Move clean function call for auth

nox-x · Oct 17, 2016 · 92ee374 · 92ee374
1 parent 6b07d6d
commit 92ee374
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php
@@ -58,7 +58,7 @@
 $auth_success = 0;
 
 if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token']))) {
-    if (reauthenticate(clean($_COOKIE['sess_id']), clean($_COOKIE['token'])) || authenticate($_SESSION['username'], $_SESSION['password'])) {
+    if (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']) || authenticate($_SESSION['username'], $_SESSION['password'])) {
         $_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
         $_SESSION['user_id']   = get_userid($_SESSION['username']);
         if (!$_SESSION['authenticated']) {

diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php
@@ -35,6 +35,8 @@ function authenticate($username, $password)
 
 function reauthenticate($sess_id, $token)
 {
+    $sess_id = clean($sess_id);
+    $token = clean($token);
     list($uname,$hash) = explode('|', $token);
     $session           = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'", array(), true);
     $hasher            = new PasswordHash(8, false);