[Mrbs-commits] SF.net SVN: mrbs:[1795] mrbs/trunk/web/auth_db.inc

Thu, 24 Feb 2011 01:20:19 -0800 

Revision: 1795
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1795&view=rev
Author:   cimorrison
Date:     2011-02-24 09:20:08 +0000 (Thu, 24 Feb 2011)

Log Message:
-----------
Added some error handling to the auth_db database queries

Modified Paths:
--------------
    mrbs/trunk/web/auth_db.inc

Modified: mrbs/trunk/web/auth_db.inc
===================================================================
--- mrbs/trunk/web/auth_db.inc  2011-02-23 09:30:43 UTC (rev 1794)
+++ mrbs/trunk/web/auth_db.inc  2011-02-24 09:20:08 UTC (rev 1795)
@@ -37,19 +37,23 @@
   global $tbl_users;
 
   $user = strtolower(addslashes($user));
-
   // No addslashes() required because it's put in the database as an MD5,
   // which is safe.
   $pass = md5($pass);
+  
+  $result = sql_query1("SELECT COUNT(*) FROM $tbl_users WHERE name='$user' AND 
password='$pass' LIMIT 1");
+  if ($result == -1)
+  {
+    trigger_error(sql_error(), E_USER_WARNING);
+    return 0;
+  }
 
-  return max(0, sql_query1("SELECT COUNT(*) FROM $tbl_users WHERE name='$user' 
AND password='$pass' LIMIT 1"));
-  // The max is used to cover the case when there's an SQL Query error (ie 
-1), probably because $tbl_users
-  // hasn't been set up yet.   In that case we want to return 0 (ie validation 
failed)  
+  return $result;
 }
 
 /* authGetUserLevel($user)
  * 
- * Determines the users access level
+ * Determines the user's access level
  * 
  * $user - The user name
  *
@@ -65,10 +69,14 @@
     return 0;
   }
   
-  return max (0, sql_query1("SELECT level FROM $tbl_users WHERE name='" . 
addslashes($user) . "' LIMIT 1"));
-  // The max is used to cover the case when there's an SQL Query error (ie 
-1), probably because
-  // the database hasn't yet been upgraded and there's no 'level' column.   In 
that case we want 
-  // to return 0 (ie the user has no rights)
+  $result = sql_query1("SELECT level FROM $tbl_users WHERE name='" . 
addslashes($user) . "' LIMIT 1");
+  if ($result == -1)
+  {
+    trigger_error(sql_error(), E_USER_WARNING);
+    return 0;
+  }
+
+  return $result;
 }
 
 ?>


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

Reply via email to