mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-15 12:06:19 +02:00
Code Issues Releases Wiki Activity

Bugtracker #3695 - couldn't update user settings

Browse Source
This commit is contained in:
e107steved
2007-01-29 20:39:41 +00:00
parent a5a544222a
commit 45f81f756b
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
usersettings.php
View File

@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/usersettings.php,v $ | $Source: /cvs_backup/e107_0.8/usersettings.php,v $
| $Revision: 1.4 $ | $Revision: 1.5 $
| $Date: 2007-01-17 13:34:30 $ | $Date: 2007-01-29 20:39:41 $
| $Author: mrpete $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@ -94,15 +94,15 @@ if (isset($_POST['updatesettings']))
} }
if ($_uid && ADMIN) if ($_uid && ADMIN)
{ { // Admin logged in and editing another user's settings - so editing a different ID
$inp = $_uid; $inp = $_uid;
$remflag = TRUE; $remflag = TRUE;
} }
else else
{ { // Current user logged in - use their ID
$inp = USERID; $inp = USERID;
} }
$_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyways, so why allow them? (XSS Fix) $_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix)
// check prefs for required fields =================================. // check prefs for required fields =================================.
@ -130,7 +130,7 @@ if (isset($_POST['updatesettings']))
$signup_option_names = array("realname", "signature", "image", "timezone", "class"); $signup_option_names = array("realname", "signature", "image", "timezone", "class");
foreach($signup_option_names as $key => $value) foreach($signup_option_names as $key => $value)
{ { // Check required signup fields
if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid) if ($pref['signup_option_'.$value] == 2 && !$_POST[$value] && !$_uid)
{ {
$error .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n"; $error .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n";
@ -176,7 +176,9 @@ if (isset($_POST['updatesettings']))
} }
} }
if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".USERID."' ")) { // Check for duplicate of email address
if ($sql->db_Select("user", "user_name, user_email", "user_email='".$tp -> toDB($_POST['email'])."' AND user_id !='".$inp."' "))
{
$error .= LAN_408."\\n"; $error .= LAN_408."\\n";
} }