if (!empty($UID2)) $UID = $UID2;
} else {
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($UID), $hash), __FILE__, __LINE__);
list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
}
$hash = generateHash($_POST['password']);
// ... and update database
- $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array($hash, $UID), __FILE__, __LINE__);
// No login bonus by default
&& set_session("lifetime", $l , $life, COOKIE_PATH));
// Update global array
- $GLOBALS['userid'] = $UID;
+ $GLOBALS['userid'] = bigintval($UID);
} else {
// Check for login data
$login = IS_LOGGED_IN();
if ($login) {
// Update database records
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS($link) == 1) {
// Procedure to checking for login data
}
} else {
// Other account status?
- $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
else
{
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1",
array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);
}
if (SQL_NUMROWS($result) == 1)
{
// Ooppps, this was missing! ;-) We should update the database...
$NEW_PASS = GEN_PASS();
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1",
array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);
// Prepare data and message for email