Update login.php and users/login.php: change filtering technique

2022-08-22 21:42:21 +02:00 · 2022-08-22 21:42:21 +02:00 · 33dcfbd68e
commit 33dcfbd68e
parent 5c0734b7ab
2 changed files with 2 additions and 2 deletions
--- a/login.php
+++ b/login.php
@ -26,7 +26,7 @@ require("./functions.inc.php");
 include("./languages/" . check_language () . ".lang");
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	$fUsername = escape_string ($_POST['fUsername']);
+	$fUsername = filter_input(INPUT_POST, 'fUsername', FILTER_VALIDATE_EMAIL);
 	$fPassword = escape_string ($_POST['fPassword']);

 	$result = db_query("SELECT password FROM admin WHERE username='$fUsername' AND active='1'");
--- a/users/login.php
+++ b/users/login.php
@ -26,7 +26,7 @@ require("../functions.inc.php");
 include("../languages/" . check_language() . ".lang");
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	$fUsername = escape_string($_POST['fUsername']);
+	$fUsername = filter_input(INPUT_POST, 'fUsername', FILTER_VALIDATE_EMAIL);
 	$fPassword = escape_string($_POST['fPassword']);

 	$result = db_query("SELECT password FROM mailbox WHERE username='$fUsername' AND active='1'");