aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2005-10-18 22:29:21 +0000
committerplegall <plg@piwigo.org>2005-10-18 22:29:21 +0000
commit4b4e8a4663301b404ca6bb8f92ec1cfbeb7507a9 (patch)
tree3b09b4861e7d068f2848be079169c772346b3b70
parent0aa1bcc73ceb24d91d5483171af994a05d2e60b0 (diff)
- bug 172 fixed: crash when changing password with an external users
table. The same kind of correction was also made in picture.php and register.php. git-svn-id: http://piwigo.org/svn/trunk@902 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--doc/ChangeLog6
-rw-r--r--picture.php2
-rw-r--r--profile.php2
-rw-r--r--register.php7
4 files changed, 9 insertions, 8 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog
index a38f0ae93..035a55be7 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,11 @@
2005-10-18 Pierrick LE GALL
+ * bug 172 fixed: crash when changing password with an external
+ users table. The same kind of correction was also made in
+ picture.php and register.php.
+
+2005-10-18 Pierrick LE GALL
+
* bug 159 and 166 fixed: parameter "options" for mail() function
disabled by default.
diff --git a/picture.php b/picture.php
index bc1ecdea4..46d97b948 100644
--- a/picture.php
+++ b/picture.php
@@ -345,7 +345,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
{
$query = 'SELECT COUNT(*) AS user_exists';
$query.= ' FROM '.USERS_TABLE;
- $query.= " WHERE username = '".$author."'";
+ $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
$query.= ';';
$row = mysql_fetch_array( pwg_query( $query ) );
if ( $row['user_exists'] == 1 )
diff --git a/profile.php b/profile.php
index 170b14913..4a85467e6 100644
--- a/profile.php
+++ b/profile.php
@@ -77,7 +77,7 @@ if (isset($_POST['validate']))
// changing password requires old password
$query = '
-SELECT password
+SELECT '.$conf['user_fields']['password'].' AS password
FROM '.USERS_TABLE.'
WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\'
;';
diff --git a/register.php b/register.php
index 6169d0704..c26511d02 100644
--- a/register.php
+++ b/register.php
@@ -47,12 +47,7 @@ if (isset($_POST['submit']))
if (count($errors) == 0)
{
- $query = '
-SELECT id
- FROM '.USERS_TABLE.'
- WHERE username = \''.$_POST['login'].'\'
-;';
- list($user_id) = mysql_fetch_array(pwg_query($query));
+ $user_id = get_userid($_POST['login']);
$session_id = session_create($user_id, $conf['session_length']);
$url = 'category.php?id='.$session_id;
redirect($url);