From 4a21946f6f0fbc0439034baa3882200e9e9c7c6d Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 17 Jul 2006 20:25:15 +0000 Subject: [PATCH] r897: Implementing the UserAPI in the admin section --- admin/user.php | 60 ++++++++++++++++++++------------------------------ 1 file changed, 24 insertions(+), 36 deletions(-) diff --git a/admin/user.php b/admin/user.php index b9ba84e..670daba 100644 --- a/admin/user.php +++ b/admin/user.php @@ -20,6 +20,7 @@ \*=====================================================================*/ require_once('./global.php'); +require_once('./includes/api_user.php'); if (!can_perform('canadminusers')) { @@ -75,24 +76,16 @@ if ($_REQUEST['do'] == 'delete') if ($_POST['do'] == 'insert') { - $salt = $funct->rand(15); - - $db->query(" - INSERT INTO " . TABLE_PREFIX . "user - (email, displayname, password, salt, authkey, showemail, showcolours, languageid, usergroupid, timezone) - VALUES - ('" . $bugsys->in['email'] . "', - '" . $bugsys->in['displayname'] . "', - '" . md5(md5($bugsys->in['password']) . md5($salt)) . "', - '$salt', - '" . $funct->rand() . "', - " . $bugsys->input_clean('showemail', TYPE_UINT) . ", - " . $bugsys->input_clean('showcolours', TYPE_UINT) . ", - " . $bugsys->input_clean('languageid', TYPE_UINT) . ", - " . $bugsys->input_clean('usergroupid', TYPE_UINT) . ", - " . $bugsys->input_clean('timezone', TYPE_UINT) . " - )" - ); + $user = new UserAPI($bugsys); + $user->set('dispayname', $bugsys->in['displayname']); + $user->set('email', $bugsys->in['email']); + $user->set('showemail', $bugsys->in['showemail']); + $user->set('showcolours', $bugsys->in['showcolours']); + $user->set('usergroupid', $bugsys->in['usergroupid']); + $user->set('languageid', $bugsys->in['languageid']); + $user->set('timezone', $bugsys->in['timezone']); + $user->set('password', $bugsys->in['password']); + $user->insert(); build_assignedto(); @@ -103,23 +96,18 @@ if ($_POST['do'] == 'insert') if ($_POST['do'] == 'update') { - $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . $bugsys->input_clean('userid', TYPE_UINT)); - if (!$user) - { - $admin->error($lang->getlex('error_invalid_id')); - } - - $db->query(" - UPDATE " . TABLE_PREFIX . "user - SET displayname = '" . $bugsys->in['displayname'] . "', - email = '" . $bugsys->in['email'] . "', - showcolours = " . $bugsys->input_clean('showcolours', TYPE_UINT) . ", - usergroupid = " . $bugsys->input_clean('usergroupid', TYPE_UINT) . ", - languageid = " . $bugsys->input_clean('languageid', TYPE_UINT) . ", - timezone = " . $bugsys->input_clean('timezone', TYPE_UINT) . ($bugsys->in['password'] ? ", - password = '" . md5(md5($bugsys->in['password']) . md5($user['salt'])) . "'" : '') . " - WHERE userid = $user[userid]" - ); + $user = new UserAPI($bugsys); + $user->set('userid', $bugsys->in['userid']); + $user->set_condition(); + $user->set('dispayname', $bugsys->in['displayname']); + $user->set('email', $bugsys->in['email']); + $user->set('showemail', $bugsys->in['showemail']); + $user->set('showcolours', $bugsys->in['showcolours']); + $user->set('usergroupid', $bugsys->in['usergroupid']); + $user->set('languageid', $bugsys->in['languageid']); + $user->set('timezone', $bugsys->in['timezone']); + $user->set('password', $bugsys->in['password']); + $user->update(); build_assignedto(); @@ -209,7 +197,7 @@ if ($_REQUEST['do'] == 'search') else { $bugsys->in['userdata'] = str_replace('%', '\%', $bugsys->in['userdata']); - $results = $db->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE email LIKE '%" . $bugsys->in['userdata'] . "%' OR displayname LIKE '%" . $bugsys->in['userdata'] . "%'"); + $results = $db->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE email LIKE '%" . $bugsys->input_escape('userdata') . "%' OR displayname LIKE '%" . $bugsys->input_escape('userdata') . "%'"); if ($db->num_rows($results) < 1) { -- 2.22.5