]> andersk Git - sql-web.git/blobdiff - lib/security.lib.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bug fix: signup/db-create for class lockers
[sql-web.git] / lib / security.lib.php
diff --git a/lib/security.lib.php b/lib/security.lib.php
index 0fc8a91365cbd4f7386fb3fa0516fba65a565922..2084e5399660c76ca85f9d904f8f2006ad6beb90 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -11,7 +11,7 @@ class Login {
                $this->p = $p;
                if (is_numeric($u)) {
                        $this->id = $u;
-                       $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
+                       $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
                } else {
                        $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
                        $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
@@ -337,6 +337,7 @@ function addDB($dbname,$userid) {
        global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
 
        DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
+       if (mysql_error()) return false;
 
        $newdb['Name'] = $dbname;
        $arr = array_merge($newdb, $_NEW_DB);
@@ -358,23 +359,25 @@ function addDB($dbname,$userid) {
                                                buildSQLSet($arr),
                                                $DBId);
                DBUpdate($sql);
-               return $DBId;
-       } else {
-               $arr = $_NEW_DBQUOTA;
-               $arr['DatabaseId'] = $DBId;
-               $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
-                                               buildSQLInsert($arr));
-               DBInsert($sql);
-
-               $arr = $_NEW_DBOWNER;
-               $arr['DatabaseId'] = $DBId;
-               $arr['UserId'] = $userid;
-               $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
-                                               buildSQLInsert($arr));
-               DBInsert($sql);
-
-               return $DBId;
        }
+
+       DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+       DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+       
+       $arr = $_NEW_DBQUOTA;
+       $arr['DatabaseId'] = $DBId;
+       $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
+                                       buildSQLInsert($arr));
+       DBInsert($sql);
+
+       $arr = $_NEW_DBOWNER;
+       $arr['DatabaseId'] = $DBId;
+       $arr['UserId'] = $userid;
+       $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
+                                       buildSQLInsert($arr));
+       DBInsert($sql);
+
+       return $DBId;
 }
 
 function delDB($dbname) {
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.187375 seconds and 4 git commands to generate.