Mercurial > hg > ywww

changeset 29:f024f2f08994

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
a few more undef var fixes
author Robert Boland <robert@markup.co.uk>
date Fri, 04 Jan 2019 08:49:25 -0500
parents b058736bc9ad
children b1bbf44c701b
files php/read/updateLink.php user/resetPassword.php
diffstat 2 files changed, 12 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/php/read/updateLink.php	Fri Jan 04 08:48:00 2019 -0500
+++ b/php/read/updateLink.php	Fri Jan 04 08:49:25 2019 -0500
@@ -7,7 +7,9 @@
 $dir = strval($_GET['dir']);
 echo $dir;
 $userID="";
-$userID = strval($_GET['userID']);
+if (isset($_GET['userID'])) {
+    $userID = strval($_GET['userID']);
+  }
 echo $userID;
 
 include "../../../private/db.php";  
--- a/user/resetPassword.php	Fri Jan 04 08:48:00 2019 -0500
+++ b/user/resetPassword.php	Fri Jan 04 08:49:25 2019 -0500
@@ -5,15 +5,17 @@
 include "passGen.php";
 
 // emailname and password sent from form
-$userID=$_GET['userID'];
+$mypassword=$_GET['pwd'];
 $email=$_GET['email'];
-$mypassword=$_GET['pwd'];
-$oldpass=$_GET['oldpwd'];
+if ($mypassword!='regen') {
+  $oldpass=$_GET['oldpwd'];
+  $userID=$_GET['userID'];
 
-// To protect MySQL injection 
-$userID = stripslashes($userID);
-$userID = mysqli_real_escape_string($link,$userID);
-//echo $userID;
+  // To protect MySQL injection 
+  $userID = stripslashes($userID);
+  $userID = mysqli_real_escape_string($link,$userID);
+  //echo $userID;
+ }
 $email = stripslashes($email);
 $mypassword = stripslashes($mypassword);
 $email = mysqli_real_escape_string($link,$email);