Here is the problematic piece of code:
Code: Select all
/**
* confirmUserPass - Checks whether or not the given
* username is in the database, if so it checks if the
* given password is the same password in the database
* for that user. If the user doesn't exist or if the
* passwords don't match up, it returns an error code
* (1 or 2). On success it returns 0.
*/
function confirmUserPass($username, $password){
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($_POST['username']);
$password = addslashes($_POST['userPassword']);
}
/* Verify that user is in database */
$q = "SELECT userPassword FROM user WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
if(!$result || (mysql_num_rows($result) < 1)){
return 1; //Indicates username failure
}
/* Retrieve userid from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['username'] = stripslashes($dbarray['username']);
/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['userPassword'] = stripslashes($dbarray['userPassword']);
/* Validate that password is correct */
if($password == $dbarray['userPassword']){
return 0; //Success! Username and password confirmed
}
else{
if($password !== $dbarray['userPassword']){
return 2; //Indicates password failure
}
}
}
Thanks in advance.