login fix & TODO update

diff --git a/doc/TODO b/doc/TODO
index 28e49bfb5435b18db03c6bebceeceda66a5012b3..069938d405a81a0bc515861c98f906d316ec363f 100644 (file)
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,8 +1,16 @@
+- User mail is not working
+
+- Registration process is not working
+
+- Cron scripts are not executed 
+  (no automatic logouts, no K generation, ...)
+
 - fix uploading of files
+
 - fix ALL sql injections
-- keep fixing XSS
-- documentantion/instalation guide (see README)
+
 - remove absolute paths from all source files (!) (over 50)
+
 - remove hard-coded kyberia.sk from:
   ( ./inc/eventz/configure_email.inc )
   ( ./inc/eventz/delete.inc )
@@ -11,15 +19,21 @@
   ( ./nodes.php )
   ( ./cron/rssparse.php )
   ( ./scripts/contentregexp.php ) (obsolete?)
+  Fix https vs http problem (url)
 
 - Suspected security holes:
   ( cron/process-img.sh )
   ( sms_payment.php  => yes, sqli but is it really used? )
-  ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling,
+  ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
     "strange" filenames like .htacess (to allow listing of folder)
 
 - Refactor directory structure
-  ( Whole <Directory "/var/www/kyberia-wwwroot> section from apache should go to .htaccess )
 
 - Deprecated PHP features
   ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )
+
+- keep fixing XSS
+
+- documentation/installation guide (see README)
+
+- Clean code => fix uninitialized variables

diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc
index ac5c4366711c96531a1a5d80aaf29e1911794c67..ef4800af8bcb58f5b927488cc9f581f43a0d15a3 100644 (file)
--- a/wwwroot/inc/eventz/login.inc
+++ b/wwwroot/inc/eventz/login.inc
@@ -110,9 +110,9 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
             $_SESSION['mood_name'] = $mset->getString('node_name');
             $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
         }
-
         // last login
-        $db->query(sprintf('update users set last_login = NOW() where user_id = %d', $user_id));
+
+       $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
 
         $_SESSION['user_id']=$user_id;
         $_SESSION['user_name']=addslashes($user_name);