dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix code that allowed userid / passwd as well as user_id / password.

This commit is contained in:
Mark Crane 2015-04-06 09:08:57 +00:00
parent 1265011c1d
commit ab1ebf581b
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/provision/resources/classes/provision.php
View File

@ -174,7 +174,7 @@ include "root.php";
} }
//check to see if the mac_address exists in devices //check to see if the mac_address exists in devices
if (isset($_REQUEST['user_id']) or isset($_REQUEST['userid'])) { if (strlen($_REQUEST['user_id']) > 0 || strlen($_REQUEST['userid']) > 0) {
if ($this->mac_exists($mac)) { if ($this->mac_exists($mac)) {
//get the device_template //get the device_template
if (strlen($device_template) == 0) { if (strlen($device_template) == 0) {
@ -297,12 +297,12 @@ include "root.php";
} }
//get the device uuid using the username and password //get the device uuid using the username and password
if (isset($_REQUEST['user_id']) or isset($_REQUEST['userid'])) { if (strlen($_REQUEST['user_id']) > 0 || strlen($_REQUEST['userid']) > 0) {
//set the variables //set the variables
$user_id = $_REQUEST['user_id']; $user_id = $_REQUEST['user_id'];
$password = $_REQUEST['password']; $password = $_REQUEST['password'];
if (isset($_REQUEST['userid'])) { $user_id = $_REQUEST['userid']; } if (strlen($_REQUEST['userid']) > 0) { $user_id = $_REQUEST['userid']; }
if (isset($_REQUEST['password'])) { $password = $_REQUEST['passwd']; } if (strlen($_REQUEST['passwd']) > 0) { $password = $_REQUEST['passwd']; }
//get the device uuid //get the device uuid
$sql = "SELECT * FROM v_device_lines "; $sql = "SELECT * FROM v_device_lines ";
$sql .= "WHERE user_id = :user_id "; $sql .= "WHERE user_id = :user_id ";