diff options
| author | Cassio de Campos <cassiopc@gmail.com> | 2017-10-26 13:54:39 +0000 |
|---|---|---|
| committer | Cassio de Campos <cassiopc@gmail.com> | 2017-10-26 13:54:39 +0000 |
| commit | d269dad3ff8aec1f9c08fb4fa017b222f03b4ba8 (patch) | |
| tree | 9d31fddb461a43d61a21120341b82dcc050a157a | |
| parent | 907334bbf19a01e46f58b999c2787c61aea3943e (diff) | |
| download | boca-d269dad3ff8aec1f9c08fb4fa017b222f03b4ba8.tar.gz boca-d269dad3ff8aec1f9c08fb4fa017b222f03b4ba8.zip | |
bug fix pass
| -rw-r--r-- | src/admin/user.php | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/admin/user.php b/src/admin/user.php index 9085e45..0b01ee9 100644 --- a/src/admin/user.php +++ b/src/admin/user.php @@ -15,9 +15,6 @@ // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. //////////////////////////////////////////////////////////////////////////////// -// Last modified 26/oct/2014 by cassio@ime.usp.br -// allow passwords to be changed by default -// require('header.php'); if (isset($_GET["site"]) && isset($_GET["user"]) && is_numeric($_GET["site"]) && is_numeric($_GET["user"]) && @@ -66,13 +63,14 @@ if (isset($_POST["username"]) && isset($_POST["userfullname"]) && isset($_POST[" */ - $passcheck = htmlspecialchars($_POST["passwordo"]); + $passcheck = $_POST["passwordo"]; $a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], null, false); if(myhash($a['userpassword'] . session_id()) != $passcheck) { MSGError('Admin password is incorrect'); } else { if ($_POST["passwordn1"] == $_POST["passwordn2"]) { - $param['pass'] = bighexsub(htmlspecialchars($_POST["passwordn1"]),$a['userpassword']); + $param['pass'] = bighexsub($_POST["passwordn1"],$a['userpassword']); + while(strlen($param['pass']) < strlen($a['userpassword'])) $param['pass'] = '0' . $param['pass']; if($param['user'] != 1000) DBNewUser($param); } |