Skip to content

Commit 97d5727

Browse files
mckaygerhardmckaygerhard
committed
authmodel - improve parameters protection
1 parent 0e6e1ee commit 97d5727

File tree

1 file changed

+29
-12
lines changed

1 file changed

+29
-12
lines changed

cweb/elcurrencyweb/models/Authmodel.php

Lines changed: 29 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -8,17 +8,28 @@ function __construct()
88
$this->load->library('form_validation');
99
}
1010

11+
private function _checkinputsuser($variable)
12+
{
13+
return preg_match('/^[0-9A-Za-z\-_]+$/', $variable);
14+
}
15+
1116
public function authtable($username, $password)
1217
{
1318
log_message('info', __METHOD__ .' begin ');
1419

15-
$validu = $this->form_validation->required($username);
16-
$validu = $this->form_validation->alpha_dash($username);
17-
$validu = $this->form_validation->max_length($username,40);
18-
$valids = $this->form_validation->required($password);
19-
$valids = $this->form_validation->alpha($password);
20+
$validu = $this->_checkinputsuser($username);
21+
if($validu == FALSE)
22+
{
23+
log_message('info', __METHOD__ .' check input user, invalid user: '. print_r($username,TRUE));
24+
return FALSE;
25+
}
2026

21-
if($validu == FALSE OR $valids == FALSE) return FALSE;
27+
$validu = $this->_checkinputsuser($password);
28+
if($validu == FALSE)
29+
{
30+
log_message('info', __METHOD__ .' check input user, invalid key: '. print_r($password,TRUE));
31+
return FALSE;
32+
}
2233

2334
$this->load->database();
2435
$query = $this->db->get_where('cur_usuarios', array('user_id'=>$username));
@@ -38,13 +49,19 @@ public function authimap($username, $password)
3849
{
3950
log_message('info', __METHOD__ .' begin ');
4051

41-
$validu = $this->form_validation->required($username);
42-
$validu = $this->form_validation->alpha_dash($username);
43-
$validu = $this->form_validation->max_length($username,40);
44-
$valids = $this->form_validation->required($password);
45-
$valids = $this->form_validation->alpha($password);
52+
$validu = $this->_checkinputsuser($username);
53+
if($validu == FALSE)
54+
{
55+
log_message('info', __METHOD__ .' check input user, invalid user: '. print_r($username,TRUE));
56+
return FALSE;
57+
}
4658

47-
if($validu == FALSE OR $valids == FALSE) return FALSE;
59+
$validu = $this->_checkinputsuser($password);
60+
if($validu == FALSE)
61+
{
62+
log_message('info', __METHOD__ .' check input user, invalid key: '. print_r($password,TRUE));
63+
return FALSE;
64+
}
4865

4966
$config = array('plain'=> TRUE, 'username' => $username, 'password' => $password);
5067
$this->load->library('Imap', $config);

0 commit comments

Comments
 (0)