|
From: <ste...@us...> - 2003-03-04 22:37:32
|
Update of /cvsroot/php-blog/jBlog
In directory sc8-pr-cvs1:/tmp/cvs-serv24666
Modified Files:
jBlog_admin_installer.inc.php jBlog_functions.inc.php
Log Message:
don't store passwords in plain text.
Index: jBlog_admin_installer.inc.php
===================================================================
RCS file: /cvsroot/php-blog/jBlog/jBlog_admin_installer.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- jBlog_admin_installer.inc.php 4 Mar 2003 22:19:30 -0000 1.3
+++ jBlog_admin_installer.inc.php 4 Mar 2003 22:37:25 -0000 1.4
@@ -240,6 +240,7 @@
}
echo "<p>Welcome to jBlog!</b><p>";
echo "Write down your password: ".$_POST["pass"]." and <a href='".$_POST["jBlogHTTPPath"]."'>check out your blog</a>";
+ session_destroy();
}
}
}
Index: jBlog_functions.inc.php
===================================================================
RCS file: /cvsroot/php-blog/jBlog/jBlog_functions.inc.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- jBlog_functions.inc.php 4 Mar 2003 22:26:45 -0000 1.8
+++ jBlog_functions.inc.php 4 Mar 2003 22:37:25 -0000 1.9
@@ -925,7 +925,7 @@
$jBlog[dbPrefix]authors
WHERE
username = '$username'
- AND password = '$password'";
+ AND password = PASSWORD('$password')";
$cursor = mysql_db_query($jBlog['dbName'], $query);
if(!$cursor) {
print mysql_error();
|
