remove pointless escaping of the password (refs #392)

This commit is contained in:
Andrew Dolgov 2011-11-22 11:05:12 +04:00
parent 92decf4f2d
commit 4044a5fa52
3 changed files with 6 additions and 6 deletions

View file

@ -80,8 +80,8 @@
case "login": case "login":
$login = db_escape_string($_REQUEST["user"]); $login = db_escape_string($_REQUEST["user"]);
$password = db_escape_string($_REQUEST["password"]); $password = $_REQUEST["password"];
$password_base64 = db_escape_string(base64_decode($_REQUEST["password"])); $password_base64 = base64_decode($_REQUEST["password"]);
if (SINGLE_USER_MODE) $login = "admin"; if (SINGLE_USER_MODE) $login = "admin";

View file

@ -2111,7 +2111,7 @@
# try to authenticate user if called from login form # try to authenticate user if called from login form
if ($login_action == "do_login") { if ($login_action == "do_login") {
$login = db_escape_string($_POST["login"]); $login = db_escape_string($_POST["login"]);
$password = db_escape_string($_POST["password"]); $password = $_POST["password"];
$remember_me = $_POST["remember_me"]; $remember_me = $_POST["remember_me"];
if (authenticate_user($link, $login, $password)) { if (authenticate_user($link, $login, $password)) {

View file

@ -21,9 +21,9 @@
if ($subop == "change-password") { if ($subop == "change-password") {
$old_pw = db_escape_string($_POST["old_password"]); $old_pw = $_POST["old_password"];
$new_pw = db_escape_string($_POST["new_password"]); $new_pw = $_POST["new_password"];
$con_pw = db_escape_string($_POST["confirm_password"]); $con_pw = $_POST["confirm_password"];
if ($old_pw == "") { if ($old_pw == "") {
print "ERROR: ".__("Old password cannot be blank."); print "ERROR: ".__("Old password cannot be blank.");