--- a/inc/users.inc.php Thu Jan 03 23:04:46 2008 +0000
+++ b/inc/users.inc.php Sat Jan 05 16:25:49 2008 +0000
@@ -29,10 +29,11 @@
function show_users($id='',$rowstart=0,$rowamount=9999999)
{
global $db;
+ $add = '';
if(is_numeric($id))
{
//When a user id is given, it is excluded from the userlist returned.
- $add = " WHERE users.id!=$id";
+ $add = " WHERE users.id!=".$db->quote($id);
}
// Make a huge query.
@@ -54,10 +55,10 @@
users.level,
users.active
ORDER BY
- users.fullname
- LIMIT $rowamount OFFSET $rowstart";
+ users.fullname";
// Execute the huge query.
+ $db->setLimit($rowstart, $rowamount);
$result = $db->query($sqlq);
$ret = array();
$retcount = 0;
@@ -87,7 +88,7 @@
global $db;
if(is_numeric($id))
{
- $result = $db->query("SELECT id FROM users WHERE id=$id");
+ $result = $db->query("SELECT id FROM users WHERE id=".$db->quote($id));
if ($result->numRows() == 1)
{
return true;
@@ -134,7 +135,7 @@
function user_exists($user)
{
global $db;
- $result = $db->query("SELECT id FROM users WHERE username='$user'");
+ $result = $db->query("SELECT id FROM users WHERE username=".$db->quote($user));
if ($result->numRows() == 0)
{
return false;
@@ -159,7 +160,7 @@
global $db;
if (is_numeric($id))
{
- $result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=$id");
+ $result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=".$db->quote($id));
$r = $result->fetchRow();
return $r;
}
@@ -183,8 +184,8 @@
}
if (is_numeric($id))
{
- $db->query("DELETE FROM users WHERE id=$id");
- $db->query("DELETE FROM zones WHERE owner=$id");
+ $db->query("DELETE FROM users WHERE id=".$db->quote($id));
+ $db->query("DELETE FROM zones WHERE owner=".$db->quote($id));
return true;
// No need to check the affected rows. If the affected rows would be 0,
// the user isnt in the dbase, just as we want.
@@ -209,15 +210,12 @@
}
if (!user_exists($user))
{
- // Might have to be changed.
- // TODO probably.
- $description = mysql_escape_string($description);
+ if (!is_valid_email($email))
+ {
+ error(ERR_INV_EMAIL);
+ }
- // Clean up the fullname
- $fullname = mysql_escape_string($fullname);
- is_valid_email($email);
-
- $db->query("INSERT INTO users (username, password, fullname, email, description, level, active) VALUES ('$user', '" . md5($password) . "', '$fullname', '$email', '$description', '$level', '$active')");
+ $db->query("INSERT INTO users (username, password, fullname, email, description, level, active) VALUES (".$db->quote($user).", '" . md5($password) . "', ".$db->quote($fullname).", ".$db->quote($email).", ".$db->quote($description).", ".$db->quote($level).", ".$db->quote($active).")");
return true;
}
else
@@ -238,23 +236,22 @@
error(ERR_LEVEL_10);
}
- // Might have to be changed.
- // TODO
- $description = mysql_escape_string($description);
- $fullname = mysql_escape_string($fullname);
- is_valid_email($email);
+ if (!is_valid_email($email))
+ {
+ error(ERR_INV_EMAIL);
+ }
- $sqlquery = "UPDATE users set username='$user', fullname='$fullname', email='$email', level=$level, description='$description', active=$active ";
+ $sqlquery = "UPDATE users set username=".$db->quote($user).", fullname=".$db->quote($fullname).", email=".$db->quote($email).", level=".$db->quote($level).", description=".$db->quote($description).", active=".$db->quote($active);
if($password != "")
{
$sqlquery .= ", password= '" . md5($password) . "' ";
}
- $sqlquery .= "where id=$id" ;
+ $sqlquery .= " WHERE id=".$db->quote($id) ;
// Search the username that right now goes with this ID.
- $result = $db->query("SELECT username from users where id=$id");
+ $result = $db->query("SELECT username from users where id=".$db->quote($id));
$r = array();
$r = $result->fetchRow();
@@ -268,7 +265,7 @@
// Its not.. so the user wants to change.
// Find if there is an id that has the wished username.
- $otheruser = $db->query("SELECT id from users where username='$user'");
+ $otheruser = $db->query("SELECT id from users where username=".$db->query($user));
if($otheruser->numRows() > 0)
{
error(ERR_USER_EXIST);
@@ -299,7 +296,7 @@
}
// Retrieve the users password.
- $result = $db->query("SELECT password, id FROM users WHERE username='". $_SESSION["userlogin"] ."'");
+ $result = $db->query("SELECT password, id FROM users WHERE username=".$db->quote($_SESSION["userlogin"]));
$rinfo = $result->fetchRow();
// Check the current password versus the database password and execute the update.
@@ -327,7 +324,7 @@
global $db;
if (is_numeric($id))
{
- $result = $db->query("SELECT fullname FROM users WHERE id=$id");
+ $result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));
$r = $result->fetchRow();
return $r["fullname"];
}
@@ -347,7 +344,7 @@
global $db;
if (is_numeric($id))
{
- $result = $db->query("SELECT fullname FROM users WHERE id=$id");
+ $result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));
if ($result->numRows() == 1)
{
$r = $result->fetchRow();
@@ -373,7 +370,7 @@
global $db;
if (is_numeric($id))
{
- $result = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=$id AND zones.owner=users.id ORDER by fullname");
+ $result = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id)." AND zones.owner=users.id ORDER by fullname");
if ($result->numRows() == 0)
{
return "";