svn commit: r295 - trunk/mapbender/http/php/mod_changePassword.php

uli at osgeo.org uli at osgeo.org
Tue May 16 03:12:27 EDT 2006 

Author: uli
Date: 2006-05-16 07:12:27+0000
New Revision: 295

Modified:
   trunk/mapbender/http/php/mod_changePassword.php

Log:
db_preb_query included

Modified: trunk/mapbender/http/php/mod_changePassword.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_changePassword.php?view=diff&rev=295&p1=trunk/mapbender/http/php/mod_changePassword.php&p2=trunk/mapbender/http/php/mod_changePassword.php&r1=294&r2=295
==============================================================================
--- trunk/mapbender/http/php/mod_changePassword.php	(original)
+++ trunk/mapbender/http/php/mod_changePassword.php	2006-05-16 07:12:27+0000
@@ -113,26 +113,36 @@
 
 /* handle INSERT and DELETE */
 if($upd){
-	$sql_user_id = "SELECT mb_user_id FROM mb_user WHERE mb_user_id='".$logged_user_id."';";
-	$res_user_id = db_query($sql_user_id);
+	$sql_user_id = "SELECT mb_user_id FROM mb_user WHERE mb_user_id = $1 ";
+	$v = array($logged_user_id);
+	$t = array('i');
+	$res_user_id = db_prep_query($sql_user_id,$v,$t);
 	$real_user_id = db_result($res_user_id,0,"mb_user_id");
-	$sql_password = "SELECT mb_user_password,mb_user_password='".$newpassword."' as new FROM mb_user where mb_user_id='".$real_user_id."'";
-	$res_password = db_query($sql_password);
+	$sql_password = "SELECT mb_user_password, mb_user_password = $1 as new FROM mb_user where mb_user_id = $2";
+	$v = array($newpassword,$real_user_id);
+	$t = array('s','i');
+	$res_password = db_prep_query($sql_password,$v,$t);
 	if(db_result($res_password,0,"mb_user_password") != db_result($res_password,0,"new")){
-		$sql_update = "UPDATE mb_user SET mb_user_password=";
+		$v = array();
+		$t = array();
+		$sql_update = "UPDATE mb_user SET mb_user_password = ";
 		if (SYS_DBTYPE=="mysql"){
-			$sql_update.= "password('".$newpassword."')";
+			$sql_update.= "password($1)";
 		}
 		else{
 			if (MD5 == 'false'){
-				$sql_update .= "'".$newpassword."'";
+				$sql_update .= "$1";
 			}
 			else{
-				$sql_update .= "md5('".$newpassword."')";
+				$sql_update .= "md5($1)";
 			}
 		}
-		$sql_update .= " WHERE mb_user_id='".$real_user_id."'";
-		db_query($sql_update);
+		array_push($v,$newpassword);
+		array_push($t,'s');
+		$sql_update .= " WHERE mb_user_id = $2 ";
+		array_push($v,$real_user_id);
+		array_push($t,'i');
+		db_prep_query($sql_update,$v,$t);
 		echo "<script language='javascript'>";
 		//echo "alert('Passwort wurde geändert!');";
 		echo "alert('Password has been updated!');";

More information about the Mapbender_commits mailing list