From a2693a0374122d44153c77eb3649f6ffa5714d99 Mon Sep 17 00:00:00 2001
From: Michael Meckelein <mmeckelein@hq.adiscon.com>
Date: Mon, 12 Dec 2005 11:17:54 +0000
Subject: [PATCH] fixed security bug in user validation

---
 doc/history.htm |  4 ++++
 submit.php      | 18 +++++++++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/doc/history.htm b/doc/history.htm
index 224d64b..63faf2f 100644
--- a/doc/history.htm
+++ b/doc/history.htm
@@ -16,6 +16,10 @@
 
 		<p><small><a href="index.htm">[Doc Home]</a></small></p>
 		<h2><a name="top">7. Release History</a></h2>
+		<p>2005-12-12
+			<li>Fixed a security bug in user login validation.
+			</li>
+		</p>
 		<p>2005-12-05
 			<li>"Message must contain" filter enhanced. Filtering for multiple words (seperated by spaces) is supported now.
 			</li>
diff --git a/submit.php b/submit.php
index c75a21d..42c562b 100644
--- a/submit.php
+++ b/submit.php
@@ -27,7 +27,20 @@ See AUTHORS to learn who helped make it become a reality.
 
 */#### #### #### #### #### #### #### #### #### #### 
 
+// Check for speical ysql characters
+function invalid_chars( $string )
+{
+	$bad_list = array("'",'"',"%");
 
+	foreach( $bad_list as $needle )
+	{
+		if( strpos( $string, $needle ) !== FALSE )
+		{
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
 
 //	global _DBNAME, _DBUSERID, _DBPWD, _DBSERVER, $session_time;
 	include 'include.php';
@@ -35,8 +48,7 @@ See AUTHORS to learn who helped make it become a reality.
 	if( !isset($_POST['save_cookies']))
 		$_POST['save_cookies'] = 0;
 
-
-	if( stristr($_POST['pass'], "'") || stristr($_POST['pass'], '"') || stristr($_POST['usr'], "'") || stristr($_POST['usr'], '"'))
+    if( invalid_chars( $_POST['usr'] ) || invalid_chars( $_POST['pass'] ) )
 	{
 		WriteHead('phpLogCon :: ' , _MSGAccDen, '', '', _MSGAccDen, 0);
 		print '<br><b>..:: ' . _MSGNamInvChr . ' ::..</b><br>';
@@ -96,4 +108,4 @@ See AUTHORS to learn who helped make it become a reality.
 
 		}
 	}
-?>
\ No newline at end of file
+?>