diff options
| author | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-10 15:17:36 +0000 |
|---|---|---|
| committer | Christophe Nowicki <cnowicki@easter-eggs.com> | 2004-09-10 15:17:36 +0000 |
| commit | 0abfa7d0c8bac90e291cf7664a0302aa286f716d (patch) | |
| tree | 29495885f98dc1080fc426ef08792dd0caf739a6 /php/Attic/examples/sample-idp/admin_user.php | |
| parent | 5be8519c1f44c4cbaecc659762bc5b23d36e2bfe (diff) | |
| download | lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.gz lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.xz lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.zip | |
Use header("Location: $url\n\n") instead of header("Location: $url")
Secure every SQL query with the quoteSmart methode.
Completely rewrite singleSignOn.php, now the code is more easy to understand
and more clean.
Diffstat (limited to 'php/Attic/examples/sample-idp/admin_user.php')
| -rw-r--r-- | php/Attic/examples/sample-idp/admin_user.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php index b797580d..56b1f7e4 100644 --- a/php/Attic/examples/sample-idp/admin_user.php +++ b/php/Attic/examples/sample-idp/admin_user.php @@ -36,8 +36,8 @@ // Show XML dump if (!empty($_GET['dump']) && !empty($_GET['type'])) { - $query = "SELECT " . ($_GET['type'] == 'user' ? 'user' : 'session') . - $query .= "_dump FROM users WHERE user_id='" . $_GET['dump'] . "'"; + $query = "SELECT " . ($_GET['type'] == 'identity' ? 'identity' : 'session') . + $query .= "_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); @@ -67,15 +67,15 @@ if (!empty($_GET['del'])) { - $query = "DELETE FROM nameidentifiers WHERE user_id='" . $_GET['del'] . "'" ; + $query = "DELETE FROM nameidentifiers WHERE user_id=".$db->quoteSmart($_GET['del']); $res =& $db->query($query); if (DB::isError($res)) - print $res->getMessage(). "\n"; + die($res->getMessage()); - $query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ; + $query = "DELETE FROM users WHERE user_id=".$db->quoteSmart($_GET['del']); $res =& $db->query($query); if (DB::isError($res)) - print $res->getMessage(). "\n"; + die($res->getMessage()); } @@ -193,8 +193,8 @@ <?php switch ($tableinfo[$i]['name']) { - case "user_dump": - echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=user')>view</a>"; + case "identity_dump": + echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=identity')>view</a>"; break; case "session_dump": echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=session')>view</a>"; |