diff options
author | Keenan Pepper <keenan.pepper@salesforce.com> | 2020-05-27 13:52:38 -0700 |
---|---|---|
committer | Keenan Pepper <keenan.pepper@salesforce.com> | 2020-05-27 13:52:38 -0700 |
commit | 6bfac1a9076b25c5c1cd9467e9051544f40d512e (patch) | |
tree | 93d4930c3cf4216a434dcac41c966702ec4d1395 | |
parent | d0c7c99d5e1eb27281431231640c7e8c019b90e1 (diff) | |
download | volse-hubzilla-6bfac1a9076b25c5c1cd9467e9051544f40d512e.tar.gz volse-hubzilla-6bfac1a9076b25c5c1cd9467e9051544f40d512e.tar.bz2 volse-hubzilla-6bfac1a9076b25c5c1cd9467e9051544f40d512e.zip |
Fix bug allowing invite codes to be reused unlimited times
The invite codes aren't deleted from the DB because of a malformed query.
-rw-r--r-- | Zotlabs/Module/Register.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index bc813f8e1..278cf15ca 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -118,7 +118,7 @@ class Register extends Controller { $invite_code = ((x($_POST,'invite_code')) ? notags(trim($_POST['invite_code'])) : ''); if($using_invites && $invite_code) { - q("delete * from register where hash = '%s'", dbesc($invite_code)); + q("delete from register where hash = '%s'", dbesc($invite_code)); // @FIXME - this also needs to be considered when using 'invites_remaining' in mod/invite.php set_aconfig($result['account']['account_id'],'system','invites_remaining',$num_invites); } |