external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

added hashed passwords

Browse source
This commit is contained in:
jchu 2005-01-21 14:50:25 +00:00
parent 91c3f94ff9
commit 28e23308d4
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
web/html/index.php
View file

@ -19,7 +19,10 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
if (!$login_error) {
# Try and authenticate the user
#
$dbh = db_connect();
#md5 hash it
$_REQUEST["pass"] = md5($_REQUEST["pass"]);
$dbh = db_connect();
$q = "SELECT ID, Suspended FROM Users ";
$q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";

6
web/lib/acctfuncs.inc
View file

@ -245,6 +245,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if ($TYPE == "new") {
# no errors, go ahead and create the unprivileged user
#
#md5hash the password
$P = md5($P);
$q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, ";
$q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) ";
$q.= "VALUES (1, 0, '".mysql_escape_string($U)."'";
@ -275,6 +278,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
} else {
# no errors, go ahead and modify the user account
#
#md5 hash the password
$P = md5($P);
$q = "UPDATE Users SET ";
$q.= "Username = '".mysql_escape_string($U)."'";
if ($T) {