summaryrefslogtreecommitdiffstats
path: root/frontends/php/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'frontends/php/index.php')
-rw-r--r--frontends/php/index.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/frontends/php/index.php b/frontends/php/index.php
index 88e2071c..18199872 100644
--- a/frontends/php/index.php
+++ b/frontends/php/index.php
@@ -83,7 +83,7 @@
if(isset($reconnect) && isset($sessionid))
{
- $sql="delete from sessions where sessionid='$sessionid'";
+ $sql="delete from sessions where sessionid='".zbx_ads($sessionid)."'";
DBexecute($sql);
setcookie("sessionid",$sessionid,time()-3600);
unset($sessionid);
@@ -92,7 +92,7 @@
if(isset($enter)&&($enter=="Enter"))
{
$password=md5($password);
- $sql="select u.userid,u.alias,u.name,u.surname,u.url,u.refresh from users u where u.alias='$name' and u.passwd='$password'";
+ $sql="select u.userid,u.alias,u.name,u.surname,u.url,u.refresh from users u where u.alias='".zbx_ads($name)."' and u.passwd='".zbx_ads($password)."'";
$result=DBselect($sql);
if(DBnum_rows($result)==1)
{
@@ -107,7 +107,7 @@
setcookie("sessionid",$sessionid,time()+3600);
// Required !
$_COOKIE["sessionid"]=$sessionid;
- $sql="insert into sessions (sessionid,userid,lastaccess) values ('$sessionid',".$USER_DETAILS["userid"].",".time().")";
+ $sql="insert into sessions (sessionid,userid,lastaccess) values ('".zbx_ads($sessionid)."',".$USER_DETAILS["userid"].",".time().")";
DBexecute($sql);
if($USER_DETAILS["url"] != '')
generated by cgit (git 2.34.1) at 2024-07-08 05:20:50 +0000