Enano CMS (1.1.x): comparison plugins/SpecialUserFuncs.php

equal deleted inserted replaced

-:474f8be55943
+:ab66d6d1f1f4
 /*
 Plugin Name: Special user/login-related pages
 Plugin URI: http://enanocms.org/
 Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
 Author: Dan Fuhry
-Version: 1.0.2
+Version: 1.0.3
 Author URI: http://enanocms.org/
 */
 /*
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
-* Version 1.0.2
+* Version 1.0.3
 * Copyright (C) 2006-2007 Dan Fuhry
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 $db->free_result();
 }
 if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
 {
+header('Content-type: application/json');
 $username = ( $session->user_logged_in ) ? $session->username : false;
 $response = Array(
 'username' => $username,
 'key' => $pubkey,
 'challenge' => $challenge,
 $_GET['finduser']);
 $finduser = str_replace(array('*', '?'),
 array('%', '_'),
 $finduser);
 $finduser = $db->escape($finduser);
-$username_where = 'u.username LIKE "' . $finduser . '"';
+$username_where = ENANO_SQLFUNC_LOWERCASE . '(u.username) LIKE \'%' . strtolower($finduser) . '%\'';
 $finduser_url = 'finduser=' . rawurlencode($_GET['finduser']) . '&';
 }
 else
 {
-$username_where = 'u.username REGEXP "^' . $startletter_sql . '"';
+if ( ENANO_DBLAYER == 'MYSQL' )
+$username_where = 'lcase(u.username) REGEXP lcase("^' . $startletter_sql . '")';
+else if ( ENANO_DBLAYER == 'PGSQL' )
+$username_where = 'lower(u.username) ~ lower(\'^' . $startletter_sql . '\')';
 $finduser_url = '';
 }
 // Column markers
 $headings = '<tr>
 <a href="' . makeUrlNS('Special', 'Memberlist', $finduser_url . 'letter=' . $startletter . '&sort=regist&orderby=' . $sortorders['regist'], true) . '">Registered</a>
 </th>
 </tr>';
 // determine number of rows
-$q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != "Anonymous";');
+$q = $db->sql_query('SELECT u.user_id FROM '.table_prefix.'users AS u WHERE ' . $username_where . ' AND u.username != \'Anonymous\';');
 if ( !$q )
 $db->_die();
 $num_rows = $db->numrows();
 $db->free_result();
 // main selector
 $q = $db->sql_unbuffered_query('SELECT u.user_id, u.username, u.reg_time, u.email, u.user_level, u.reg_time, x.email_public FROM '.table_prefix.'users AS u
 LEFT JOIN '.table_prefix.'users_extra AS x
 ON ( u.user_id = x.user_id )
-WHERE ' . $username_where . ' AND u.username != "Anonymous"
+WHERE ' . $username_where . ' AND u.username != \'Anonymous\'
 ORDER BY ' . $sort_sqllet . ' ' . $target_order . ';');
 if ( !$q )
 $db->_die();
 $html = paginate(
 </table>
 </div>
 ' .
 '<div style="float: left;">
 <form action="' . makeUrlNS('Special', 'Memberlist') . '" method="get" onsubmit="if ( !submitAuthorized ) return false;">'
-. ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->nslist[$paths->namespace] . $paths->cpage['urlname_nons'] ) . '" />' : '' )
+. ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->page ) . '" />' : '' )
 . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '')
 . '<p>Find a member: ' . $template->username_field('finduser') . ' <input type="submit" value="Go" /><br /><small>You may use the following wildcards: * to match multiple characters, ? to match a single character.</small></p>'
 . '</form>
 </div>'                                                                                                // Footer (printed after rows)
 );

changeset 326	ab66d6d1f1f4
parent 304	e2cb5f1432c8
parent 324	16d0c9f33466
child 334	c72b545f1304