PDO対応

[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / plugins / NP_SecurityEnforcer.php

diff --git a/utf8/nucleus/plugins/NP_SecurityEnforcer.php b/utf8/nucleus/plugins/NP_SecurityEnforcer.php
index 6095515..97c25f2 100644 (file)
--- a/utf8/nucleus/plugins/NP_SecurityEnforcer.php
+++ b/utf8/nucleus/plugins/NP_SecurityEnforcer.php
@@ -122,11 +122,11 @@ class NP_SecurityEnforcer extends NucleusPlugin {
                        sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE lastfail < ".(time() - ($this->login_lockout * 60)));
                        $query = "SELECT fails as result FROM ".sql_table('plug_securityenforcer')." ";
 //                     $query .= "WHERE login='".addslashes($login)."'";
                        sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE lastfail < ".(time() - ($this->login_lockout * 60)));
                        $query = "SELECT fails as result FROM ".sql_table('plug_securityenforcer')." ";
 //                     $query .= "WHERE login='".addslashes($login)."'";

-                       $query .= "WHERE login='".mysql_real_escape_string($login)."'";
+                       $query .= "WHERE login='".sql_real_escape_string($login)."'";

                        $flogin = quickQuery($query); 
                        $query = "SELECT fails as result FROM ".sql_table('plug_securityenforcer')." ";
 //                     $query .= "WHERE login='".addslashes($ip)."'";
                        $flogin = quickQuery($query); 
                        $query = "SELECT fails as result FROM ".sql_table('plug_securityenforcer')." ";
 //                     $query .= "WHERE login='".addslashes($ip)."'";

-                       $query .= "WHERE login='".mysql_real_escape_string($ip)."'";
+                       $query .= "WHERE login='".sql_real_escape_string($ip)."'";

                        $fip = quickQuery($query); 
                        if ($flogin >= $this->max_failed_login || $fip >= $this->max_failed_login) {
                                $data['success'] = 0;
                        $fip = quickQuery($query); 
                        if ($flogin >= $this->max_failed_login || $fip >= $this->max_failed_login) {
                                $data['success'] = 0;


@@ -145,9 +145,9 @@ class NP_SecurityEnforcer extends NucleusPlugin {
                        $login = $data['username'];
                        $ip = $_SERVER['REMOTE_ADDR'];
 //                     sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($login)."'");
                        $login = $data['username'];
                        $ip = $_SERVER['REMOTE_ADDR'];
 //                     sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($login)."'");

-                       sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".mysql_real_escape_string($login)."'");
+                       sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($login)."'");

 //                     sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($ip)."'");                      
 //                     sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($ip)."'");                      

-                       sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".mysql_real_escape_string($ip)."'");                        
+                       sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($ip)."'");                  

                }
        }
        
                }
        }
        


@@ -159,23 +159,23 @@ class NP_SecurityEnforcer extends NucleusPlugin {
                        $ip = $_SERVER['REMOTE_ADDR'];
                        //sql_table('plug_securityenforcer')
 //                     $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($login)."'");
                        $ip = $_SERVER['REMOTE_ADDR'];
                        //sql_table('plug_securityenforcer')
 //                     $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($login)."'");

-                       $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".mysql_real_escape_string($login)."'");
-                       if (mysql_num_rows($lres)) {
+                       $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($login)."'");
+                       if (sql_num_rows($lres)) {

 //                             sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".addslashes($login)."'");
 //                             sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".addslashes($login)."'");

-                               sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".mysql_real_escape_string($login)."'");
+                               sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".sql_real_escape_string($login)."'");

                        }
                        else {
 //                             sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".addslashes($login)."',1,".time().")");
                        }
                        else {
 //                             sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".addslashes($login)."',1,".time().")");

-                               sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".mysql_real_escape_string($login)."',1,".time().")");
+                               sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".sql_real_escape_string($login)."',1,".time().")");

                        }
                        $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($ip)."'");
                        }
                        $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".addslashes($ip)."'");

-                       if (mysql_num_rows($lres)) {
+                       if (sql_num_rows($lres)) {

 //                             sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".addslashes($ip)."'");
 //                             sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".addslashes($ip)."'");

-                               sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".mysql_real_escape_string($ip)."'");
+                               sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".sql_real_escape_string($ip)."'");

                        }
                        else {
 //                             sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".addslashes($ip)."',1,".time().")");
                        }
                        else {
 //                             sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".addslashes($ip)."',1,".time().")");

-                               sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".mysql_real_escape_string($ip)."',1,".time().")");
+                               sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".sql_real_escape_string($ip)."',1,".time().")");

                        }
                }               
        }
                        }
                }               
        }