git-svn-id: svn://presbrey.mit.edu/sql/mitsql@40 a142d4bd-2cfb-0310-9673-cb33a7e74f58

[sql-web.git] / lib / security.lib.php

diff --git a/lib/security.lib.php b/lib/security.lib.php
index 44071d13d75442f20726aeefee9314294b974f55..fe9bd0b2d780e0ff6daced009b3349c00461203d 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -60,9 +60,11 @@ class Login {
                if ($email == $this->getEmail()) $email = null;
         is_null($name) || $arr['Name'] = $name;
         is_null($email) || $arr['Email'] = $email;
+       $upd = buildSQLSet($arr);
         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
-                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
-        DBUpdate($sql);
+                        $upd, mysql_escape_string($this->getUserId()));
+       if (!empty($upd) && $upd != 'SET')
+               DBUpdate($sql);
                if (isset($arr['Name']))
                        $this->name = $arr['Name'];
                if (isset($arr['Email']))
@@ -115,13 +117,13 @@ class User {
        function setUsage($yes=true) {
                $verb = $yes?'GRANT':'REVOKE';
                $prep = $yes?'TO':'FROM';
-               $suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
+               $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
                $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
                                                mysql_escape_string($verb),
                                                mysql_escape_string($prep),
                                                mysql_escape_string($this->getUsername()),
                                                '%',
-                                               mysql_escape_string($suffix));
+                                               $suffix);
                DBGrant($sql);
        }
        function setAccess($db=null,$yes=true) {