme);
-		mysetcookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $rememberme);
+		$funct->cookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $rememberme);
+		$funct->cookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $rememberme);
 	}
 	else
 	{
-		mysetcookie(COOKIE_PREFIX . 'userid');
-		mysetcookie(COOKIE_PREFIX . 'authkey');
+		$funct->cookie(COOKIE_PREFIX . 'userid');
+		$funct->cookie(COOKIE_PREFIX . 'authkey');
 		echo 'Invalid email or password.';
 		exit;
 	}
 	
 	if ($_POST['do'] == 'cplogin')
 	{
-		mysetcookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])), false);
+		$funct->cookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])), false);
 	}
 	
 	echo 'You are now logged in :-)';
@@ -80,7 +80,7 @@ if ($_REQUEST['do'] == 'logout')
 {
 	if ($bugsys->userinfo['userid'])
 	{
-		mysetcookie(COOKIE_PREFIX . 'userid');
+		$funct->cookie(COOKIE_PREFIX . 'userid');
 		mysetcookie(COOKIE_PREFIX . 'authkey');
 	}
 	else
diff --git a/register.php b/register.php
index 863cdc2..f11a2b5 100755
--- a/register.php
+++ b/register.php
@@ -47,8 +47,6 @@ if (empty($_REQUEST['do']))
 
 if ($_POST['do'] == 'insert')
 {
-	sanitize(array('email' => STR_NOHTML, 'confirmemail' => STR_NOHTML, 'displayname' => STR_NOHTML, 'password' => STR, 'confirmpassword' => STR, 'showemail' => INT, 'languageid' => INT));
-	
 	if ($bugsys->in['email'] != $bugsys->in['confirmemail'])
 	{
 		$errors[] = 'The emails you entered do not match.';
@@ -69,6 +67,11 @@ if ($_POST['do'] == 'insert')
 		$errors[] = 'The password you specified was blank.';
 	}
 	
+	if (!$funct->is_valid_email($bugsys->in['email']))
+	{
+		$errors[] = 'The specified email is invalid.';
+	}
+	
 	if (is_array($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "'")))
 	{
 		$errors[] = 'The specified email is already in use.';
@@ -80,7 +83,7 @@ if ($_POST['do'] == 'insert')
 		exit;
 	}
 	
-	$salt = fetch_random_chars(15);
+	$salt = $funct->rand(15);
 	
 	if ($bugsys->options['verifyemail'])
 	{
@@ -118,11 +121,14 @@ if ($_POST['do'] == 'insert')
 	// Verify email address
 	if ($usergroupid == 3)
 	{
-		$activationid = fetch_random_chars(25);
+		$activationid = $funct->rand(25);
 		
 		$db->query("INSERT INTO " . TABLE_PREFIX . "useractivation (userid, activator, dateline, usergroupid) VALUES ($userid, '$activationid', " . NOW . ", 2)");
 		
-		mymail($bugsys->in['email'], 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . $bugsys->in['displayname'] . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid);
+		$mail->to = $bugsys->in['email'];
+		$mail->subject =  'Welcome to ' . $bugsys->options['trackertitle'];
+		$mail->body = "Hi " . $bugsys->in['displayname'] . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid;
+		$mail->send();
 	
 		echo 'You now need to activate your account via email.';
 	}
@@ -130,7 +136,9 @@ if ($_POST['do'] == 'insert')
 	{
 		if ($bugsys->options['sendwelcomemail'])
 		{
-			mymail($bugsys->in['email'], 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . $bugsys->in['displayname'] . " and welcome to the " . $bugsys->options['trackertitle'] . " bug tracker! Thanks for registering.");
+			$mail->to = $bugsys->in['email'];
+			$mail->subject = 'Welcome to ' . $bugsys->options['trackertitle'];
+			$mail->body = "Hi " . $bugsys->in['displayname'] . " and welcome to the " . $bugsys->options['trackertitle'] . " bug tracker! Thanks for registering.";
 		}
 		
 		if ($usergroupid == 4)
-- 
2.22.5