Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Sanatize some POST values which are put into sql strings
git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/phpsurveyor@2568 b72ed6b6-b9f8-46b5-92b4-906544132732
  • Loading branch information
David Olivier committed Mar 12, 2007
1 parent bfb9c5f commit 767d90a
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions admin/usercontrol.php
Expand Up @@ -47,7 +47,7 @@
if (isset($_POST['user']) && isset($_POST['email']))
{
include("database.php");
$query = "SELECT users_name, password, uid FROM {$dbprefix}users WHERE users_name='{$_POST['user']}' AND email='{$_POST['email']}'";
$query = "SELECT users_name, password, uid FROM ".db_table_name('users')." WHERE users_name=".$connect->qstr($_POST['user'])." AND email=".$connect->qstr($_POST['email']);
$result = db_select_limit_assoc($query, 1) or die ($query."<br />".$connect->ErrorMsg());

if ($result->RecordCount() < 1)
Expand All @@ -73,7 +73,7 @@

if(MailTextMessage($body, $subject, $to, $from, $sitename))
{
$query = "UPDATE {$dbprefix}users SET password='".SHA256::hash($new_pass)."' WHERE uid={$fields['uid']}";
$query = "UPDATE ".db_table_name('users')." SET password='".SHA256::hash($new_pass)."' WHERE uid={$fields['uid']}";
$connect->Execute($query);
$loginsummary .= "<br />".$clang->gT("Username").": {$fields['users_name']}<br />".$clang->gT("Email").": {$_POST['email']}<br />";
$loginsummary .= "<br />".$clang->gT("An email with your login data was sent to you.");
Expand All @@ -95,7 +95,7 @@
if (isset($_POST['user']) && isset($_POST['password']))
{
include("database.php");
$query = "SELECT uid, users_name, password, parent_id, email, lang FROM {$dbprefix}users WHERE users_name='{$_POST['user']}'";
$query = "SELECT uid, users_name, password, parent_id, email, lang FROM ".db_table_name('users')." WHERE users_name=".$connect->qstr($_POST['user']);
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$result = $connect->SelectLimit($query, 1) or die ($query."<br />".$connect->ErrorMsg());
if ($result->RecordCount() < 1)
Expand Down Expand Up @@ -179,7 +179,7 @@
$newqid = $connect->Insert_ID();

// add new user to userlist
$squery = "SELECT uid, users_name, password, parent_id, email, create_survey, configurator, create_user, delete_user, move_user, manage_template, manage_label FROM {$dbprefix}users WHERE uid='{$newqid}'"; //added by Dennis
$squery = "SELECT uid, users_name, password, parent_id, email, create_survey, configurator, create_user, delete_user, move_user, manage_template, manage_label FROM ".db_table_name('users')." WHERE uid='{$newqid}'"; //added by Dennis
$sresult = db_execute_assoc($squery);
$srow = $sresult->FetchRow();

Expand Down Expand Up @@ -262,7 +262,7 @@

if (isset($fields[0]))
{
$uquery = "UPDATE {$dbprefix}users SET parent_id={$fields[0]} WHERE parent_id={$_POST['uid']}"; // added by Dennis
$uquery = "UPDATE ".db_table_name('users')." SET parent_id={$fields[0]} WHERE parent_id={$_POST['uid']}"; // added by Dennis
$uresult = $connect->Execute($uquery);
}

Expand Down Expand Up @@ -311,9 +311,9 @@
$failed = false;
if(empty($pass))
{
$uquery = "UPDATE {$dbprefix}users SET email='{$email}', full_name='{$full_name}' WHERE uid={$_POST['uid']}";
$uquery = "UPDATE ".db_table_name('users')." SET email='{$email}', full_name='{$full_name}' WHERE uid={$_POST['uid']}";
} else {
$uquery = "UPDATE {$dbprefix}users SET email='{$email}', full_name='{$full_name}', password='".SHA256::hash($pass)."' WHERE uid={$_POST['uid']}";
$uquery = "UPDATE ".db_table_name('users')." SET email='{$email}', full_name='{$full_name}', password='".SHA256::hash($pass)."' WHERE uid={$_POST['uid']}";
}

$uresult = $connect->Execute($uquery);
Expand Down

0 comments on commit 767d90a

Please sign in to comment.