Login!
Lost password?
 

MODx Bug/Feature Tracker and Feature Requests

Welcome to the MODx CMS Tracker. Please choose the appropriate project from the drop down menu and provide as much information as possible regarding your server environment and browser. Thanks!

FS#929 — weblogin error in SQL statement

Attached to Project — MODx
Opened by Stefanie Janine Stoelting (Stefanie) - Tuesday, 07 August 2007, 11:11AM
Last edited by Garry Nutting (garryn) - Monday, 19 November 2007, 09:42PM
Task Type Bug Report
Category Plugin/Module/Snippet
Status Closed
Assigned To Garry Nutting (garryn)
Operating System All
Severity High
Priority Normal
Reported Version 0.9.6
Due in Version 0.9.6.2
Due Date Undecided
Percent Complete 100%

Details

There is an error in the weblogin snippet on creating a SQL statement.

The default of the content of column id is NULL, but NULL is set in quotation marks:

File weblogin.inc.php line 105 to 107
File weblogin.processor.inc.php line 378 to 381

Replace
$itemid = isset($_REQUEST['id']) ? $_REQUEST['id'] : 'NULL' ;$lasthittime = time();$a = 998;

With
$itemid = isset($_REQUEST['id']) ? "'".$_REQUEST['id']."'" : 'NULL' ;$lasthittime = time();$a = 998;

Replace
$sql = "REPLACE INTO $dbase.`".$table_prefix."active_users` (internalKey, username, lasthit, action, id, ip) values(-".$_SESSION['webInternalKey'].", '".$_SESSION['webShortname']."', '".$lasthittime."', '".$a."', '".$itemid."', '$ip')";

With
$sql = "REPLACE INTO $dbase.`".$table_prefix."active_users` (internalKey, username, lasthit, action, id, ip) values(-".$_SESSION['webInternalKey'].", '".$_SESSION['webShortname']."', '".$lasthittime."', '".$a."', '.$itemid.', '$ip')";


In the atached zip-file are the corrected files.   weblogin.zip
This task depends upon

This task blocks these from closing
Closed by  Brunaud (coroico)
Friday, 09 May 2008, 04:59AM
Reason for closing:  Fixed
Comment by Garry Nutting (garryn) - Monday, 19 November 2007, 09:42PM
  • Field changed: Status (Unconfirmed → Requires testing)
  • Field changed: Due in Version (Undecided → 0.9.6.2)
  • Field changed: Percent Complete (0% → 100%)
  • Field changed: Due Date (Undecided → Undecided)
  • Task assigned to Garry Nutting (garryn)
Jason (Opengeek) had previously committed changes for weblogin.processor.inc.php.

I've committed the fix for weblogin.inc.php in SVN rev 3162.

Comment by Brunaud (coroico) - Thursday, 08 May 2008, 05:30AM
As I don't know which kind of user test was requested, i have first checked file differences from SVN 3161, 3162 and 3697.
And then to check the correction I have forced the $itemid variable to 'NULL' and checked that the $SQL is correct.
As it is ok ('1210242196', '998', NULL, '127.0.0.1'), I suggest to close this issue with the status "fixed"