From 2c4505c4c038a9912eaaae2856fc0902d4379d94 Mon Sep 17 00:00:00 2001 From: Quitta Date: Tue, 2 Jul 2013 16:36:44 +0200 Subject: [PATCH] Checking filled in data for change_info has to be updated --- .../ryzom_ams/www/html/func/change_info.php | 18 ++++++++++++++++++ .../ryzom_ams/www/html/templates/settings.tpl | 10 +++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php index f0b49fff0..c19c418c3 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php @@ -17,6 +17,24 @@ function change_info(){ } $webUser = new WebUsers(); + $current_info = $webUser->getInfo($_POST['target_id']); + //TODO: XSS filtering + $query = "UPDATE ams_user SET "; + if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){ + $query = $query . "FirstName = :fName "; + } + if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){ + $query = $query . "LastName = :lName "; + } + //TODO: add the other fields too + $query = $query . "WHERE Login = :user"; + + + print($query); + exit; + + + $reply = $webUser->checkEmail($_POST['NewEmail']); if ( $reply != "success" ){ $result['EMAIL_ERROR'] = 'TRUE'; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl index 66bb1c8b3..4ab3a2697 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl @@ -144,7 +144,7 @@
- +
@@ -154,7 +154,7 @@
- +
@@ -421,17 +421,17 @@