[geeklog-cvs] geeklog: Keep redundant data and the password hash out of $_USER
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon Apr 20 08:13:54 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/13162f373fa7
changeset: 6977:13162f373fa7
user: Dirk Haun <dirk at haun-online.de>
date: Sun Apr 19 23:12:48 2009 +0200
description:
Keep redundant data and the password hash out of $_USER
diffstat:
1 file changed, 15 insertions(+), 10 deletions(-)
system/lib-sessions.php | 25 +++++++++++++++----------
diffs (47 lines):
diff -r 3040521a0550 -r 13162f373fa7 system/lib-sessions.php
--- a/system/lib-sessions.php Sun Apr 19 22:24:03 2009 +0200
+++ b/system/lib-sessions.php Sun Apr 19 23:12:48 2009 +0200
@@ -455,28 +455,33 @@
*
* Gets user's data based on their user id
*
-* @param int $userid User ID of user to get data for
-* @return array returns user'd data in an array
+* @param int $userid User ID of user to get data for
+* @return array returns user's data in an array
*
*/
function SESS_getUserDataFromId($userid)
{
global $_TABLES;
- $sql = "SELECT *,format FROM {$_TABLES['dateformats']},{$_TABLES["users"]},{$_TABLES['userprefs']} "
+ $sql = "SELECT *,format FROM {$_TABLES['dateformats']},{$_TABLES['users']},{$_TABLES['userprefs']} "
. "WHERE {$_TABLES['dateformats']}.dfid = {$_TABLES['userprefs']}.dfid AND "
. "{$_TABLES['userprefs']}.uid = $userid AND {$_TABLES['users']}.uid = $userid";
- if(!$result = DB_query($sql)) {
- $userdata = array("error" => "1");
- return ($userdata);
+ if (!$result = DB_query($sql)) {
+ $userdata = array('error' => '1');
+ return $userdata;
}
- if(!$myrow = DB_fetchArray($result)) {
- $userdata = array("error" => "1");
- return ($userdata);
+ if (!$myrow = DB_fetchArray($result, false)) {
+ $userdata = array('error' => '1');
+ return $userdata;
}
- return($myrow);
+
+ if (isset($myrow['passwd'])) {
+ unset($myrow['passwd']);
+ }
+
+ return $myrow;
}
?>
More information about the geeklog-cvs
mailing list