Merge branch 'patch-5' into 'dev-3.0'

Update doppelaccis.php See merge request !8

Merge branch 'patch-5' into 'dev-3.0'
Update doppelaccis.php See merge request !8
3dddfa88 · Joel Kuder · 3fcaa6c2 · 65c63199 · 3dddfa88
Commit 3dddfa88 authored 5 years ago by Joel Kuder
--- a/adminforce/content/usersystem/doppelaccis.php
+++ b/adminforce/content/usersystem/doppelaccis.php
@@ -5,7 +5,7 @@
    <td align="center"><b>IP-Adresse</b></td>
 </tr>
 <?php
-$sql = sql::$db->query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die(mysql_error());
+$sql = sql::$db->query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die($sql->errorInfo());
 if ($sql->rowCount() == 0) {
    echo '
 <tr>
@@ -26,10 +26,12 @@ if ($sql->rowCount() == 0) {
 </table>
 <?php
 if (isset($_GET['ip'])) {
-    $ip = sql::$db->query("SELECT k.uid,u.nickname FROM
+    $ip = sql::$db->prepare("SELECT k.uid,u.nickname FROM
                        " . _VMS_ . "_kontodaten AS k
                        LEFT JOIN " . _VMS_ . "_userdaten AS u ON u.uid=k.uid
-WHERE k.login_ip='" . addslashes($_GET['ip']) . "'");
+WHERE k.login_ip=:ip");
+    $ip->bindParam(':ip', $_GET['ip'], PDO::PARAM_STR);
+    $ip->execute();

    echo "<p>User mit der IP " . $_GET['ip'] . ":</p>";
    while ($doppelt = $ip -> fetch() ) {
@@ -49,14 +51,14 @@ foot();
    <td align="center"><b>md5Hash</b></td>
 </tr>
 <?php
-$sql2 = sql::$db->query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die(mysql_error());
+$sql2 = sql::$db->query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die($sql->errorInfo());
 if ($sql2->rowCount() == 0) {
    echo '
 <tr>
-     <td colspan="2" align="center"><font color="green">Keine Doppelten Passwörter im System</font></td>
+     <td colspan="2" align="center"><font color="green">Keine doppelten Passwörter im System</font></td>
 </tr>';
 } else {
-    while ($fake2 = mysql_fetch_assoc($sql2)) {
+    while ($fake2 = $sql2->fetch(PDO::FETCH_ASSOC) ) {
        echo '
   <tr>
       <td>' . $fake2['anzahl'] . '</td>
@@ -74,10 +76,12 @@ if (isset($_GET['md5'])) {
    $md5 = db_query("SELECT k.uid,u.nickname FROM
                        `" . _VMS_ . "_kontodaten` AS k
                        LEFT JOIN `" . _VMS_ . "_userdaten` AS u ON u.uid=k.uid
-WHERE k.passwort='" . addslashes($_GET['md5']) . "'");
+WHERE k.passwort=:md5");
+    $md5->bindParam(':md5', $_GET['md5'], PDO::PARAM_STR);
+    $md5->execute();

    echo "<p>User mit dem Passworthash " . $_GET['md5'] . ":</p>";
-    while ($doppelt = mysql_fetch_assoc($md5)) {
+    while ($doppelt = $md5->fetch(PDO::FETCH_ASSOC) ) {
        echo "<a href='?content=/usersystem/userbearbeiten&uid=" . $doppelt['uid'] . "'>" . $doppelt['nickname'] . "</a><br>";
    }
 }