-
THE BUG WAS FOUND IN: func.inc.php
function F_loginUser($Username,$Password) {
global $db;
$sql = "UPDATE T_Users SET ";
$sql .= "LastLogin = now() ";
$sql .= "WHERE Username = '$Username' ";
$sql .= "AND Password = '" . md5($Password) . "' ";
$sql .= "AND Verified = 'Y'";
mysql_query($sql,$db);
if (mysql_affected_rows()>0) {
return true;
The input is not sanitized.
2009-10-30 18:30:58 UTC by tavezbadalov
-
openface committed patchset 278 of module phpweblog_current to the phpWebLog CVS repository, changing 1 files.
2003-01-09 18:13:03 UTC by openface
-
jsbaer committed patchset 5 of module phpweblog_xl to the phpWebLog CVS repository, changing 4 files.
2002-11-23 17:48:45 UTC by jsbaer
-
jsbaer committed patchset 4 of module phpweblog_xl to the phpWebLog CVS repository, changing 2 files.
2002-11-23 17:30:54 UTC by jsbaer
-
jsbaer committed patchset 3 of module phpweblog_xl to the phpWebLog CVS repository, changing 2 files.
2002-11-23 04:35:01 UTC by jsbaer
-
jsbaer committed patchset 2 of module phpweblog_xl to the phpWebLog CVS repository, changing 354 files.
2002-11-22 22:59:53 UTC by jsbaer
-
jsbaer committed patchset 1 of module phpweblog_xl to the phpWebLog CVS repository, changing 354 files.
2002-11-22 22:59:53 UTC by jsbaer
-
dquinlan committed patchset 277 of module phpweblog_current to the phpWebLog CVS repository, changing 1 files.
2002-04-20 13:47:54 UTC by dquinlan
-
openface committed patchset 276 of module phpweblog_current to the phpWebLog CVS repository, changing 3 files.
2001-12-24 21:28:22 UTC by openface
-
sycophant1 committed patchset 275 of module phpweblog_current to the phpWebLog CVS repository, changing 4 files.
2001-12-23 22:33:41 UTC by sycophant1
