mirror of
https://github.com/the-djmaze/snappymail.git
synced 2024-09-20 15:45:55 +08:00
Added escaping of special characters
This commit is contained in:
parent
4b00ef72d4
commit
a6e70256ea
|
@ -99,16 +99,16 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha
|
|||
|
||||
try
|
||||
{
|
||||
$sEmail = $oAccount->Email();
|
||||
$sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail);
|
||||
$sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail);
|
||||
$sEmail = mysqli_real_escape_string($db, $oAccount->Email());
|
||||
$sEmailUser = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail));
|
||||
$sEmailDomain = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetDomainFromEmail($sEmail));
|
||||
|
||||
$password_check_query = "SELECT * FROM e_users WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
|
||||
$result = mysqli_query($db, $password_check_query);
|
||||
$password_check = mysqli_fetch_assoc($result);
|
||||
|
||||
if (password_verify($sPrevPassword, substr($password_check['password'], 7))) {
|
||||
$hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT);
|
||||
$hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT))
|
||||
$password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
|
||||
mysqli_query($db, $password_update_query);
|
||||
$bResult = true;
|
||||
|
|
Loading…
Reference in a new issue