| /_taios.php |
|---|
| 488,19 → 488,19 |
| return $res; |
| } |
| function getCRSFToken($id) { |
| function getCSRFToken($id) { |
| $token = $this->rndString(); |
| $this->query("UPDATE USERS Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
| return $token; |
| } |
| function checkCRSFToken($id, $token) { |
| function checkCSRFToken($id, $token) { |
| $user = $this->getUserByID($id); |
| if ($token !== $user->csrftoken) { |
| die("a death"); |
| } |
| $this->getCRSFToken($id); // change to something else so we can't re-use it |
| $this->getCSRFToken($id); // change to something else so we can't re-use it |
| } |
| function getGetID() { |
| /register-do.php |
|---|
| 44,8 → 44,8 |
| $salt = $username . "horses"; |
| $args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, 0); |
| $page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?)", $args); |
| $args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, $page->rndString(), 0); |
| $page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, CSRFToken, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $args); |
| $page->redirect('login.php'); |