diff options
| -rw-r--r-- | includes/general.php | 20 | ||||
| -rw-r--r-- | includes/loggedin.php | 8 |
2 files changed, 14 insertions, 14 deletions
diff --git a/includes/general.php b/includes/general.php index a504d65..fcd094a 100644 --- a/includes/general.php +++ b/includes/general.php @@ -79,10 +79,10 @@ if(array_key_exists('profile',$_SESSION) && is_array($_SESSION['profile']) && array_key_exists('id',$_SESSION['profile']) && $_SESSION['profile']['id'] > 0) { - $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'")); + $locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".intval($_SESSION['profile']['id'])."'")); if($locked['locked'] == 0) { - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted` = 0 group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; @@ -287,7 +287,7 @@ $dom = $bits[$i]; $_SESSION['_config']['row'] = ""; $dom = mysql_real_escape_string($dom); - $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; + $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -339,7 +339,7 @@ $dom = $bits[$i]; $_SESSION['_config']['altrow'] = ""; $dom = mysql_real_escape_string($dom); - $query = "select * from domains where `memid`='".$_SESSION['profile']['id']."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; + $query = "select * from domains where `memid`='".intval($_SESSION['profile']['id'])."' and `domain` like '$dom' and `deleted`=0 and `hash`=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -378,7 +378,7 @@ $_SESSION['_config']['row'] = ""; $dom = mysql_real_escape_string($dom); $query = "select *, `orginfo`.`id` as `id` from `orginfo`,`orgdomains`,`org` where - `org`.`memid`='".$_SESSION['profile']['id']."' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; @@ -426,7 +426,7 @@ $_SESSION['_config']['altrow'] = ""; $dom = mysql_real_escape_string($dom); $query = "select * from `orginfo`,`orgdomains`,`org` where - `org`.`memid`='".$_SESSION['profile']['id']."' and + `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `org`.`orgid`=`orginfo`.`id` and `orgdomains`.`orgid`=`orginfo`.`id` and `orgdomains`.`domain`='$dom'"; @@ -458,7 +458,7 @@ $dom = $bits[$i]; $dom = mysql_real_escape_string($dom); $query = "select * from `org`,`orgdomains`,`orginfo` - where `org`.`memid`='".$_SESSION['profile']['id']."' + where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomains`.`orgid`=`org`.`orgid` and `orginfo`.`id`=`org`.`orgid` and `orgdomains`.`domain`='$dom'"; @@ -482,7 +482,7 @@ $points = $row['points']; $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-18)); - $query = "select * from `users` where `id`='".$_SESSION['profile']['id']."' and `dob` < '$dob'"; + $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `dob` < '$dob'"; if(mysql_num_rows(mysql_query($query)) < 1) { if($points >= 100) @@ -581,7 +581,7 @@ $line = mysql_real_escape_string(trim(strip_tags($line))); $query = "insert into `pinglog` set `when`=NOW(), `email`='$myemail', `result`='$line'"; - if(is_array($_SESSION['profile'])) $query.=", `uid`='".$_SESSION['profile']['id']."'"; + if(is_array($_SESSION['profile'])) $query.=", `uid`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); if(substr($line, 0, 3) != "250") @@ -591,7 +591,7 @@ } } } - $query = "insert into `pinglog` set `when`=NOW(), `uid`='".$_SESSION['profile']['id']."', + $query = "insert into `pinglog` set `when`=NOW(), `uid`='".intval($_SESSION['profile']['id'])."', `email`='$myemail', `result`='Failed to make a connection to the mail server'"; mysql_query($query); return _("Failed to make a connection to the mail server"); diff --git a/includes/loggedin.php b/includes/loggedin.php index 46f0659..33e834b 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -43,7 +43,7 @@ //session_unregister($key); } - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -70,7 +70,7 @@ } $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( - "select * from `users` where `id`='".$user_id."'")); + "select * from `users` where `id`='".intval($user_id)."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -113,7 +113,7 @@ if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0) { - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted` = 0 group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; @@ -121,7 +121,7 @@ if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".L10n::get_translation()."' - where `id`='".$_SESSION['profile']['id']."'"; + where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); } else { L10n::set_translation($_SESSION['profile']['language']); |