Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff --git a/configuration.php b/configuration.php
- index 9bf085d..ee2464f 100644
- --- a/configuration.php
- +++ b/configuration.php
- @@ -21,6 +21,7 @@ default css,default tax,default currency
- #ini_set("memory_limit", "64M");
- include_once("libs/database.php");
- +include_once("libs/db.php");
- include_once("libs/template.php");
- include_once("libs/upload.php");
- include_once("libs/htmlMimeMail.php");
- @@ -235,7 +236,7 @@ if(!defined('DATABASE_HOST')){
- }
- # Setting up the database connection
- -$obDatabase = new database();
- +$obDatabase = new db();
- $obDatabase->db_host = DATABASE_HOST;
- $obDatabase->db_user = DATABASE_USERNAME;
- $obDatabase->db_password = DATABASE_PASSWORD;
- diff --git a/libs/db.php b/libs/db.php
- new file mode 100644
- index 0000000..823f8f6
- --- /dev/null
- +++ b/libs/db.php
- @@ -0,0 +1,31 @@
- +<?php
- +class db extends database
- +{
- + function escape($string){
- +
- + $hasMagicQuotesEnabled = (bool)get_magic_quotes_gpc();
- + $canEscapeString = function_exists('mysql_real_escape_string');
- +
- + if($hasMagicQuotesEnabled){
- + $string = stripslashes($string);
- + }
- +
- + if($canEscapeString){
- + if($escaped = @mysql_real_escape_string($string)){
- + return $escaped;
- + }
- + }
- +
- + $replacements = array(
- + '\\' => '\\\\',
- + "\0" => '\\0',
- + "\n" => '\\n',
- + "\r" => '\\r',
- + "'" => "\\'",
- + '"' => '\\"',
- + "\x1a" => '\\Z',
- + );
- +
- + return strtr($string, $replacements);
- + }
- +}
- \ No newline at end of file
- diff --git a/modules/adminindex.php b/modules/adminindex.php
- index 81eb5e4..c19804c 100644
- --- a/modules/adminindex.php
- +++ b/modules/adminindex.php
- @@ -4,7 +4,14 @@ Modified: 12/03/2008
- Revision: 6.0.0
- Copyright: Tradingeye
- ====================================================================*/
- - session_start();
- + session_start();
- +
- + if(isset($_SESSION['uname']) && $_SESSION['uname']!= '' && !isset($_SESSION['adminFlag']) && !$_SESSION['adminFlag']){
- + session_destroy();
- + $_SESSION = array();
- + header("Location:".SITE_URL."adminindex.php");
- + exit;
- + }
- if ($_REQUEST['flag']=="dashboard"){
- unset ($_SESSION['flag']);
- diff --git a/modules/default/authentication.php b/modules/default/authentication.php
- index fcdee14..fe1fbf5 100644
- --- a/modules/default/authentication.php
- +++ b/modules/default/authentication.php
- @@ -88,7 +88,7 @@ class c_authentication
- function m_loginCheck()
- {
- - $this->obDb->query= "select iAdminid_PK,vUsername FROM ".ADMINUSERS." WHERE vUsername = '".trim($this->request['username'])."' AND vPassword=PASSWORD('".trim($this->request['password'])."')";
- + $this->obDb->query= "select iAdminid_PK,vUsername FROM ".ADMINUSERS." WHERE vUsername = '".$this->obDb->escape($this->request['username'])."' AND vPassword=PASSWORD('".$this->obDb->escape($this->request['password'])."')";
- $qryResult = $this->obDb->fetchQuery();
- $rCount=$this->obDb->record_count;
- if($rCount>0)
- @@ -96,6 +96,7 @@ class c_authentication
- $_SESSION['uid'] = trim($qryResult[0]->iAdminid_PK);
- $_SESSION['uname'] = trim($qryResult[0]->vUsername);
- $_SESSION['dashSelec'] = "class='selected'";
- + $_SESSION['adminFlag'] = "1";
- $this->libFunc->m_mosRedirect(SITE_URL."adminindex.php");
- }
- else
- @@ -106,7 +107,7 @@ class c_authentication
- function m_forgetPassword()
- {
- - $this->obDb->query= "select iAdminid_PK,vUsername,vPassword,vEmail FROM ".ADMINUSERS." WHERE vUsername = '".trim($this->request['username'])."' AND vEmail='".trim($this->request['email'])."'";
- + $this->obDb->query= "select iAdminid_PK,vUsername,vPassword,vEmail FROM ".ADMINUSERS." WHERE vUsername = '".$this->obDb->escape($this->request['username'])."' AND vEmail='".$this->obDb->escape($this->request['email'])."'";
- $qryResult = $this->obDb->fetchQuery();
- $rCount=$this->obDb->record_count;
- $uniqID=uniqid (3);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement