From 33dcfbd68e1c5af3cb15bce571d55dd33cba93dd Mon Sep 17 00:00:00 2001
From: jeroen <jeroen@laylo.io>
Date: Mon, 22 Aug 2022 21:42:21 +0200
Subject: [PATCH] Update login.php and users/login.php: change filtering
 technique

---
 login.php       | 2 +-
 users/login.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/login.php b/login.php
index c4aebdf..273cc13 100644
--- a/login.php
+++ b/login.php
@@ -26,7 +26,7 @@ require("./functions.inc.php");
 include("./languages/" . check_language () . ".lang");
  
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	$fUsername = escape_string ($_POST['fUsername']);
+	$fUsername = filter_input(INPUT_POST, 'fUsername', FILTER_VALIDATE_EMAIL);
 	$fPassword = escape_string ($_POST['fPassword']);
 
 	$result = db_query("SELECT password FROM admin WHERE username='$fUsername' AND active='1'");
diff --git a/users/login.php b/users/login.php
index 4621fa6..184e958 100644
--- a/users/login.php
+++ b/users/login.php
@@ -26,7 +26,7 @@ require("../functions.inc.php");
 include("../languages/" . check_language() . ".lang");
  
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	$fUsername = escape_string($_POST['fUsername']);
+	$fUsername = filter_input(INPUT_POST, 'fUsername', FILTER_VALIDATE_EMAIL);
 	$fPassword = escape_string($_POST['fPassword']);
 
 	$result = db_query("SELECT password FROM mailbox WHERE username='$fUsername' AND active='1'");