summaryrefslogtreecommitdiff
path: root/program/include/main.inc
diff options
context:
space:
mode:
Diffstat (limited to 'program/include/main.inc')
-rw-r--r--program/include/main.inc52
1 files changed, 24 insertions, 28 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index a7020c75f..0e206166e 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -263,13 +263,12 @@ function rcmail_login($user, $pass, $host=NULL)
}
// query if user already registered
- $sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences
- FROM %s
- WHERE mail_host='%s' AND (username='%s' OR alias='%s')",
- get_table_name('users'),
- addslashes($host),
- addslashes($user),
- addslashes($user)));
+ $sql_result = $DB->query("SELECT user_id, username, language, preferences
+ FROM ".get_table_name('users')."
+ WHERE mail_host=? AND (username=? OR alias=?)",
+ $host,
+ $user,
+ $user);
// user already registered -> overwrite username
if ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -299,11 +298,10 @@ function rcmail_login($user, $pass, $host=NULL)
$sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];
// update user's record
- $DB->query(sprintf("UPDATE %s
- SET last_login=NOW()
- WHERE user_id=%d",
- get_table_name('users'),
- $user_id));
+ $DB->query("UPDATE ".get_table_name('users')."
+ SET last_login=NOW()
+ WHERE user_id=?",
+ $user_id);
}
// create new system user
else if ($CONFIG['auto_create_user'])
@@ -336,27 +334,25 @@ function rcmail_create_user($user, $host)
{
global $DB, $CONFIG, $IMAP;
- $DB->query(sprintf("INSERT INTO %s
- (created, last_login, username, mail_host, language)
- VALUES (NOW(), NOW(), '%s', '%s', '%s')",
- get_table_name('users'),
- addslashes($user),
- addslashes($host),
- $_SESSION['user_lang']));
-
- if ($user_id = $DB->insert_id())
+ $DB->query("INSERT INTO ".get_table_name('users')."
+ (created, last_login, username, mail_host, language)
+ VALUES (NOW(), NOW(), ?, ?, ?)",
+ $user,
+ $host,
+ $_SESSION['user_lang']);
+
+ if ($user_id = $DB->insert_id('user_ids'))
{
$user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host);
$user_name = $user!=$user_email ? $user : '';
// also create a new identity record
- $DB->query(sprintf("INSERT INTO %s
- (user_id, `default`, name, email)
- VALUES (%d, '1', '%s', '%s')",
- get_table_name('identities'),
- $user_id,
- addslashes($user_name),
- addslashes($user_email)));
+ $DB->query("INSERT INTO ".get_table_name('identities')."
+ (user_id, `default`, name, email)
+ VALUES (?, '1', ?, ?)",
+ $user_id,
+ $user_name,
+ $user_email);
// get existing mailboxes
$a_mailboxes = $IMAP->list_mailboxes();