diff options
-rw-r--r-- | doc/ChangeLog | 6 | ||||
-rw-r--r-- | picture.php | 2 | ||||
-rw-r--r-- | profile.php | 2 | ||||
-rw-r--r-- | register.php | 7 |
4 files changed, 9 insertions, 8 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index a38f0ae93..035a55be7 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,11 @@ 2005-10-18 Pierrick LE GALL + * bug 172 fixed: crash when changing password with an external + users table. The same kind of correction was also made in + picture.php and register.php. + +2005-10-18 Pierrick LE GALL + * bug 159 and 166 fixed: parameter "options" for mail() function disabled by default. diff --git a/picture.php b/picture.php index bc1ecdea4..46d97b948 100644 --- a/picture.php +++ b/picture.php @@ -345,7 +345,7 @@ if ( isset( $_POST['content'] ) && !empty($_POST['content']) ) { $query = 'SELECT COUNT(*) AS user_exists'; $query.= ' FROM '.USERS_TABLE; - $query.= " WHERE username = '".$author."'"; + $query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'"; $query.= ';'; $row = mysql_fetch_array( pwg_query( $query ) ); if ( $row['user_exists'] == 1 ) diff --git a/profile.php b/profile.php index 170b14913..4a85467e6 100644 --- a/profile.php +++ b/profile.php @@ -77,7 +77,7 @@ if (isset($_POST['validate'])) // changing password requires old password $query = ' -SELECT password +SELECT '.$conf['user_fields']['password'].' AS password FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\' ;'; diff --git a/register.php b/register.php index 6169d0704..c26511d02 100644 --- a/register.php +++ b/register.php @@ -47,12 +47,7 @@ if (isset($_POST['submit'])) if (count($errors) == 0) { - $query = ' -SELECT id - FROM '.USERS_TABLE.' - WHERE username = \''.$_POST['login'].'\' -;'; - list($user_id) = mysql_fetch_array(pwg_query($query)); + $user_id = get_userid($_POST['login']); $session_id = session_create($user_id, $conf['session_length']); $url = 'category.php?id='.$session_id; redirect($url); |