From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.

---
 interface/web/sites/database_user_del.php |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/interface/web/sites/database_user_del.php b/interface/web/sites/database_user_del.php
index 5ecdde5..7931fb7 100644
--- a/interface/web/sites/database_user_del.php
+++ b/interface/web/sites/database_user_del.php
@@ -53,19 +53,24 @@
 		if($app->tform->checkPerm($this->id,'d') == false) $app->error($app->lng('error_no_delete_permission'));
         
         $old_record = $app->tform->getDataRecord($this->id);
-        $app->db->datalogDelete('web_database_user', 'database_user_id', $this->id);
+        
+        /* we cannot use datalogDelete here, as we need to set server_id to 0 */
+        $app->db->query("DELETE FROM `web_database_user` WHERE $index_field = '$index_value'");
+        $new_rec = array();
+        $old_record['server_id'] = 0;
+        $app->db->datalogSave('web_database_user', 'DELETE', 'database_user_id', $this->id, $old_record, $new_rec);
     }
     
     function onAfterDelete() { // this has to be done on AFTER delete, because we need the db user still in the database when the server plugin processes the datalog
 		global $app; $conf;
 		
 		//* Update all records that belog to this user
-        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".intval($this->id)."'");
+        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."'");
         foreach($records as $rec) {
             $app->db->datalogUpdate('web_database','database_user_id=NULL','database_id', $rec['database_id']);
             
         }
-        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".intval($this->id)."'");
+        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");
         foreach($records as $rec) {
             $app->db->datalogUpdate('web_database','database_ro_user_id=NULL','database_id', $rec['database_id']);
         }

--
Gitblit v1.9.1