diff -r de56132c008d -r bdac73ed481e install/includes/stages/login.php --- a/install/includes/stages/login.php Sun Mar 28 21:49:26 2010 -0400 +++ b/install/includes/stages/login.php Sun Mar 28 23:10:46 2010 -0400 @@ -14,7 +14,7 @@ */ if ( !defined('IN_ENANO_INSTALL') ) - die(); + die(); // AES functions required require_once( ENANO_ROOT . '/includes/rijndael.php' ); @@ -25,28 +25,28 @@ require( ENANO_ROOT . '/config.new.php' ); if ( !defined('ENANO_INSTALL_HAVE_CONFIG') ) { - die('Config file is corrupt'); + die('Config file is corrupt'); } $db = new $dbdriver(); $result = $db->connect(); if ( !$result ) - die('DB privileges were revoked'); + die('DB privileges were revoked'); // Is the key in the database? $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name = \'install_aes_key\';'); if ( !$q ) - $db->_die(); + $db->_die(); if ( $db->numrows() > 0 ) { - list($install_aes_key) = $db->fetchrow_num(); + list($install_aes_key) = $db->fetchrow_num(); } else { - $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); - $install_aes_key = $aes->gen_readymade_key(); - - if ( ! $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'install_aes_key\', \'' . $install_aes_key .'\' ); ') ) - $db->_die(); + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); + $install_aes_key = $aes->gen_readymade_key(); + + if ( ! $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'install_aes_key\', \'' . $install_aes_key .'\' ); ') ) + $db->_die(); } $db->free_result($q); @@ -60,174 +60,174 @@

&$value ) - { - if ( !preg_match('/^[a-z0-9_]+$/', $key) ) - die('You idiot hacker...'); - if ( $key == '_cont' ) - continue; - $value_clean = str_replace(array('\\', '"', '<', '>'), array('\\\\', '\\"', '<', '>'), $value); - echo "\n "; - } - - $https = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ); - $scriptpath_full = 'http' . ( $https ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'] . scriptPath . '/'; - ?> - - - - - - - - - - - - - - - - - - - - - - - - -

- get('login_field_username'); ?> -	- -	- -
- get('login_field_password'); ?> - get('login_aes_blurb'); ?> -	- - - - - get('login_field_password_confirm'); ?> -	- -
- get('login_field_email'); ?> -	- -	- -

- -

+ foreach ( $_POST as $key => &$value ) + { + if ( !preg_match('/^[a-z0-9_]+$/', $key) ) + die('You idiot hacker...'); + if ( $key == '_cont' ) + continue; + $value_clean = str_replace(array('\\', '"', '<', '>'), array('\\\\', '\\"', '<', '>'), $value); + echo "\n "; + } + + $https = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ); + $scriptpath_full = 'http' . ( $https ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'] . scriptPath . '/'; + ?> + + + + + + + + + + + + + + + + + + + + + + + + +

+ get('login_field_username'); ?> +	+ +	+ +
+ get('login_field_password'); ?> + get('login_aes_blurb'); ?> +	+ + + + + get('login_field_password_confirm'); ?> +	+ +
+ get('login_field_email'); ?> +	+ +	+ +

+ +