cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Added SQL Injection prevention

Browse source 
The hash does not work with most email clients, needs more testing
This commit is contained in:
root 2008-11-24 12:42:59 +00:00
parent a8ca38dcaf
commit 16d7b35bae
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
www/index.php
View file

@ -117,7 +117,7 @@
$_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
} else {
$query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."')
where `id`='".$_SESSION['lostpw']['user']['id']."'";
where `id`='".intval($_SESSION['lostpw']['user']['id'])."'";
mysql_query($query) || die(mysql_error());
showheader(_("Welcome to CAcert.org"));
echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
@ -538,7 +538,7 @@
mysql_query($query);
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash&lang=".$_SESSION['_config']['language']."\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; //."&"."lang=".$_SESSION['_config']['language']."\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");