svn commit: r302 - trunk/mapbender/http/php/mod_createUser.php

uli at osgeo.org uli at osgeo.org
Tue May 16 04:26:14 EDT 2006 

Author: uli
Date: 2006-05-16 08:26:14+0000
New Revision: 302

Modified:
   trunk/mapbender/http/php/mod_createUser.php

Log:
db_prep_query included

Modified: trunk/mapbender/http/php/mod_createUser.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_createUser.php?view=diff&rev=302&p1=trunk/mapbender/http/php/mod_createUser.php&p2=trunk/mapbender/http/php/mod_createUser.php&r1=301&r2=302
==============================================================================
--- trunk/mapbender/http/php/mod_createUser.php	(original)
+++ trunk/mapbender/http/php/mod_createUser.php	2006-05-16 08:26:14+0000
@@ -119,36 +119,47 @@
 	$owner_id =1;
 	$resolution = 72;
 	$login_count = 0;
-	$sql = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = '".$name."' ";
-	$res = db_query($sql);
+	$sql = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = $1 ";
+	$v = array($name);
+	$t = array('s');
+	$res = db_prep_query($sql,$v,$t);
 	if(db_fetch_row($res)){
 		echo "<script language='JavaScript'>alert('Username must be unique!');</script>";
 	}
 	else{
-		$sql = "Insert INTO mb_user (mb_user_name, mb_user_password,mb_user_owner, mb_user_description, mb_user_email, mb_user_phone, mb_user_department, mb_user_resolution) VALUES ";
-		$sql.= "('".$name."',";
+		
+		$sql = "Insert INTO mb_user (mb_user_name, mb_user_password,mb_user_owner, ";
+		$sql .= "mb_user_description, mb_user_email, mb_user_phone, mb_user_department, ";
+		$sql .= "mb_user_resolution) VALUES ";
+		$sql.= "($1, ";		
 		if(SYS_DBTYPE == "mysql") {
-			$sql .= "password('".$password."')";
+			$sql .= "password($2)";
 		}
 		else {
 			if (MD5 == 'false'){
-				$sql .= "'".$password."'";
+				$sql .= "$2'";
 			}
 			else{
-				$sql .= "md5('".$password."')";
+				$sql .= "md5($2)";
 			}
 		}
-		$sql.=",".$owner_id.",'".$description."', '".$email."', '".$phone."', '".$department."', ".$resolution.");";
-		$res = db_query($sql);
+		$sql.= ", $3, $4, $5, $6, $7, $8);";
+		$v = array($name,$password,$owner_id,$description,$email,$phone,$department,$resolution);
+		$t = array('s','s','i','s','s','s','s','i');
+		$res = db_prep_query($sql);
+		
 		$selected_user = db_insert_id('platzhalter','mb_user','mb_user_id');
-		$sql_owner = "Update mb_user SET mb_user_owner = ";
-		$sql_owner.= "1"; #$selected_user;
-		$sql_owner.= " WHERE mb_user_name ='".$name."'";
-		$res_owner = db_query($sql_owner);	 
+		$sql_owner = "Update mb_user SET mb_user_owner = $1 ";
+		$sql_owner.= " WHERE mb_user_name = $2 ";
+		$v = array(1,$name); #$selected_user;
+		$t = array('i','s');
+		$res_owner = db_prep_query($sql_owner,$v,$t);	 
 		# removed, because a new user may be inserted in a group with too many privileges
 		$sql_group = "Insert INTO mb_user_mb_group (fkey_mb_user_id, fkey_mb_group_id) VALUES ";
-		$sql_group.= "(".$selected_user.", 20);";
-		$res_group = db_query($sql_group);
+		$sql_group.= "($1, $2) ";
+		$v = array($selected_user,20);
+		$t = array('i','i');
+		$res_group = db_prep_query($sql_group,$v,$t);
 		// CB (begin)
 		// adding new GUIs for new user (copies of gui and gui1 with owner rights)
 		$gui = new gui();
@@ -177,8 +188,10 @@
 		$admin->insertUserAsGuiOwner($new_guiId2[0], $selected_user);
 		// delete gui from groups
 		// (gui and gui1 are associated with groups 20 and 21, new guis belong to mb_user only)
-		$sql_del_from_group = "DELETE FROM gui_mb_group WHERE fkey_gui_id = '".$new_guiId1[0]."' OR fkey_gui_id = '".$new_guiId2[0]."' ";
-		$res_del_from_group = db_query($sql_del_from_group);	 
+		$sql_del_from_group = "DELETE FROM gui_mb_group WHERE fkey_gui_id = $1 OR fkey_gui_id = $2 ";
+		$v = array($new_guiId1[0],$new_guiId2[0]);
+		$t = array('s','s');
+		$res_del_from_group = db_prep_query($sql_del_from_group,$v,$t);	 
 	}
 }
 
@@ -196,8 +209,10 @@
 echo "<table border='0'>";
 
 if(isset($selected_user) && $selected_user != 0){
-	$sql = "SELECT * FROM mb_user WHERE mb_user_id = ".$selected_user." ORDER BY mb_user_name ";
-	$res = db_query($sql);
+	$sql = "SELECT * FROM mb_user WHERE mb_user_id = $1 ORDER BY mb_user_name ";
+	$v = array($selected_user);
+	$t = array('i');
+	$res = db_prep_query($sql,$v,$t);
 	if(db_fetch_row($res)){
 		$name = db_result($res,0,"mb_user_name");
 		$password = db_result($res,0,"mb_user_password");
@@ -209,8 +224,10 @@
 		$department = db_result($res,0,"mb_user_department");
 		$resolution = db_result($res,0,"mb_user_resolution");
 	}
-	$sql = "SELECT mb_user_name FROM mb_user WHERE mb_user_id = " . $owner_id;
-	$res = db_query($sql);
+	$sql = "SELECT mb_user_name FROM mb_user WHERE mb_user_id = $1 ";
+	$v = array($owner_id);
+	$t = array('i');
+	$res = db_prep_query($sql,$v,$t);
 	if(db_fetch_row($res)){
 		$owner_name = db_result($res,0,"mb_user_name");
 	}

More information about the Mapbender_commits mailing list