From e356c3aa1d794323c483f59502a4f59ee9fc5f7f Mon Sep 17 00:00:00 2001 From: Achim Ennenbach Date: Sat, 2 Mar 2019 09:47:19 +0100 Subject: [PATCH] fixes #3657: In case a user with user_class e_UC_NEWUSER logged in and was ready to be "promoted" to a "normal" user, the e_UC_NEWUSER should be removed. Unfortunately, the db:update() function was used in the wrong way. The third argument of update() function is for debugging purposes and NOT used for the WHERE clause. Therefore the query was run without WHERE, which resulted into applying the new classes to all users.... --- e107_handlers/login.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/e107_handlers/login.php b/e107_handlers/login.php index b40b89a80..f9b838656 100644 --- a/e107_handlers/login.php +++ b/e107_handlers/login.php @@ -278,7 +278,13 @@ class userlogin { // 'New user' probationary period expired - we can take them out of the class $this->userData['user_class'] = $this->e107->user_class->ucRemove(e_UC_NEWUSER, $this->userData['user_class']); // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$this->userData['user_class'],FALSE,FALSE); - $sql->update('user',"`user_class` = '".$this->userData['user_class']."'", 'WHERE `user_id`='.$this->userData['user_id']. " LIMIT 1"); + + /** + * issue e107inc/e107#3657: Third argument of update() function is for debugging purposes and NOT used for the WHERE clause. + * Therefore the query was run without WHERE, which resulted into applyiing the new classes to all users.... + */ + //$sql->update('user',"`user_class` = '".$this->userData['user_class']."'", 'WHERE `user_id`='.$this->userData['user_id']. " LIMIT 1"); + $sql->update('user',"`user_class` = '" . $this->userData['user_class'] . "' WHERE `user_id`=" . $this->userData['user_id'] . " LIMIT 1"); unset($class_list[e_UC_NEWUSER]); $edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',',$class_list), 'user_email'=> $user_email); $e_event->trigger('userNotNew', $edata_li);