From e0aa21917a1cc6c1d8139d6f3edcdfdef12e8bec Mon Sep 17 00:00:00 2001 From: David Goodwin Date: Wed, 25 Mar 2009 14:51:12 +0000 Subject: [PATCH] users/password.php: no need to escape strings - should be in the model layer - fix broken auth check git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@602 a1433add-5e2c-0410-b055-b7f2511e0802 --- users/password.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/users/password.php b/users/password.php index 678be3f6..280e8b9b 100644 --- a/users/password.php +++ b/users/password.php @@ -30,7 +30,7 @@ require_once('../common.php'); authentication_require_role('user'); -$USERID_USERNAME = authentication_get_username(); +$username = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "POST") { @@ -39,17 +39,15 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") exit(0); } - $fPassword_current = escape_string ($_POST['fPassword_current']); - $fPassword = escape_string ($_POST['fPassword']); - $fPassword2 = escape_string ($_POST['fPassword2']); + $fPassword_current = $_POST['fPassword_current']; + $fPassword = $_POST['fPassword']; + $fPassword2 = $_POST['fPassword2']; if(strlen($fPassword) < $CONF['min_password_length']) { $error = 1; flash_error(sprintf($PALANG['pPasswordTooShort'], $CONF['min_password_length'])); } - $username = $USERID_USERNAME; - - if(UserHandler::login($username, $fPassword_current)) { + if(!UserHandler::login($username, $fPassword_current)) { $error += 1; $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; }