Menu
▾
▴
[mxbb-commits] core/includes/sessions/phpbb3 login.php,1.4,1.5
|
From: MW <jo...@us...> - 2008-02-09 12:41:17
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv25492/includes/sessions/phpbb3 Modified Files: login.php Log Message: part of project wide change of using request_vars wrapper class instead of explicite and unfiltered $HTML_*_VARS Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/login.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** login.php 4 Feb 2008 15:56:44 -0000 1.4 --- login.php 9 Feb 2008 12:41:11 -0000 1.5 *************** *** 15,22 **** } ! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && ($userdata['user_id'] == ANONYMOUS || isset($HTTP_POST_VARS['admin'])) ) { ! $username = isset($HTTP_POST_VARS['username']) ? phpBB2::phpbb_clean_username($HTTP_POST_VARS['username']) : ''; ! $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; $sql = "SELECT * --- 15,22 ---- } ! if($mx_request_vars->is_request('login') && ($userdata['user_id'] == ANONYMOUS || $mx_request_vars->is_post('admin')) ) { ! $username = $mx_request_vars->is_post('username') ? phpBB2::phpbb_clean_username($mx_request_vars->post('username', MX_TYPE_NO_TAGS)) : ''; ! $password = $mx_request_vars->post('password', MX_TYPE_NO_TAGS); $sql = "SELECT * *************** *** 127,132 **** if (md5($password_old_format) == $row['user_password'] || md5($password) == $row['user_password'] || phpBB3::phpbb_check_hash($password, $row['user_password'])) { ! $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; --- 127,132 ---- if (md5($password_old_format) == $row['user_password'] || md5($password) == $row['user_password'] || phpBB3::phpbb_check_hash($password, $row['user_password'])) { ! $autologin = $mx_request_vars->is_post('autologin'); ! $admin = $mx_request_vars->is_post('admin'); $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; *************** *** 140,144 **** { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } --- 140,144 ---- { $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : $fromurl; mx_redirect(mx3_append_sid($url, false, false, $session_id)); } *************** *** 157,161 **** $db->sql_query($sql); ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); --- 157,161 ---- $db->sql_query($sql); ! $redirect = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : ''; $redirect = str_replace('?', '&', $redirect); *************** *** 195,199 **** if( $session_id ) { ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } --- 195,199 ---- if( $session_id ) { ! $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } *************** *** 208,212 **** else { ! $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; $redirect = str_replace("?", "&", $redirect); --- 208,212 ---- else { ! $redirect = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : ''; $redirect = str_replace("?", "&", $redirect); *************** *** 224,228 **** } } ! else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) { // session id check --- 224,228 ---- } } ! else if ($mx_request_vars->is_request('logout') && $userdata['session_logged_in'] ) { // session id check *************** *** 237,243 **** } ! if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) { ! $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']); $url = str_replace('&', '&', $url); mx_redirect(mx3_append_sid($url, false)); --- 237,243 ---- } ! if (!$mx_request_vars->is_empty_request('redirect')) { ! $url = $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS); $url = str_replace('&', '&', $url); mx_redirect(mx3_append_sid($url, false)); *************** *** 250,254 **** else { ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } --- 250,254 ---- else { ! $url = !$mx_request_vars->is_empty_post('redirect') ? str_replace('&', '&', $mx_request_vars->post('redirect', MX_TYPE_NO_TAGS)) : "index.$phpEx"; mx_redirect(mx3_append_sid($url, false)); } |
