Added sqli in login field.
This commit is contained in:
parent
1bfbfa1291
commit
3a9639cbdf
|
@ -1,6 +1,6 @@
|
||||||
class UserSessionsController < ApplicationController
|
class UserSessionsController < ApplicationController
|
||||||
def create
|
def create
|
||||||
@user = User.find_by :login => user_session_params[:login], :password => Digest::MD5.hexdigest(user_session_params[:password])
|
@user = User.where("users.login = '#{user_session_params[:login]}' AND users.password = '#{Digest::MD5.hexdigest(user_session_params[:password])}'").first
|
||||||
if @user
|
if @user
|
||||||
@user.session = SecureRandom.hex
|
@user.session = SecureRandom.hex
|
||||||
@user.save
|
@user.save
|
||||||
|
|
Loading…
Reference in New Issue