[Fusionforge-commits] r7596 - trunk/gforge/common/include

Roland Mas lolando at libremir.placard.fr.eu.org
Tue May 5 13:30:03 CEST 2009


Author: lolando
Date: 2009-05-05 13:30:03 +0200 (Tue, 05 May 2009)
New Revision: 7596

Modified:
   trunk/gforge/common/include/User.class.php
Log:
db_query_params migration after porting the email-address-as-login branch to trunk

Modified: trunk/gforge/common/include/User.class.php
===================================================================
--- trunk/gforge/common/include/User.class.php	2009-05-05 11:29:54 UTC (rev 7595)
+++ trunk/gforge/common/include/User.class.php	2009-05-05 11:30:03 UTC (rev 7596)
@@ -60,7 +60,8 @@
 		return false ;
 	}
 	if (!$res) {
-		$res=db_query("SELECT * FROM users WHERE email='$email'");
+		$res=db_query_params('SELECT * FROM users WHERE email=$1',
+				     array ($email));
 	}
 	return user_get_object(db_result($res,0,'user_id'),$res);
 }
@@ -298,7 +299,8 @@
 			$l = substr ($l, 0, 15) ;
 			// Is the user part of the email address okay?
 			if (account_namevalid($l)
-			    && db_numrows(db_query("SELECT user_id FROM users WHERE user_name = '$l'")) == 0) {
+			    && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name = $1',
+							  array ($l))) == 0) {
 				$unix_name = $l ;
 			} else {
 				// No? What if we add a number at the end?
@@ -306,7 +308,8 @@
 				while ($i < 1000) {
 					$c = substr ($l, 0, 15-strlen ("$i")) . "$i" ;
 					if (account_namevalid($c)
-					    && db_numrows(db_query("SELECT user_id FROM users WHERE user_name = '$c'")) == 0) {
+					    && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name = $1',
+									  array ($c))) == 0) {
 						$unix_name = $c ;
 						break;
 					}
@@ -317,7 +320,8 @@
 			while (!$unix_name) {
 				$c = substr (md5($email . rand()), 0, 15) ;
 				if (account_namevalid($c)
-				    && db_numrows(db_query("SELECT user_id FROM users WHERE user_name = '$c'")) == 0) {
+				    && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name = $1',
+								  array ($c))) == 0) {
 					$unix_name = $c ;
 				}
 			}




More information about the Fusionforge-commits mailing list