From 2d5ac7c2e699644b298de83046708c380a351e45 Mon Sep 17 00:00:00 2001
From: "johnny@pittpc.com" <admin@app.pittpc.com>
Date: Wed, 28 Aug 2019 21:56:45 -0400
Subject: [PATCH] Security Mysql Escaped current_code POST var under login

---
 login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/login.php b/login.php
index 1be36e72..530c0073 100644
--- a/login.php
+++ b/login.php
@@ -16,7 +16,7 @@ if(isset($_POST['login'])){
   
   $email = mysqli_real_escape_string($mysqli,$_POST['email']);
   $password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
-  $current_code = $_POST['current_code'];
+  $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
 
   $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$email' AND password = '$password'");