cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

bug #80

Browse Source
pull/1/head
root 18 years ago
parent 3e32cf1ca6
commit ab2db05cec
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File

15
includes/general.php
Unescape Escape View File

@ -163,10 +163,17 @@
if($_SESSION['profile']['id'] > 0) if($_SESSION['profile']['id'] > 0)
{ {
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
$res = mysql_query($query); if($locked['locked'] == 0)
$row = mysql_fetch_assoc($res); {
$_SESSION['profile']['points'] = $row['total']; $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
} else {
$_SESSION['profile'] = "";
unset($_SESSION['profile']);
}
} }
function loadem($section = "index") function loadem($section = "index")

4
www/index.php
Unescape Escape View File

@ -148,7 +148,7 @@
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)
{ {
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0")); $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]' and `deleted`=0 and `locked`=0"));
if($_SESSION['profile']['id'] != 0) if($_SESSION['profile']['id'] != 0)
{ {
$_SESSION['profile']['loggedin'] = 1; $_SESSION['profile']['loggedin'] = 1;
@ -176,7 +176,7 @@
$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email'])))); $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword']))); $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0"; `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)
{ {

Write Preview
Loading…
Cancel
Save