janis/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing vuln where someone could change his username after loging in and therefore login with any account

Browse Source
This commit is contained in:
Janis Steiner
2025-03-31 15:45:35 +00:00
parent 23168103ff
commit bdac5a04bb
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app-code/api/login/set_username.php
View File

@@ -1,5 +1,6 @@
<?php <?php
session_start(); session_start();
$_SESSION["needs_auth"]=true; $_SESSION["needs_auth"]=true;
$_SESSION["logged_in"]=false;
$_SESSION["username"]=preg_replace("/[^a-z0-9_]/","",$_POST["username"]); $_SESSION["username"]=preg_replace("/[^a-z0-9_]/","",$_POST["username"]);
?> ?>