arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- Only validate fields we care about, not any field we find in the loaded user

Browse Source
This commit is contained in:
dave 2009-09-26 18:18:43 +00:00
parent c23ce973b1
commit d10c98f8fd
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
user_personal.php
View File

@ -113,16 +113,15 @@ case 'save':
/* Set values */ /* Set values */
foreach($fields as $f) { foreach($fields as $f) {
$u[$f] = stripslashes($_POST[$f]); $u[$f] = stripslashes($_POST[$f]);
} /* Allow the user to clear a field regardless of regex */
if($u[$f] == '') continue;
foreach($u as $f=>$v) {
if($v == '') continue;
/* See if this field has a validate */ /* See if this field has a validate */
if(isset($user_personal_fields[$f]['regexp'])) { if(isset($user_personal_fields[$f]['regexp'])) {
/* Match the regex */ /* Match the regex */
if(!ereg($user_personal_fields[$f]['regexp'], $v)) { if(!ereg($user_personal_fields[$f]['regexp'], $u[$f])) {
/* Bad */ /* Bad */
echo "bad regex match ({$user_personal_fields[$f]['regexp']})";
$save = false; $save = false;
$errorfields[] = $f; $errorfields[] = $f;
} }
@ -153,13 +152,14 @@ case 'save':
$q=mysql_query("SELECT id FROM users WHERE email='$em' AND uid!='{$u['uid']}' AND deleted='no'"); $q=mysql_query("SELECT id FROM users WHERE email='$em' AND uid!='{$u['uid']}' AND deleted='no'");
if(mysql_num_rows($q) > 0) { if(mysql_num_rows($q) > 0) {
error_("That email address is in use by another user"); error_("That email address is in use by another user");
echo "email error";
$save = false; $save = false;
} }
if($save == true) { if($save == true) {
user_save($u); user_save($u);
happy_("%1 %2 successfully updated",array($_POST['firstname'],$_POST['lastname'])); happy_("%1 %2 successfully updated",array($_POST['firstname'],$_POST['lastname']));
} }
exit; exit;
} }