aboutsummaryrefslogtreecommitdiff
path: root/www/functions/func_password.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_password.php')
-rw-r--r--www/functions/func_password.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/www/functions/func_password.php b/www/functions/func_password.php
index 3ee496b..e515111 100644
--- a/www/functions/func_password.php
+++ b/www/functions/func_password.php
@@ -4,7 +4,7 @@ function change_password($db, $first_password, $second_password){
if($_SESSION["login"]){
$username = user_id($db, $_SESSION["username"]);
} else {
- $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+ $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
$username_ar = $username_db->fetchArray(SQLITE3_NUM);
$username = $username_ar[0];
}
@@ -30,7 +30,7 @@ function change_password($db, $first_password, $second_password){
}
function recover_password($db){
- $test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+ $test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
$test_email_ar = $test_email_db->fetchArray(SQLITE3_NUM);
if($test_email_ar[0] == 1){
@@ -63,7 +63,7 @@ function recover_password($db){
}
function validate_password($db, $username, $password){
- $res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString($username)."'");
+ $res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString(htmlentities($username))."'");
$res_ar = $res_db->fetchArray(SQLITE3_NUM);
$pepper = file_get_contents("../database/pepper.txt");