Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- patch4.php.orig 2009-08-16 16:31:34.000000000 -0700
- +++ patch4.php 2009-08-16 16:32:49.000000000 -0700
- @@ -15,7 +15,7 @@
- {
- if( isset( $_COOKIE['username'] ) && isset( $_COOKIE['password'] ) )
- {
- - $query = "SELECT * FROM `members` WHERE username = '" . $_COOKIE['username'] . "' AND password = '" . $_COOKIE['password'] . "'";
- + $query = "SELECT * FROM `members` WHERE username = '" . mysql_real_escape_string($_COOKIE['username']) . "' AND password = '" . mysql_real_escape_string($_COOKIE['password']) . "'";
- $res = mysql_query( $query ) or die( "Query: " . $query . " failed." );
- $rows = mysql_num_rows( $res );
- if( !$rows )
- @@ -24,8 +24,8 @@
- }
- if( isset( $_POST['update'] ) )
- {
- - $pass = addslashes( $_POST['new_pass'] );
- - $update = "UPDATE members SET password = '" . $pass . "' WHERE username = '" . $_COOKIE['username'];
- + $pass = mysql_real_escape_string( $_POST['new_pass'] );
- + $update = "UPDATE members SET password = '" . $pass . "' WHERE username = '" . mysql_real_escape_string($_COOKIE['username']);
- mysql_query( $update ) or die( "Unable to update your password, please try again!" );
- }
- else
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement