From 0f3e30ba49a0ecdce3b731dfd2cc6ef7d50d2e9d Mon Sep 17 00:00:00 2001
From: niekt0 <niekt0@kyberia.cz>
Date: Thu, 13 Jan 2011 17:53:50 +0100
Subject: [PATCH] security fix (sqli)

---
 wwwroot/inc/eventz/reset_password.inc | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/wwwroot/inc/eventz/reset_password.inc b/wwwroot/inc/eventz/reset_password.inc
index 0f657e4..ade11ee 100644
--- a/wwwroot/inc/eventz/reset_password.inc
+++ b/wwwroot/inc/eventz/reset_password.inc
@@ -1,11 +1,11 @@
 <?php
 function reset_password() {
     global $db,$error;
-    $login = $_POST['login'];
-    $login_type = $_POST['login_type'];
-    $vercode = $_POST['vercode'];
-    $password1 = $_POST['new_password1'];
-    $password2 = $_POST['new_password2'];
+    $login = mysql_real_escape_string($_POST['login']);
+    $login_type = mysql_real_escape_string($_POST['login_type']);
+    $vercode = mysql_real_escape_string($_POST['vercode']);
+    $password1 = mysql_real_escape_string($_POST['new_password1']);
+    $password2 = mysql_real_escape_string($_POST['new_password2']);
 
     if ($login == '') {
         $error="Please enter name or id";
@@ -44,12 +44,13 @@ function reset_password() {
         return false;
     }
 
+    // XXX fix
     $password = md5($password1);
     $q="update users set password='$password' where user_id='$user_id'";
     $db->query($q);
 
-    require(INCLUDE_DIR.'ldap.inc');
-    LDAPuser::change_pass_forced($user_id,$password1);
+//    require(INCLUDE_DIR.'ldap.inc');
+//    LDAPuser::change_pass_forced($user_id,$password1);
 
     $error="Password changed. Now you can login with your new password.";
     return false;
-- 
2.30.2