Ignore:
Timestamp:
05/15/08 22:25:54 (4 years ago)
Author:
hverton
Message:

Merged trunk revisions 1342:1407 into the PLi-Fusion branch

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/PLi-Fusion/includes/user_functions.php

    r1343 r1408  
    4242 
    4343// Login code  
    44 if (isset($_POST['login'])) { 
    45     $user_pass = md5($_POST['user_pass']); 
     44if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) { 
     45    $user_pass = md5(md5($_POST['user_pass'])); 
    4646    $user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name'])); 
    47     // double hashed passwords as of revision 954 
    48     if ($settings['revision'] >= 954) { 
    49         $user_pass = md5($user_pass); 
    50     } 
    5147    $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='".$user_pass."'"); 
    5248    if (dbrows($result) != 0) { 
     
    8581        } 
    8682    } else { 
    87         redirect(BASEDIR."setuser.php?error=3"); 
     83        redirect(BASEDIR."setuser.php?error=3", "script"); 
    8884        exit; 
    8985    } 
     
    365361 
    366362    if (iSUPERADMIN) {  
    367         $res .= ($hidden == false?" AND ":"")."($field != '100'"; 
     363        $res .= ($res != ""?" AND ":"")."$field != '100'"; 
     364        return $res; 
    368365    } elseif ($userdata['user_level'] >= 102) {  
    369366        $res .= ($hidden == false?" AND ":"")."($field='0' OR $field='101' OR $field='102'"; 
Note: See TracChangeset for help on using the changeset viewer.