From 5f99a415865ff02fe21978bcbc24ba775ce250bb Mon Sep 17 00:00:00 2001 From: Bart van Bragt Date: Mon, 14 Jan 2002 18:40:25 +0000 Subject: [PATCH] Sort of a fix for the user->admin bug (#502631) and prevent editing not-existing users git-svn-id: file:///svn/phpbb/trunk@1870 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/admin/admin_userauth.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/phpBB/admin/admin_userauth.php b/phpBB/admin/admin_userauth.php index 7d1f114ead..26619ee729 100644 --- a/phpBB/admin/admin_userauth.php +++ b/phpBB/admin/admin_userauth.php @@ -139,7 +139,7 @@ if( isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]) AND ug.user_id = u.user_id AND g.group_id = ug.group_id AND g.group_single_user = " . TRUE; - if( !$result = $db->sql_query($sql) ) + if( !($result = $db->sql_query($sql)) || $db->sql_numrows($result) != 1) { message_die(GENERAL_ERROR, "Couldn't select info from user/user_group table", "", __LINE__, __FILE__, $sql); } @@ -196,7 +196,7 @@ if( isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]) } // Delete any entries in auth_access, they - // are unrequired if user is becoming an + // are not required if user is becoming an // admin // $sql = "UPDATE " . AUTH_ACCESS_TABLE . " @@ -581,10 +581,13 @@ if( isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]) } else if( isset($HTTP_POST_VARS['username']) || $user_id) { - if( isset($HTTP_POST_VARS['username']) ) { $this_userdata = get_userdata($HTTP_POST_VARS['username']); + if( !is_array($this_userdata) ) + { + message_die(GENERAL_MESSAGE, $lang['No_such_user']); + } $user_id = $this_userdata['user_id']; } @@ -982,4 +985,4 @@ $template->pparse("body"); include('page_footer_admin.'.$phpEx); -?> \ No newline at end of file +?>