Changeset 111 for trunk/lib/Auth_SQL.inc.php
- Timestamp:
- Apr 27, 2006 1:49:54 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r103 r111 305 305 SELECT *, " . $this->_params['db_primary_key'] . " AS user_id 306 306 FROM " . $this->_params['db_table'] . " 307 WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'308 AND BINARY userpass = '" . addslashes($this->encryptPassword($password)) . "'307 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "' 308 AND BINARY userpass = '" . DB::escapeString($this->encryptPassword($password)) . "' 309 309 "); 310 310 … … 453 453 $qid = DB::query(" 454 454 SELECT 1 FROM " . $this->_params['db_table'] . " 455 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'455 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 456 456 AND DATE_ADD(last_login_datetime, INTERVAL '" . $this->_params['login_timeout'] . "' SECOND) > NOW() 457 457 AND DATE_ADD(last_access_datetime, INTERVAL '" . $this->_params['idle_timeout'] . "' SECOND) > NOW() … … 572 572 573 573 if ($this->getParam('blocking')) { 574 if (strlen( addslashes($reason)) > 255) {574 if (strlen(DB::escapeString($reason)) > 255) { 575 575 // blocked_reason field is varchar(255). 576 576 App::logMsg(sprintf('Blocked reason provided is greater than 255 characters: %s', $reason), LOG_WARNING, __FILE__, __LINE__); … … 582 582 UPDATE " . $this->_params['db_table'] . " SET 583 583 blocked = 'true', 584 blocked_reason = '" . addslashes($reason) . "'585 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'584 blocked_reason = '" . DB::escapeString($reason) . "' 585 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 586 586 "); 587 587 } … … 602 602 blocked = '', 603 603 blocked_reason = '' 604 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'604 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 605 605 "); 606 606 } … … 620 620 SELECT 1 621 621 FROM " . $this->_params['db_table'] . " 622 WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'622 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "' 623 623 "); 624 624 return (mysql_num_rows($qid) > 0); … … 638 638 SELECT " . $this->_params['db_username_column'] . " 639 639 FROM " . $this->_params['db_table'] . " 640 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'640 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 641 641 "); 642 642 if (list($username) = mysql_fetch_row($qid)) { … … 717 717 DB::query(" 718 718 UPDATE " . $this->_params['db_table'] . " 719 SET userpass = '" . addslashes($this->encryptPassword($password)) . "'720 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'719 SET userpass = '" . DB::escapeString($this->encryptPassword($password)) . "' 720 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 721 721 "); 722 722 } … … 739 739 $qid = DB::query(" 740 740 SELECT * FROM " . $this->_params['db_table'] . " 741 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'741 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 742 742 "); 743 743 if (!$user_data = mysql_fetch_assoc($qid)) {
Note: See TracChangeset
for help on using the changeset viewer.