diff options
Diffstat (limited to 'www/api')
| -rw-r--r-- | www/api/ccsr.php | 6 | ||||
| -rw-r--r-- | www/api/cemails.php | 6 | ||||
| -rw-r--r-- | www/api/edu.php | 2 |
3 files changed, 7 insertions, 7 deletions
diff --git a/www/api/ccsr.php b/www/api/ccsr.php index 7efdf8d..aa33baa 100644 --- a/www/api/ccsr.php +++ b/www/api/ccsr.php @@ -42,7 +42,7 @@ require_once '../../includes/lib/check_weak_key.php'; } if(count($emails) <= 0) die("404,Wasn't able to match any emails sent against your account"); - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`"; + $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `notary`.`deleted`=0 group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; @@ -62,12 +62,12 @@ require_once '../../includes/lib/check_weak_key.php'; $codesign = 1; $CSR = trim($_REQUEST['optionalCSR']); - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { die("403, $weakKey"); } - + $incsr = tempnam("/tmp", "ccsrIn"); $checkedcsr = tempnam("/tmp", "ccsrOut"); $fp = fopen($incsr, "w"); diff --git a/www/api/cemails.php b/www/api/cemails.php index 0d067ea..0ef6b4a 100644 --- a/www/api/cemails.php +++ b/www/api/cemails.php @@ -15,8 +15,8 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - $username = mysql_escape_string($_REQUEST['username']); - $password = mysql_escape_string($_REQUEST['password']); + $username = mysql_real_escape_string($_REQUEST['username']); + $password = mysql_real_escape_string($_REQUEST['password']); $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; $res = mysql_query($query); @@ -25,7 +25,7 @@ echo "200,Authentication Ok\n"; $user = mysql_fetch_assoc($res); $memid = $user['id']; - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`"; + $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `notary`.`deleted`=0 group by `to`"; $row = mysql_fetch_assoc(mysql_query($query)); $points = $row['points']; echo "CS=".intval($user['codesign'])."\n"; diff --git a/www/api/edu.php b/www/api/edu.php index 27b7b1b..80a4e79 100644 --- a/www/api/edu.php +++ b/www/api/edu.php @@ -20,7 +20,7 @@ if ($ipadress=='72.36.220.19' && $_SERVER['HTTPS']=="on") { - $serial=mysql_escape_string($_REQUEST["serial"]); + $serial=mysql_real_escape_string($_REQUEST["serial"]); $root=intval($_REQUEST["root"]); $sql="select memid from emailcerts where serial='$serial' and rootcert='$root'"; |