SQL Injection fix

equinoxmatt · equinoxmatt · commit 42d9b3557bd7 · 2014-01-11T21:39:25.000Z
diff --git a/core/common/Auth.class.php b/core/common/Auth.class.php
@@ -255,8 +255,8 @@ public static function ProcessLogin($useridoremail, $password)
 			{
 				$emailaddress = DB::escape($useridoremail);
 				$sql = 'SELECT * FROM ' . TABLE_PREFIX . 'pilots
-						WHERE email=\''.$useridoremail.'\'';
-			} 
+						WHERE email=\''.$emailaddress.'\'';
+			}
 			# They're loggin in with a pilot id
 			elseif(preg_match('/^([A-Za-z]*)(.*)(\d*)/', $useridoremail, $matches)>0)
 			{
@@ -273,7 +273,7 @@ public static function ProcessLogin($useridoremail, $password)
 				return false;
 			}
 		}
-		
+
 		$password = DB::escape($password);
 		$userinfo = DB::get_row($sql);
 

Original file line number	Diff line number	Diff line change
`@@ -255,8 +255,8 @@ public static function ProcessLogin($useridoremail, $password)`
`255`	`255`	`{`
`256`	`256`	`$emailaddress = DB::escape($useridoremail);`
`257`	`257`	`$sql = 'SELECT * FROM ' . TABLE_PREFIX . 'pilots`
`258`		`- WHERE email=\''.$useridoremail.'\'';`
`259`		`- }`
	`258`	`+ WHERE email=\''.$emailaddress.'\'';`
	`259`	`+ }`
`260`	`260`	`# They're loggin in with a pilot id`
`261`	`261`	`elseif(preg_match('/^([A-Za-z])(.)(\d*)/', $useridoremail, $matches)>0)`
`262`	`262`	`{`
`@@ -273,7 +273,7 @@ public static function ProcessLogin($useridoremail, $password)`
`273`	`273`	`return false;`
`274`	`274`	`}`
`275`	`275`	`}`
`276`		`-`
	`276`	`+`
`277`	`277`	`$password = DB::escape($password);`
`278`	`278`	`$userinfo = DB::get_row($sql);`
`279`	`279`