AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed password issue causing SQL escape characters to add slashes remove mysqli_real_escape_string as its not needs, md5 produces no sql escape characters by default so it it does not need santized

Browse Source
This commit is contained in:
johnny@pittpc.com
2019-09-24 14:52:53 -04:00
parent 37270183c5
commit bc61b59244
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
post.php
View File

@@ -17,7 +17,7 @@ if(isset($_POST['add_user'])){
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
$password = md5($_POST['password']);
$client_id = intval($_POST['client']);
mysqli_query($mysqli,"INSERT INTO users SET name = '$name', email = '$email', password = '$password', avatar = '$path', created_at = NOW(), client_id = $client_id");
@@ -55,8 +55,8 @@ if(isset($_POST['edit_user'])){
$user_id = intval($_POST['user_id']);
$name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']));
$email = strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']));
$current_password_hash = mysqli_real_escape_string($mysqli,$_POST['current_password_hash']);
$password = mysqli_real_escape_string($mysqli,$_POST['password']);
$current_password_hash = $_POST['current_password_hash'];
$password = $_POST['password'];
if($current_password_hash == $password){
$password = $current_password_hash;
}else{