mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
changed db_update parameters for the most common usecase "WHERE col=value" -
column and value are separate parameters now functions.inc.php: - changed function db_update() parameters - column name and value for the WHERE condition are now two separate parameters. This means we don't need to escape_string(), add quotes etc. for most UPDATE queries. Example call: db_update('alias', 'address', $this->username, $values_array) - the previous db_update() is now called db_update_q() model/UserHandler.php: - changed db_update call to the new parameters - removed now unused variables - renamed $username to $E_username - call pacrypt directly when setting the $set array, no need for $new_db_password model/AliasHandler.php - changed db_update call to the new parameters edit-mailbox.php - switched to db_update_q() git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@931 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
9aa96dabd0
commit
4a2b40e100
@ -154,7 +154,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
if(preg_match('/^(.*)@/', $fUsername, $matches)) {
|
||||
$formvars['local_part'] = $matches[1];
|
||||
}
|
||||
$result = db_update('mailbox', "username='$fUsername' AND domain='$fDomain'", $formvars, array('modified'));
|
||||
$result = db_update_q('mailbox', "username='$fUsername' AND domain='$fDomain'", $formvars, array('modified')); # TODO: check if we need the AND domain=... clause, if not, switch to db_update()
|
||||
$maildir = $user_details['maildir'];
|
||||
if ($result != 1 || !mailbox_postedit($fUsername,$fDomain,$maildir, $quota)) {
|
||||
$tMessage = $PALANG['pEdit_mailbox_result_error'];
|
||||
|
@ -1728,15 +1728,30 @@ function db_insert ($table, $values, $timestamp = array('created', 'modified') )
|
||||
/**
|
||||
* db_update
|
||||
* Action: Updates a specified table
|
||||
* Call: db_update (string table, string where, array values [, array timestamp])
|
||||
* Call: db_update (string table, string where_col, string where_value, array values [, array timestamp])
|
||||
* @param String - table name
|
||||
* @param String - WHERE condition
|
||||
* @param String - column of WHERE condition
|
||||
* @param String - value of WHERE condition
|
||||
* @param array - key/value map of data to insert into the table.
|
||||
* @param array (optional) - array of fields to set to now() - default: array('modified')
|
||||
* @return int - number of updated rows
|
||||
*/
|
||||
function db_update ($table, $where, $values, $timestamp = array('modified') )
|
||||
{
|
||||
function db_update ($table, $where_col, $where_value, $values, $timestamp = array('modified') ) {
|
||||
$where = $where_col . " = '" . escape_string($where_value) . "'";
|
||||
return db_update_q ($table, $where, $values, $timestamp = array('modified') );
|
||||
}
|
||||
|
||||
/**
|
||||
* db_update_q
|
||||
* Action: Updates a specified table
|
||||
* Call: db_update_q (string table, string where, array values [, array timestamp])
|
||||
* @param String - table name
|
||||
* @param String - WHERE condition (as SQL)
|
||||
* @param array - key/value map of data to insert into the table.
|
||||
* @param array (optional) - array of fields to set to now() - default: array('modified')
|
||||
* @return int - number of updated rows
|
||||
*/
|
||||
function db_update_q ($table, $where, $values, $timestamp = array('modified') ) {
|
||||
$table = table_by_key ($table);
|
||||
|
||||
foreach(array_keys($values) as $key) {
|
||||
|
@ -167,7 +167,7 @@ class AliasHandler {
|
||||
$alias_data = array(
|
||||
'goto' => $goto,
|
||||
);
|
||||
$result = db_update('alias', "address = '$E_username'", $alias_data);
|
||||
$result = db_update('alias', 'address', $this->username, $alias_data);
|
||||
}
|
||||
if($result != 1) {
|
||||
return false;
|
||||
|
@ -28,17 +28,14 @@ class UserHandler {
|
||||
* as per the configuration in config.inc.php
|
||||
*/
|
||||
public function change_pw($new_password, $old_password, $match = true) {
|
||||
$username = $this->username;
|
||||
list(/*NULL*/,$domain) = explode('@', $username);
|
||||
|
||||
$username = escape_string($username);
|
||||
$E_username = escape_string($this->username);
|
||||
$table_mailbox = table_by_key('mailbox');
|
||||
|
||||
$new_db_password = pacrypt($new_password);
|
||||
|
||||
if ($match == true) {
|
||||
$active = db_get_boolean(True);
|
||||
$result = db_query("SELECT password FROM $table_mailbox WHERE username='$username' AND active='$active'");
|
||||
$result = db_query("SELECT password FROM $table_mailbox WHERE username='$E_username' AND active='$active'");
|
||||
$result = db_assoc($result['result']);
|
||||
|
||||
if (pacrypt($old_password, $result['password']) != $result['password']) {
|
||||
@ -49,10 +46,10 @@ class UserHandler {
|
||||
}
|
||||
|
||||
$set = array(
|
||||
'password' => $new_db_password
|
||||
'password' => pacrypt($new_password) ,
|
||||
);
|
||||
|
||||
$result = db_update('mailbox', 'username=\''.$username.'\'', $set );
|
||||
$result = db_update('mailbox', 'username', $this->username, $set );
|
||||
|
||||
if ($result != 1) {
|
||||
db_log ('CONSOLE', $domain, 'edit_password', "FAILURE: " . $this->username); # TODO: replace hardcoded CONSOLE - class is used by XMLRPC and users/
|
||||
|
Loading…
Reference in New Issue
Block a user