---
web/html/account.php | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/web/html/account.php b/web/html/account.php
index e8a3218..bf84989 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -69,10 +69,17 @@ if (isset($_COOKIE["AURSID"])) {
} elseif ($_REQUEST["Action"] == "AccountInfo") {
# no editing, just looking up user info
#
- $q = "SELECT Users.*, AccountTypes.AccountType ";
- $q.= "FROM Users, AccountTypes ";
- $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
- $q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
+ if (isset($_REQUEST["ID"])) {
+ $q = "SELECT Users.*, AccountTypes.AccountType ";
+ $q.= "FROM Users, AccountTypes ";
+ $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+ $q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
+ } else {
+ $q = "SELECT Users.*, AccountTypes.AccountType ";
+ $q.= "FROM Users, AccountTypes ";
+ $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+ $q.= "AND Users.Username =
'".mysql_real_escape_string($_REQUEST["U"]) . "'";
+ }
$result = db_query($q, $dbh);
if (!mysql_num_rows($result)) {
print __("Could not retrieve information for the
specified user.");
--
1.7.3.2
