Point808/LobbySIO
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remediate injection on internal auth login

Browse Source
This commit is contained in:
Josh North 2021-08-05 22:08:24 -04:00
parent 11657016ad
commit c54436b432
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/header.inc.php
View File

@ -119,7 +119,7 @@
<script src="js/buttons.print.min.js?v3"></script>
<script src="js/dataTables.buttons.min.js?v3"></script>
<script src="js/jszip.min.js?v3"></script>
<script src="js/pdfmake.min.js?v4"></script>
<script src="js/pdfmake.min.js?v45"></script>
<script src="js/vfs_fonts.js?v4"></script>
<script src="js/moment.min.js?v3"></script>
<script src="js/tempusdominus-bootstrap-4.min.js?v3"></script>

2
login.php
View File

@ -99,7 +99,7 @@ $hasher = new PasswordHash(8, FALSE);
// compare if posted
if (!empty(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS))):
$user = $Users->loginUser(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS));
if ($user && $user[0]["users_password"] == $hasher->CheckPassword(filter_input(INPUT_POST, 'password', FILTER_SANITIZE_SPECIAL_CHARS), $user[0]["users_password"])):
if ($user && $user[0]["users_password"] == $hasher->CheckPassword(filter_input(INPUT_POST, 'password', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $user[0]["users_password"])):
session_regenerate_id();
$_SESSION['user_id'] = $user[0]["users_id"];
$_SESSION['loggedIn'] = TRUE;

2
printvwf.php
View File

@ -120,7 +120,7 @@
<script src="js/buttons.print.min.js?v3"></script>
<script src="js/dataTables.buttons.min.js?v3"></script>
<script src="js/jszip.min.js?v3"></script>
<script src="js/pdfmake.min.js?v3"></script>
<script src="js/pdfmake.min.js?v45"></script>
<script src="js/vfs_fonts.js?v3"></script>
<script src="js/moment.min.js?v3"></script>
<script src="js/tempusdominus-bootstrap-4.min.js?v3"></script>