summaryrefslogtreecommitdiff
path: root/www/api/cemails.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/api/cemails.php')
-rw-r--r--www/api/cemails.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/www/api/cemails.php b/www/api/cemails.php
index 0d067ea..0ef6b4a 100644
--- a/www/api/cemails.php
+++ b/www/api/cemails.php
@@ -15,8 +15,8 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
- $username = mysql_escape_string($_REQUEST['username']);
- $password = mysql_escape_string($_REQUEST['password']);
+ $username = mysql_real_escape_string($_REQUEST['username']);
+ $password = mysql_real_escape_string($_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
$res = mysql_query($query);
@@ -25,7 +25,7 @@
echo "200,Authentication Ok\n";
$user = mysql_fetch_assoc($res);
$memid = $user['id'];
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `notary`.`deleted`=0 group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
echo "CS=".intval($user['codesign'])."\n";