Issue #3657 Add update limits on user_class changes throughout.

e107_handlers/login.php

@@ -278,7 +278,7 @@ class userlogin
 			{	// 'New user' probationary period expired - we can take them out of the class
 				$this->userData['user_class'] = $this->e107->user_class->ucRemove(e_UC_NEWUSER, $this->userData['user_class']);
 //				$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$this->userData['user_class'],FALSE,FALSE);
-				$sql->update('user',"`user_class` = '".$this->userData['user_class']."'", 'WHERE `user_id`='.$this->userData['user_id']);
+				$sql->update('user',"`user_class` = '".$this->userData['user_class']."'", 'WHERE `user_id`='.$this->userData['user_id']. " LIMIT 1");
 				unset($class_list[e_UC_NEWUSER]);
 				$edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',',$class_list), 'user_email'=> $user_email);
 				$e_event->trigger('userNotNew', $edata_li);

e107_handlers/user_model.php

@@ -1072,7 +1072,10 @@ class e_user_model extends e_admin_model
 	//	$this->setCore('user_class',$insert );
 	//	$this->saveDebug(false);
 
-		$uid = $this->getData('user_id');
+		if(!$uid = $this->getData('user_id'))
+		{
+			return false;
+		}
 
 		return e107::getDb()->update('user',"user_class='".$insert."' WHERE user_id = ".$uid." LIMIT 1");
 

e107_handlers/userclass_class.php

@@ -1814,13 +1814,13 @@ class user_class_admin extends user_class
 	{
 		if (self::delete_class($classID) === TRUE)
 		{
-			if ($this->sql_r->db_Select('user', 'user_id, user_class', "user_class REGEXP '(^|,){$classID}(,|$)'"))
+			if ($this->sql_r->select('user', 'user_id, user_class', "user_class REGEXP '(^|,){$classID}(,|$)'"))
 			{
 				$sql2 = e107::getDb('sql2');
-				while ($row = $this->sql_r->db_Fetch())
+				while ($row = $this->sql_r->fetch())
 				{
 					$newClass = self::ucRemove($classID, $row['user_class']);
-					$sql2->db_Update('user', "user_class = '{$newClass}' WHERE user_id = {$row['user_id']}");
+					$sql2->update('user', "user_class = '{$newClass}' WHERE user_id = {$row['user_id']} LIMIT 1");
 				}
 			}
 			return TRUE;
@@ -1852,7 +1852,7 @@ class user_class_admin extends user_class
 			{
 				$new_userclass = $cid;
 			}
-			$uc_sql->db_Update('user', "user_class='".e107::getParser()->toDB($new_userclass, true)."' WHERE user_id=".intval($uid));
+			$uc_sql->update('user', "user_class='".e107::getParser()->toDB($new_userclass, true)."' WHERE user_id=".intval($uid)." LIMIT 1");
 		}
 	}
 
@@ -1867,13 +1867,12 @@ class user_class_admin extends user_class
 	 */
 	public function class_remove($cid, $uinfoArray)
 	{
-		$e107 = e107::getInstance();
+		$uc_sql = e107::getDb();
-		$uc_sql = new db;
 		foreach($uinfoArray as $uid => $curclass)
 		{
 			$newarray = array_diff(explode(',', $curclass), array('', $cid));
 			$new_userclass = implode(',', $newarray);
-			$uc_sql->update('user', "user_class='".e107::getParser()->toDB($new_userclass, true)."' WHERE user_id=".intval($uid));
+			$uc_sql->update('user', "user_class='".e107::getParser()->toDB($new_userclass, true)."' WHERE user_id=".intval($uid)." LIMIT 1");
 		}
 	}
 

signup.php

@@ -996,7 +996,7 @@ if (isset($_POST['register']) && intval($pref['user_reg']) === 1)
 			if ($init_class = $userMethods->userClassUpdate($row, 'userpartial'))
 			{
 				$allData['data']['user_class'] = $init_class;
-				$user_class_update = $sql->update("user", "user_class = '{$allData['data']['user_class']}' WHERE user_name='{$allData['data']['user_name']}'");
+				$user_class_update = $sql->update("user", "user_class = '{$allData['data']['user_class']}' WHERE user_name='{$allData['data']['user_name']}' LIMIT 1");
 				
 				if($user_class_update === FALSE)
 				{