new-combats/game
3
0
Fork 0
Code Issues 23 Pull Requests Releases Wiki Activity

Хороним $_COOKIE['pass'], отказываемся от md5('pass'). Это не регистрация, а чёрная дыра!

Browse Source
This commit is contained in:
Ivor Barhansky
2023-01-06 16:57:25 +02:00
parent e9ec7eb2f2
commit 9e45f170c7
50 changed files with 1470 additions and 2242 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jx/post.php
+1 -1
View File
@@ -6,7 +6,7 @@ if ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
include_once('../_incl_data/class/__db_connect.php');
$u = mysql_fetch_array(mysql_query('SELECT `id` FROM `users` WHERE `login`="' . mysql_real_escape_string($_COOKIE['login']) . '" AND `pass`="' . mysql_real_escape_string($_COOKIE['pass']) . '" LIMIT 1'));
$u = mysql_fetch_array(mysql_query('SELECT `id` FROM `users` WHERE `login`="' . mysql_real_escape_string($_COOKIE['login']) . '"'));
if (!isset($u['id']) || ($u['joinIP'] == 1 && $u['ip'] != $_SERVER['HTTP_X_REAL_IP'])) {
die('<script>top.location = \'https://' . $c['host'] . '/\';</script>');
} else {