makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

make sure we check the array we use before we use it. ;)

Browse source 
git-svn-id: file:///svn/phpbb/trunk@5698 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-03-22 17:04:59 +00:00
parent d73353cdae
commit 02239880a5
1 changed files with 33 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
phpBB/includes/functions_user.php
View file

@ -95,7 +95,7 @@ function user_update_name($old_name, $new_name)
/** /**
* Remove User * Remove User
*/ */
function user_delete($mode, $user_id, $post_username = false) function user_delete($mode, $user_id)
{ {
global $config, $db, $user, $auth; global $config, $db, $user, $auth;
@ -105,12 +105,12 @@ function user_delete($mode, $user_id, $post_username = false)
{ {
case 'retain': case 'retain':
$sql = 'UPDATE ' . FORUMS_TABLE . ' $sql = 'UPDATE ' . FORUMS_TABLE . '
SET forum_last_poster_id = ' . ANONYMOUS . (($post_username !== false) ? ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "'" : '') . " SET forum_last_poster_id = ' . ANONYMOUS . "
WHERE forum_last_poster_id = $user_id"; WHERE forum_last_poster_id = $user_id";
$db->sql_query($sql); $db->sql_query($sql);
$sql = 'UPDATE ' . POSTS_TABLE . ' $sql = 'UPDATE ' . POSTS_TABLE . '
SET poster_id = ' . ANONYMOUS . (($post_username !== false) ? ", post_username = '" . $db->sql_escape($post_username) . "'" : '') . " SET poster_id = ' . ANONYMOUS . "
WHERE poster_id = $user_id"; WHERE poster_id = $user_id";
$db->sql_query($sql); $db->sql_query($sql);
@ -120,7 +120,7 @@ function user_delete($mode, $user_id, $post_username = false)
$db->sql_query($sql); $db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . ' $sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_last_poster_id = ' . ANONYMOUS . (($post_username !== false) ? ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "'" : '') . " SET topic_last_poster_id = ' . ANONYMOUS . "
WHERE topic_last_poster_id = $user_id"; WHERE topic_last_poster_id = $user_id";
$db->sql_query($sql); $db->sql_query($sql);
break; break;
@ -213,7 +213,7 @@ function user_delete($mode, $user_id, $post_username = false)
* Flips user_type from active to inactive and vice versa, handles * Flips user_type from active to inactive and vice versa, handles
* group membership updates * group membership updates
*/ */
function user_active_flip($user_id, $user_type, $user_actkey = false, $username = false, $no_log = false) function user_active_flip($user_id, $user_type, $user_actkey = false, $username = false)
{ {
global $db, $user, $auth; global $db, $user, $auth;
@ -274,8 +274,6 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
$auth->acl_clear_prefetch($user_id); $auth->acl_clear_prefetch($user_id);
if (!$no_log)
{
if ($username === false) if ($username === false)
{ {
$sql = 'SELECT username $sql = 'SELECT username
@ -288,7 +286,6 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
$log = ($user_type == USER_NORMAL) ? 'LOG_USER_INACTIVE' : 'LOG_USER_ACTIVE'; $log = ($user_type == USER_NORMAL) ? 'LOG_USER_INACTIVE' : 'LOG_USER_ACTIVE';
add_log('admin', $log, $username); add_log('admin', $log, $username);
}
return false; return false;
} }
@ -1311,6 +1308,11 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
// We need both username and user_id info // We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary); user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary))
{
return false;
}
// Remove users who are already members of this group // Remove users who are already members of this group
$sql = 'SELECT user_id, group_leader $sql = 'SELECT user_id, group_leader
FROM ' . USER_GROUP_TABLE . ' FROM ' . USER_GROUP_TABLE . '
@ -1406,9 +1408,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
add_log('admin', $log, $group_name, implode(', ', $username_ary)); add_log('admin', $log, $group_name, implode(', ', $username_ary));
unset($username_ary, $user_id_ary); return true;
return false;
} }
/** /**
@ -1425,6 +1425,11 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// We need both username and user_id info // We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary); user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary))
{
return false;
}
$sql = 'SELECT * $sql = 'SELECT *
FROM ' . GROUPS_TABLE . ' FROM ' . GROUPS_TABLE . '
WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')'; WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')';
@ -1521,9 +1526,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
add_log('admin', $log, $group_name, implode(', ', $username_ary)); add_log('admin', $log, $group_name, implode(', ', $username_ary));
unset($username_ary, $user_id_ary); return true;
return false;
} }
/** /**
@ -1536,6 +1539,11 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
// We need both username and user_id info // We need both username and user_id info
user_get_id_name($user_id_ary, $username_ary); user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary))
{
return false;
}
switch ($action) switch ($action)
{ {
case 'demote': case 'demote':
@ -1580,9 +1588,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
add_log('admin', $log, $group_name, implode(', ', $username_ary)); add_log('admin', $log, $group_name, implode(', ', $username_ary));
unset($username_ary, $user_id_ary); return true;
return false;
} }
/** /**