* @license http://www.contenido.org/license/LIZENZ.txt
* @link http://www.4fb.de
* @link http://www.contenido.org
* @since file available since contenido release <= 4.6
*
* {@internal
* created 2003-04-30
* modified 2008-06-27, Frederic Schneider, add security fix
*
* $Id$:
* }}
*
*/
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
$idclient = 2;
$idlang = 2;
die;
$sql = 'SELECT * FROM '.$cfg["tab"]["rights"].' WHERE idlang = 2 AND idclient = 2 AND user_id = \"'.Contenido_Security::escapeDB($userid, $db).'\"';
echo $sql;
$db->query($sql);
while ($db->next_record())
{
echo $db->f(0)."
";
}
if ( !isset($useridas) )
{
} else {
if ($action == "user_edit")
{
if (strlen($password) > 0)
{
if (strcmp($password, $passwordagain) == 0)
{
$sql = 'UPDATE
'.$cfg["tab"]["phplib_auth_user_md5"].'
SET
password="'.md5($password).'"
WHERE
user_id = "'.Contenido_Security::escapeDB($userid, $db).'"';
$db->query($sql);
} else {
$error = "Passwords don't match";
}
}
$sql = 'UPDATE
'.$cfg["tab"]["phplib_auth_user_md5"].'
SET
realname="'.Contenido_Security::escapeDB($realname, $db).'",
email="'.Contenido_Security::escapeDB($email, $db).'",
telephone="'.Contenido_Security::escapeDB($telephone, $db).'",
address_street="'.Contenido_Security::escapeDB($address_street, $db).'",
address_city="'.Contenido_Security::escapeDB($address_city, $db).'",
address_country="'.Contenido_Security::escapeDB($address_country, $db).'",
wysi="'.Contenido_Security::toInteger($wysi).'"
WHERE
user_id = "'.Contenido_Security::escapeDB($userid, $db).'"';
$db->query($sql);
}
$tpl->reset();
$sql = "SELECT
username, password, realname, email, telephone,
address_street, address_city, address_country, wysi
FROM
".$cfg["tab"]["phplib_auth_user_md5"]."
WHERE
user_id = '".Contenido_Security::escapeDB($userid, $db)."'";
$db->query($sql);
$form = '