Home Explore Help
Sign In
Paenibacillus
/
sorbetcms
forked from richard/sorbetcms
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Commits 290 Releases 0 Wiki
Browse Source

scape the login

pecesama 18 years ago
parent
c37cc7cd41
commit
57a29ee36c
2 changed files with 13 additions and 1 deletions
Unified View Show Diff Stats
  1. 12 0
      classes/functions.php
  2. 1 1
      classes/user.class.php

+ 12 - 0
classes/functions.php View File

327 
 		$dirs = array_unique($dirs);
327 
 		$dirs = array_unique($dirs);
328 
  		return $dirs;
328 
  		return $dirs;
329 
  	}
329 
  	}
330 
+
331 
+	function sql_escape($value) {
332 
+	    if(get_magic_quotes_gpc()) {
333 
+	          $value = stripslashes($value);
334 
+	    }
335 
+	    if( function_exists("mysql_real_escape_string")) {
336 
+	          $value = mysql_real_escape_string($value);
337 
+	    } else {
338 
+	          $value = addslashes($value);
339 
+	    }
340 
+	    return $value;
341 
+	}
330 
 ?>
 342 
 ?>

+ 1 - 1
classes/user.class.php View File

41 
 	}
41 
 	}
42
42
43 
 	function validateUser($user="", $password="") {
43 
 	function validateUser($user="", $password="") {
44 
-		if ($this->ejecutarConsulta("SELECT id_user, login, password  FROM ".$this->conf->tablePrefix."users WHERE login='".$user."' AND password='".$password."'")) {
44 
+		if ($this->ejecutarConsulta("SELECT id_user, login, password  FROM ".$this->conf->tablePrefix."users WHERE login='".sql_escape($user)."' AND password='".$password."'")) {
45 
 			if ($this->contarRegistros()>0) {
45 
 			if ($this->contarRegistros()>0) {
46 
 				$register=$this->obtenerRegistro();
46 
 				$register=$this->obtenerRegistro();
47 
 				$_SESSION['user_id']=$register["id_user"];
47 
 				$_SESSION['user_id']=$register["id_user"];