diff --git a/login.php b/login.php index c4aebdf..273cc13 100644 --- a/login.php +++ b/login.php @@ -26,7 +26,7 @@ require("./functions.inc.php"); include("./languages/" . check_language () . ".lang"); if ($_SERVER['REQUEST_METHOD'] == "POST") { - $fUsername = escape_string ($_POST['fUsername']); + $fUsername = filter_input(INPUT_POST, 'fUsername', FILTER_VALIDATE_EMAIL); $fPassword = escape_string ($_POST['fPassword']); $result = db_query("SELECT password FROM admin WHERE username='$fUsername' AND active='1'"); diff --git a/users/login.php b/users/login.php index 4621fa6..184e958 100644 --- a/users/login.php +++ b/users/login.php @@ -26,7 +26,7 @@ require("../functions.inc.php"); include("../languages/" . check_language() . ".lang"); if ($_SERVER['REQUEST_METHOD'] == "POST") { - $fUsername = escape_string($_POST['fUsername']); + $fUsername = filter_input(INPUT_POST, 'fUsername', FILTER_VALIDATE_EMAIL); $fPassword = escape_string($_POST['fPassword']); $result = db_query("SELECT password FROM mailbox WHERE username='$fUsername' AND active='1'");