From 9d983375dc86ecb80a999d58a938f063c60e63a4 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Fri, 17 Apr 2015 08:51:27 -0400
Subject: [PATCH] - fixed some typos in sql queries

---
 interface/web/login/index.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 1bc2db7..ddc6cfb 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -109,7 +109,7 @@
 								$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
 								$tmp = $app->db->queryOneRecord($sql, $username, $passwort);
 								$client_group_id = $app->functions->intval($tmp['default_group']);
-								$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+								$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 								
 								if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
 									die("You don't have the right to 'login as' this user!");
@@ -125,7 +125,7 @@
 					} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
 						/* a reseller wants to 'login as', we need to check if he is allowed to */
 						$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-						$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $res_client_group_id);
+						$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
 						
 						/* this is the user the reseller wants to 'login as' */
 						$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";

--
Gitblit v1.9.1