system($cmd);
}
-function login() {
+function login_check($login, $password, $login_type='id') {
global $db,$error,$node_id;
- $login = mysql_real_escape_string($_POST['login']);
- $password = $_POST['password']; // Not SQLi but be carefull
+ $login = mysql_real_escape_string($login); //Not SQLi in $password but be carefull
$password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
$hash_query='(';
}
$hash_query.='false )';
- $login_type = $_POST['login_type'];
$referer = $_SERVER['HTTP_REFERER'];
if (!session_id()) {
// header("Location: $referer");
return true;
}
-?>
+
+function login() {
+ $login = $_POST['login'];
+ $password = $_POST['password'];
+ $login_type = $_POST['login_type'];
+ return login_check($login, $password, $login_type);
+}
}
//old password check
-
- $q="select * from users where login='$login'";
- $set=$db->query($q);
- $set->next();
- if ($set->getString('password')!=md5($old_password)) {
- $error="bad password";
+ require_once(INCLUDE_DIR."eventz/login.inc");
+ if(!login_check($user_id, $old_password)) {
+ $error="bad password";
return false;
}
-
//changing in MySQL
- $password=md5($new_password1);
+ $password=sha1($new_password1);
$db->query("update users set password='$password' where user_id='$user_id'");
+ login_check($user_id, $new_password1); //znova se zalogujeme po zmene hesla (kvuli jabberu)
}
-
-?>
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / commitdiff
