From 4b4e8a4663301b404ca6bb8f92ec1cfbeb7507a9 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Tue, 18 Oct 2005 22:29:21 +0000
Subject: - bug 172 fixed: crash when changing password with an external users 
  table. The same kind of correction was also made in picture.php and  
 register.php.

git-svn-id: http://piwigo.org/svn/trunk@902 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 doc/ChangeLog | 6 ++++++
 picture.php   | 2 +-
 profile.php   | 2 +-
 register.php  | 7 +------
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index a38f0ae93..035a55be7 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,9 @@
+2005-10-18 Pierrick LE GALL
+
+	* bug 172 fixed: crash when changing password with an external
+	users table. The same kind of correction was also made in
+	picture.php and register.php.
+
 2005-10-18 Pierrick LE GALL
 
 	* bug 159 and 166 fixed: parameter "options" for mail() function
diff --git a/picture.php b/picture.php
index bc1ecdea4..46d97b948 100644
--- a/picture.php
+++ b/picture.php
@@ -345,7 +345,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
   {
     $query = 'SELECT COUNT(*) AS user_exists';
     $query.= ' FROM '.USERS_TABLE;
-    $query.= " WHERE username = '".$author."'";
+    $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
     $query.= ';';
     $row = mysql_fetch_array( pwg_query( $query ) );
     if ( $row['user_exists'] == 1 )
diff --git a/profile.php b/profile.php
index 170b14913..4a85467e6 100644
--- a/profile.php
+++ b/profile.php
@@ -77,7 +77,7 @@ if (isset($_POST['validate']))
     
     // changing password requires old password
     $query = '
-SELECT password
+SELECT '.$conf['user_fields']['password'].' AS password
   FROM '.USERS_TABLE.'
   WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
 ;';
diff --git a/register.php b/register.php
index 6169d0704..c26511d02 100644
--- a/register.php
+++ b/register.php
@@ -47,12 +47,7 @@ if (isset($_POST['submit']))
   
   if (count($errors) == 0)
   {
-    $query = '
-SELECT id
-  FROM '.USERS_TABLE.'
-  WHERE username = \''.$_POST['login'].'\'
-;';
-    list($user_id) = mysql_fetch_array(pwg_query($query));
+    $user_id = get_userid($_POST['login']);
     $session_id = session_create($user_id, $conf['session_length']);
     $url = 'category.php?id='.$session_id;
     redirect($url);
-- 
cgit v1.2.3