Revision 1486
Added by DarkViper over 14 years ago
| class.login.php | ||
|---|---|---|
| 74 | 74 |
// User has been "remembered" |
| 75 | 75 |
// Get the users password |
| 76 | 76 |
// $database = new database(); |
| 77 |
$query_details = $database->query("SELECT * FROM ".$this->users_table." WHERE user_id = '".$this->get_safe_remember_key()."' LIMIT 1");
|
|
| 77 |
$sql = 'SELECT * FROM `'.$this->users_table.'` '; |
|
| 78 |
$sql .= 'WHERE `user_id`=\''.$this->get_safe_remember_key().'\''; |
|
| 79 |
$query_details = $database->query($sql); |
|
| 78 | 80 |
$fetch_details = $query_details->fetchRow(); |
| 79 | 81 |
$this->username = $fetch_details['username']; |
| 80 | 82 |
$this->password = $fetch_details['password']; |
| ... | ... | |
| 130 | 132 |
// $database = new database(); |
| 131 | 133 |
// $query = 'SELECT * FROM `'.$this->users_table.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1'; |
| 132 | 134 |
$loginname = ( preg_match('/[\;\=\&\|\<\> ]/',$this->username) ? '' : $this->username );
|
| 133 |
$query = 'SELECT * FROM `'.$this->users_table.'` WHERE `username` = "'.$loginname.'" AND `password` = "'.$this->password.'" AND `active` = 1'; |
|
| 134 |
$results = $database->query($query); |
|
| 135 |
$sql = 'SELECT * FROM `'.$this->users_table.'` '; |
|
| 136 |
$sql .= 'WHERE `username`=\''.$loginname.'\' AND `password`=\''.$this->password.'\' AND `active`=1'; |
|
| 137 |
$results = $database->query($sql); |
|
| 135 | 138 |
$results_array = $results->fetchRow(); |
| 136 | 139 |
$num_rows = $results->numRows(); |
| 137 | 140 |
if($num_rows == 1) {
|
| ... | ... | |
| 183 | 186 |
$first_group = true; |
| 184 | 187 |
foreach (explode(",", $this->get_session('GROUPS_ID')) as $cur_group_id)
|
| 185 | 188 |
{
|
| 186 |
$query = "SELECT * FROM ".$this->groups_table." WHERE group_id = '".$cur_group_id."'";
|
|
| 187 |
$results = $database->query($query);
|
|
| 189 |
$sql = 'SELECT * FROM `'.$this->groups_table.'` WHERE `group_id`=\''.$cur_group_id.'\'';
|
|
| 190 |
$results = $database->query($sql);
|
|
| 188 | 191 |
$results_array = $results->fetchRow(); |
| 189 | 192 |
$_SESSION['GROUP_NAME'][$cur_group_id] = $results_array['name']; |
| 190 | 193 |
// Set system permissions |
| ... | ... | |
| 213 | 216 |
// Update the users table with current ip and timestamp |
| 214 | 217 |
$get_ts = time(); |
| 215 | 218 |
$get_ip = $_SERVER['REMOTE_ADDR']; |
| 216 |
$query = "UPDATE ".$this->users_table." SET login_when = '$get_ts', login_ip = '$get_ip' WHERE user_id = '$user_id'"; |
|
| 217 |
$database->query($query); |
|
| 219 |
$sql = 'UPDATE `'.$this->users_table.'` '; |
|
| 220 |
$sql .= 'SET `login_when`=\''.$get_ts.'\', `login_ip`=\''.$get_ip.'\' '; |
|
| 221 |
$sql .= 'WHERE `user_id`=\''.$user_id.'\''; |
|
| 222 |
$database->query($sql); |
|
| 218 | 223 |
}else {
|
| 219 | 224 |
$num_rows = 0; |
| 220 | 225 |
} |
Also available in: Unified diff
database::field_modify() there was a bug to fix
all other files: fixed SQL-statements to SQL-strict