onokazu
onoka****@users*****
2005年 7月 18日 (月) 15:49:06 JST
Index: xoops2jp/html/include/checklogin.php
diff -u xoops2jp/html/include/checklogin.php:1.2.6.1.2.1 xoops2jp/html/include/checklogin.php:1.2.6.1.2.2
--- xoops2jp/html/include/checklogin.php:1.2.6.1.2.1 Thu Jun 30 01:40:23 2005
+++ xoops2jp/html/include/checklogin.php Mon Jul 18 15:49:06 2005
@@ -1,5 +1,5 @@
<?php
-// $Id: checklogin.php,v 1.2.6.1.2.1 2005/06/29 16:40:23 onokazu Exp $
+// $Id: checklogin.php,v 1.2.6.1.2.2 2005/07/18 06:49:06 onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
@@ -33,15 +33,15 @@
exit();
}
include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php';
-$myts =& MyTextsanitizer::getInstance();
-$uname = !isset($_POST['uname']) ? '' : $myts->stripSlashesGPC(trim($_POST['uname']));
-$pass = !isset($_POST['pass']) ? '' : $myts->stripSlashesGPC(trim($_POST['pass']));
+$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
+$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
if ($uname == '' || $pass == '') {
redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}
$member_handler =& xoops_gethandler('member');
-$user =& $member_handler->loginUser($uname, $pass);
+$myts =& MyTextsanitizer::getInstance();
+$user =& $member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));
if (false != $user) {
if (0 == $user->getVar('level')) {
redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);