From 2af58c77572fbc32c1c617764ebdd0252be24292 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 14 Apr 2015 12:54:42 -0400
Subject: [PATCH] - finished rewriting of sql statements

---
 interface/web/login/password_reset.php |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index a83e685..9625934 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -51,8 +51,8 @@
 	if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
 	if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
 
-	$username = $app->db->quote($_POST['username']);
-	$email = $app->db->quote($_POST['email']);
+	$username = $_POST['username'];
+	$email = $_POST['email'];
 
 	$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
 
@@ -62,9 +62,8 @@
 		if($client['client_id'] > 0) {
 			$new_password = $app->auth->get_random_password();
 			$new_password_encrypted = $app->auth->crypt_password($new_password);
-			$new_password_encrypted = $app->db->quote($new_password_encrypted);
 
-			$username = $app->db->quote($client['username']);
+			$username = $client['username'];
 			$app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username);
 			$app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username);
 			$app->tpl->setVar("message", $wb['pw_reset']);

--
Gitblit v1.9.1