From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/mail/mail_user_stats.php |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface/web/mail/mail_user_stats.php b/interface/web/mail/mail_user_stats.php
index 356d28c..abb5461 100644
--- a/interface/web/mail/mail_user_stats.php
+++ b/interface/web/mail/mail_user_stats.php
@@ -34,28 +34,28 @@
 		//* Set the statistics colums
 		//** Traffic of the current month
 		$tmp_date = date('Y-m');
-		$tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
+		$tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ? AND month = ?", $rec['mailuser_id'], $tmp_date);
 //		$rec['this_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
 		$rec['this_month'] = $app->functions->formatBytes($tmp_rec['t']);
 		if ($rec['this_month'] == 'NAN') $rec['this_month'] = '0 KB';
 
 		//** Traffic of the current year
 		$tmp_date = date('Y');
-		$tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
+		$tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ? AND month like ?", $rec['mailuser_id'], $tmp_date . '%');
 //		$rec['this_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
 		$rec['this_year'] = $app->functions->formatBytes($tmp_rec['t']);
 		if ($rec['this_year'] == 'NAN') $rec['this_year'] = '0 KB';
 
 		//** Traffic of the last month
 		$tmp_date = date('Y-m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
-		$tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
+		$tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ? AND month = ?", $rec['mailuser_id'], $tmp_date);
 //		$rec['last_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
 		$rec['last_month'] = $app->functions->formatBytes($tmp_rec['t']);
 		if ($rec['last_month'] == 'NAN') $rec['last_month'] = '0 KB';
 
 		//** Traffic of the last year
 		$tmp_date = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
-		$tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
+		$tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ? AND month like ?", $rec['mailuser_id'], $tmp_date . '%');
 //		$rec['last_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');
 		$rec['last_year'] = $app->functions->formatBytes($tmp_rec['t']);
 		if ($rec['last_year'] == 'NAN') $rec['last_year'] = '0 KB';

--
Gitblit v1.9.1