diff options
| -rw-r--r-- | includes/session.inc | 2 | ||||
| -rw-r--r-- | modules/user.module | 20 | ||||
| -rw-r--r-- | modules/user/user.module | 20 |
3 files changed, 21 insertions, 21 deletions
diff --git a/includes/session.inc b/includes/session.inc index b10a902e4..a28a9a571 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -19,7 +19,7 @@ function sess_close() { function sess_read($key) { global $user; - $result = db_query_range("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s' AND u.status < 3", $key, 0, 1); + $result = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key); if (!db_num_rows($result)) { db_query("INSERT INTO {sessions} (sid, uid, hostname, timestamp) VALUES ('%s', 0, '%s', %d)", $key, $_SERVER["REMOTE_ADDR"], time()); diff --git a/modules/user.module b/modules/user.module index 6d90de404..0f933190e 100644 --- a/modules/user.module +++ b/modules/user.module @@ -44,24 +44,24 @@ function user_external_load($authname) { */ function user_load($array = array()) { // Dynamically compose a SQL query: - $query = ''; - + $query = array(); $params = array(); + foreach ($array as $key => $value) { - if ($key == 'pass') { - $query .= "u.pass = '%s' AND "; - $params[] = md5($value); - } - else if ($key == 'uid') { - $query .= "u.uid = %d AND "; + if ($key == 'uid' || $key == 'status') { + $query[] = "$key = %d"; $params[] = $value; } + else if ($key == 'pass') { + $query[] = "pass = '%s'"; + $params[] = md5($value); + } else { - $query .= "LOWER(u.$key) = LOWER('%s') AND "; + $query[]= "LOWER($key) = LOWER('%s')"; $params[] = $value; } } - $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1); + $result = db_query('SELECT * FROM {users} u WHERE ' . implode(' AND ', $query), $params); if (db_num_rows($result)) { $user = db_fetch_object($result); diff --git a/modules/user/user.module b/modules/user/user.module index 6d90de404..0f933190e 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -44,24 +44,24 @@ function user_external_load($authname) { */ function user_load($array = array()) { // Dynamically compose a SQL query: - $query = ''; - + $query = array(); $params = array(); + foreach ($array as $key => $value) { - if ($key == 'pass') { - $query .= "u.pass = '%s' AND "; - $params[] = md5($value); - } - else if ($key == 'uid') { - $query .= "u.uid = %d AND "; + if ($key == 'uid' || $key == 'status') { + $query[] = "$key = %d"; $params[] = $value; } + else if ($key == 'pass') { + $query[] = "pass = '%s'"; + $params[] = md5($value); + } else { - $query .= "LOWER(u.$key) = LOWER('%s') AND "; + $query[]= "LOWER($key) = LOWER('%s')"; $params[] = $value; } } - $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1); + $result = db_query('SELECT * FROM {users} u WHERE ' . implode(' AND ', $query), $params); if (db_num_rows($result)) { $user = db_fetch_object($result); |