2 May
2006
2 May
'06
7:13 a.m.
Author: gvg
Date: Tue May 2 11:13:18 2006
New Revision: 21766
URL: http://svn.reactos.ru/svn/reactos?rev=21766&view=rev
Log:
Add some checking
Modified:
trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php
Modified: trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php
URL:
http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/roscms/inc/u…
==============================================================================
--- trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php (original)
+++ trunk/web/reactos.org/htdocs/roscms/inc/user_account_edit.php Tue May 2 11:13:18
2006
@@ -90,11 +90,10 @@
if (!$save_account_noses) {
$save_account_noses = "false";
}
-
+
$content_posta="UPDATE `users` SET ". $new_pwd ."
`user_timestamp_touch2` = NOW( ) ,
`user_fullname` = '". mysql_real_escape_string($save_account_fullname)
."',
- `user_email` = '". mysql_real_escape_string($save_account_email)
."',
`user_website` = '". mysql_real_escape_string($save_account_hp)
."',
`user_language` = '". mysql_real_escape_string($save_account_txt_langa)
."',
`user_country` = '". mysql_real_escape_string($save_account_country)
."',
@@ -104,8 +103,17 @@
`user_setting_multisession` = '".
mysql_real_escape_string($save_account_multi) ."',
`user_setting_browseragent` = '".
mysql_real_escape_string($save_account_brows) ."',
`user_setting_ipaddress` = '".
mysql_real_escape_string($save_account_ipadd) ."',
- `user_setting_timeout` = '".
mysql_real_escape_string($save_account_noses) ."'
- WHERE `user_id` ='". mysql_real_escape_string($roscms_intern_account_id)
."' LIMIT 1 ;";
+ `user_setting_timeout` = '".
mysql_real_escape_string($save_account_noses) . "'";
+
+ if (! preg_match('/^[\\w\\.\\+\\-=]+(a)[\\w\\.-]+\\.[\\w\\-]+$/'+$/',
+ $save_account_email)) {
+ echo '<p><font color="#FF0000">The email
address ' .
+ htmlspecialchars($save_account_email) .
+ " is not valid.</font></p><br>\n";
+ } else {
+ $content_posta .= ", `user_email` = '".
mysql_real_escape_string($save_account_email) . "'";
+ }
+ $content_posta .= " WHERE `user_id` ='".
mysql_real_escape_string($roscms_intern_account_id) . "'";
$content_post_lista=mysql_query($content_posta);
subsys_update_user($roscms_intern_account_id);
}