Skip to content
Permalink
Browse files Browse the repository at this point in the history
Added a confirmation code to auto_login URL to fix bug where anyone c…
…an login as anyone.
  • Loading branch information
gbuckingham89 committed Aug 25, 2014
1 parent ef64e66 commit 950a029
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions confirm.php
Expand Up @@ -82,7 +82,7 @@
require(AT_INCLUDE_PATH.'header.inc.php');
echo "<div class=\"input-form\">";
require(AT_INCLUDE_PATH.'html/auto_enroll_list_courses.inc.php');
echo '<p style="text-align:center"><a href="'. $_SERVER['PHP_SELF'] . '?auto_login=1&member_id='. $id .'">' . _AT("go_to_my_start_page") . '</a></p>';
echo '<p style="text-align:center"><a href="'. $_SERVER['PHP_SELF'] . '?auto_login=1&member_id='. $id .'&code=' . $code .'">' . _AT("go_to_my_start_page") . '</a></p>';
echo "</div>";
require(AT_INCLUDE_PATH.'footer.inc.php');
exit;
Expand All @@ -94,6 +94,7 @@
// enable auto login student into "my start page"
$_REQUEST["auto_login"] = 1;
$_REQUEST["member_id"] = $id;
$_REQUEST["code"] = $code;
}
} else {
$msg->addError('CONFIRM_BAD');
Expand Down Expand Up @@ -142,8 +143,10 @@

$sql = "SELECT M.member_id, M.login, M.preferences, M.language FROM %smembers M WHERE M.member_id=%d";
$row = queryDB($sql, array(TABLE_PREFIX, $_REQUEST["member_id"]), TRUE);

$code = substr(md5($e . $row['creation_date'] . $id), 0, 10);

if ($row['member_id'] != '')
if ($row['member_id'] != '' && isset($_REQUEST['code']) && $_REQUEST['code'] == $code)
{
$_SESSION['valid_user'] = true;
$_SESSION['member_id'] = $_REQUEST["member_id"];
Expand Down

0 comments on commit 950a029

Please sign in to comment.