--- web/html/account.php | 15 +++++++++++---- 1 files changed, 11 insertions(+), 4 deletions(-) diff --git a/web/html/account.php b/web/html/account.php index e8a3218..bf84989 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -69,10 +69,17 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($_REQUEST["Action"] == "AccountInfo") { # no editing, just looking up user info # - $q = "SELECT Users.*, AccountTypes.AccountType "; - $q.= "FROM Users, AccountTypes "; - $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Users.ID = ".intval($_REQUEST["ID"]); + if (isset($_REQUEST["ID"])) { + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + $q.= "AND Users.ID = ".intval($_REQUEST["ID"]); + } else { + $q = "SELECT Users.*, AccountTypes.AccountType "; + $q.= "FROM Users, AccountTypes "; + $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; + $q.= "AND Users.Username = '".mysql_real_escape_string($_REQUEST["U"]) . "'"; + } $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { print __("Could not retrieve information for the specified user."); -- 1.7.3.2