Navigation

← Previous Change
Next Change →

Changeset 403 for trunk

Timestamp:

2010-04-06 11:00:34 (2 years ago)

Author:

hannes

Message:

when a user name is changed, check if it already exists

Files:

trunk/classes/pages/Userpanel.php (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/classes/pages/Userpanel.php

r395	r403
33	33	**/
34	34	public function __construct() {
35		global $LANG, $F, $C, $SETTINGS, $TIMEZONES;
	35	global $LANG, $F, $C, $SETTINGS, $TIMEZONES, $WARNINGS;
36	36	// variables containing the potential changes
37	37	global $INPUT;
…	…
194	194	$birthday = $INPUT['birthday0'] . '-' . $INPUT['birthday1'] . '-' . $INPUT['birthday2'];
195	195	// security stuff: prevent lame attacks
196		$INPUT['user'] = $F->htmlentities(~~$INPUT['user']~~);
	196	$INPUT['user'] = $F->htmlentities(trim($INPUT['user']));
197	197	$INPUT['location'] = $F->htmlentities($INPUT['location']);
198	198	$INPUT['aim'] = $F->htmlentities($INPUT['aim']);
…	…
228	228	if (strlen($INPUT['signature']) <= 255) {
229	229	if ($INPUT['user'] != $row->membername) {
230		// update membername
231		$q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'members SET membername=:user WHERE memberid=:id');
232		$q->bindParam(':user', $INPUT['user'], PDO::PARAM_STR);
233		$q->bindParam(':id', $INPUT['id'], PDO::PARAM_INT, 12);
	230	// check if another member already uses this name
	231	$q = $C->prepare('SELECT COUNT(*) FROM ' . $SETTINGS['dbtableprefix'] . 'members WHERE membername = :name');
	232	$q->bindParam(':name', $INPUT['user'], PDO::PARAM_STR);
234	233	$q->execute();
235		$q = NULL;
236		// update name in the posts table, too, if necessary
237		$q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'posts SET poster=:user WHERE poster=:member AND postedbymember=:one');
238		$q->bindParam(':user', $INPUT['user'], PDO::PARAM_STR);
239		$q->bindParam(':member', $row->membername, PDO::PARAM_STR);
240		$q->bindValue(':one', 1, PDO::PARAM_INT);
241		$q->execute();
242		$q = NULL;
	234	if ($q->fetchColumn() == 0) {
	235	// update membername
	236	$q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'members SET membername=:user WHERE memberid=:id');
	237	$q->bindParam(':user', $INPUT['user'], PDO::PARAM_STR);
	238	$q->bindParam(':id', $INPUT['id'], PDO::PARAM_INT, 12);
	239	$q->execute();
	240	$q = NULL;
	241	// update name in the posts table, too, if necessary
	242	$q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'posts SET poster=:user WHERE poster=:member AND postedbymember=:one');
	243	$q->bindParam(':user', $INPUT['user'], PDO::PARAM_STR);
	244	$q->bindParam(':member', $row->membername, PDO::PARAM_STR);
	245	$q->bindValue(':one', 1, PDO::PARAM_INT);
	246	$q->execute();
	247	$q = NULL;
	248	} else {
	249	$WARNINGS[] = $LANG['error_username_taken'];
	250	}
243	251	}
244	252	// if the crucial rest has been entered, update it one by one

Navigation

Changeset 403 for trunk

Legend:

trunk/classes/pages/Userpanel.php

Download in other formats: