danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure members can not read private messages of previous guests with the same name

Browse Source
This commit is contained in:
Daniel Winzen
2021-05-02 16:31:18 +02:00
parent c7169daeaf
commit 58638ba56e
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
chat.php
View File

@ -2947,6 +2947,12 @@ function set_new_nickname() : string {
if($stmt->fetch(PDO::FETCH_NUM)){ if($stmt->fetch(PDO::FETCH_NUM)){
return $I['nicknametaken']; return $I['nicknametaken'];
}else{ }else{
// Make sure members can not read private messages of previous guests with the same name
$stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET poster = "" WHERE poster = ? AND poststatus = 9;');
$stmt->execute([$_POST['newnickname']]);
$stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET recipient = "" WHERE recipient = ? AND poststatus = 9;');
$stmt->execute([$_POST['newnickname']]);
// change names in all tables
$stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET nickname=? WHERE nickname=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'members SET nickname=? WHERE nickname=?;');
$stmt->execute([$_POST['newnickname'], $U['nickname']]); $stmt->execute([$_POST['newnickname'], $U['nickname']]);
$stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET nickname=? WHERE nickname=?;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'sessions SET nickname=? WHERE nickname=?;');