Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 Save extra call to chkString() in password.asp		  Forum Locked  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

Davio
Development Team Member

Jamaica
12217 Posts
Posted - 03 October 2006 :  05:20:32  Show Profile
In password.asp, line 115 to 124 is as follows:
if Err_Msg = "" then
	strEncodedPassword = sha256("" & Request.Form("Password"))
	pwkey = ""

	'Update the user's password
	strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
	strSql = strSql & " SET M_PASSWORD = '" & chkString(strEncodedPassword,"SQLString") & "'"
	strSql = strSql & ", M_PWKEY = '" & chkString(pwkey,"SQLString") & "'"
	strSql = strSql & " WHERE MEMBER_ID = " & cLng(Request.Form("MEMBER_ID"))
	strSql = strSql & " AND M_PWKEY = '" & key & "'"

	my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
else
The variable pwkey is set to an empty string before being password to the sql query. This empty variable is put through chkString() function which is not needed.

Suggest changing line 120 to:
strSql = strSql & ", M_PWKEY = ''"
and remove pwkey = "".<
Support Snitz Forums
Edited by - AnonJr on 17 March 2009 19:14:03

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 03 October 2006 :  06:25:39  Show Profile  Visit HuwR's Homepage
sounds sensible to me<
Go to Top of Page

Davio
Development Team Member

Jamaica
12217 Posts
Posted - 03 December 2006 :  19:40:43  Show Profile
Fixed in version 3.4.07.<
Support Snitz Forums
Edited by - Davio on 06 January 2008 14:50:56
Go to Top of Page
  Previous Topic Topic Next Topic  
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.25 seconds. Powered By: Snitz Forums 2000 Version 3.4.07