summaryrefslogtreecommitdiff
path: root/includes/loggedin.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/loggedin.php')
-rw-r--r--includes/loggedin.php34
1 files changed, 17 insertions, 17 deletions
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 4f9b8e8..70c9674 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -38,18 +38,18 @@
if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
- unset($_SESSION[$key]);
- unset($$key);
- //session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
- $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
+ $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
unset($_SESSION['profile']);
}
-
+
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
{
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
@@ -64,13 +64,13 @@
if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
- unset($_SESSION[$key]);
- unset($$key);
- //session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
- "select * from `users` where `id`='".$user_id."'"));
+ "select * from `users` where `id`='".intval($user_id)."'"));
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
@@ -82,9 +82,9 @@
{
if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
continue;
- unset($_SESSION[$key]);
- unset($$key);
- //session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
$_SESSION['_config']['oldlocation'] = '';
@@ -113,7 +113,7 @@
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
{
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -121,7 +121,7 @@
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".L10n::get_translation()."'
- where `id`='".$_SESSION['profile']['id']."'";
+ where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
} else {
L10n::set_translation($_SESSION['profile']['language']);
@@ -136,9 +136,9 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- unset($_SESSION[$key]);
- unset($$key);
- //session_unregister($key);
+ unset($_SESSION[$key]);
+ unset($$key);
+ //session_unregister($key);
}
header("location: https://".$normalhost."/index.php");