$password = ""; $uid2 = ""; $dmy = "";
if ($probe_nickname === true) {
// Nickname entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
array($uid), __FILE__, __LINE__);
list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
if (!empty($uid2)) $uid = bigintval($uid2);
} else {
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array($uid, $hash), __FILE__, __LINE__);
list($uid2, $password, $online, $login) = SQL_FETCHROW($result);
}
$hash = generateHash($_POST['password']);
// ... and update database
- SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array($hash, $uid), __FILE__, __LINE__);
// No login bonus by default
if ($login) {
// Update database records
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET total_logins=total_logins+1".$ADD." WHERE userid=%s LIMIT 1",
array($uid), __FILE__, __LINE__);
if (SQL_AFFECTEDROWS() == 1) {
// Procedure to checking for login data
}
} elseif (GET_EXT_VERSION("sql_patches") >= "0.4.7") {
// Update failture counter
- SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1",
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET login_failtures=login_failtures+1,last_failture=NOW() WHERE userid=%s LIMIT 1",
array($uid), __FILE__, __LINE__);
// Wrong password!
}
} elseif ((($probe_nickname) && (!empty($uid2))) || ($uid2 == $uid)) {
// Other account status?
- $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
array($uid), __FILE__, __LINE__);
// Entry found?
$probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));
if ($probe_nickname) {
// Nickname entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE nickname='%s' OR email='%s' LIMIT 1",
array($uid, $_POST['email']), __FILE__, __LINE__);
} else {
// Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s OR email='%s' LIMIT 1",
array(bigintval($uid), $_POST['email']), __FILE__, __LINE__);
}
if ($status == "CONFIRMED") {
// Ooppps, this was missing! ;-) We should update the database...
$NEW_PASS = GEN_PASS();
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s LIMIT 1",
array(generateHash($NEW_PASS), $uid), __FILE__, __LINE__);
// Prepare data and message for email