summaryrefslogtreecommitdiffstats
path: root/web/lib/acctfuncs.inc
diff options
context:
space:
mode:
authorelij <elij.mx@gmail.com>2011-05-12 01:17:12 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-05-17 10:43:42 +0200
commit0898f1447a2d6bdc893f55f4718f867734841361 (patch)
tree22ab9736ad4b92af12daeb3a5215b126c3a8c22c /web/lib/acctfuncs.inc
parentd38f3460e55ad4e8486c63902f3b581684d6f188 (diff)
downloadaur-0898f1447a2d6bdc893f55f4718f867734841361.tar.gz
aur-0898f1447a2d6bdc893f55f4718f867734841361.tar.xz
test return value from db_query before assuming it is valid
make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/acctfuncs.inc')
-rw-r--r--web/lib/acctfuncs.inc59
1 files changed, 35 insertions, 24 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index 8ffa2f71..5bcff8b5 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -197,7 +197,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
}
if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
- $error = __("The username is invalid.") . "<ul>\n"
+ $error = __("The username is invalid.") . "<ul>\n"
."<li>" . __("It must be between %s and %s characters long",
USERNAME_MIN_LEN, USERNAME_MAX_LEN )
. "</li>"
@@ -718,11 +718,11 @@ function valid_user( $user )
$q = "SELECT ID FROM Users WHERE Username = '"
. mysql_real_escape_string($user). "'";
- $result = mysql_fetch_row(db_query($q, $dbh));
-
+ $result = db_query($q, $dbh);
# Is the username in the database?
- if ($result[0]) {
- return $result[0];
+ if ($result) {
+ $row = mysql_fetch_row($result);
+ return $row[0];
}
}
return;
@@ -751,25 +751,30 @@ function valid_passwd( $userID, $passwd )
$passwd_q = "SELECT ID FROM Users" .
" WHERE ID = " . $userID . " AND Passwd = '" .
salted_hash($passwd, $salt) . "'";
- $passwd_result = mysql_fetch_row(db_query($passwd_q, $dbh));
- if ($passwd_result[0]) {
- return true;
+ $result = db_query($passwd_q, $dbh);
+ if ($result) {
+ $passwd_result = mysql_fetch_row($result);
+ if ($passwd_result[0]) {
+ return true;
+ }
}
} else {
# check without salt
$nosalt_q = "SELECT ID FROM Users".
" WHERE ID = " . $userID .
" AND Passwd = '" . md5($passwd) . "'";
- $nosalt_result = mysql_fetch_row(db_query($nosalt_q, $dbh));
- if ($nosalt_result[0]) {
- # password correct, but salt it first
- if (!save_salt($userID, $passwd)) {
- trigger_error("Unable to salt user's password;" .
- " ID " . $userID, E_USER_WARNING);
- return false;
+ $result = db_query($nosalt_q, $dbh);
+ if ($result) {
+ $nosalt_row = mysql_fetch_row($result);
+ if ($nosalt_row[0]) {
+ # password correct, but salt it first
+ if (!save_salt($userID, $passwd)) {
+ trigger_error("Unable to salt user's password;" .
+ " ID " . $userID, E_USER_WARNING);
+ return false;
+ }
+ return true;
}
-
- return true;
}
}
}
@@ -783,9 +788,12 @@ function user_suspended( $id )
{
$dbh = db_connect();
$q = "SELECT Suspended FROM Users WHERE ID = " . $id;
- $result = mysql_fetch_row(db_query($q, $dbh));
- if ($result[0] == 1 ) {
- return true;
+ $result = db_query($q, $dbh);
+ if ($result) {
+ $row = mysql_fetch_row($result);
+ if ($result[0] == 1 ) {
+ return true;
+ }
}
return false;
}
@@ -797,7 +805,7 @@ function user_delete( $id )
{
$dbh = db_connect();
$q = "DELETE FROM Users WHERE ID = " . $id;
- $result = mysql_fetch_row(db_query($q, $dbh));
+ db_query($q, $dbh);
return;
}
@@ -809,9 +817,12 @@ function user_is_privileged( $id )
{
$dbh = db_connect();
$q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
- $result = mysql_fetch_row(db_query($q, $dbh));
- if( $result[0] > 1) {
- return $result[0];
+ $result = db_query($q, $dbh);
+ if ($result) {
+ $row = mysql_fetch_row($result);
+ if( $result[0] > 1) {
+ return $result[0];
+ }
}
return 0;