Hi
Having installed FreakAuth_light 1.1 and enabled user profiles, I have a problem! As admin, if I edit a record, when I hit “Save” I get a database error. The precise error is:
A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3
SELECT * FROM (`fa_user`) WHERE `id` =
From my digging, this seems to be coming from application/controllers/admin/users.php and in particular the first line of function edit($id = ‘’) which says:
function edit($id = '')
{
// security check:
// admins or superadmins cannot be edited in the users controller
$edited_role = getUserPropertyFromId($id, 'role');
$allowed = ($edited_role != 'admin' AND $edited_role != 'superadmin');
if (!$allowed) $this->freakauth_light->denyAccess(getUserProperty('role'));
The problem seems to be that the $id is not getting passed to the function by the edit form (and is being explicitly blanked by the function declaration), resulting in the security check failing - getUserPropertyFromId causes the database error as the WHERE clause in the query has nothing for $id.
Tracking this back, I’ve found application/views/FreakAuth_light/template_admin/users/edit.php and in particular the form open statement:
<?=form_open('admin/users/edit/')?>
By changing this to:
<?=form_open('admin/users/edit/' . (isset($user['id']) ? $user['id'] : $this->fal_validation->{'id'}))?>
I can make the problem go away (i.e. I can edit users), but I’m a bit concerned that (a) this seems like a big problem that surely somebody would have seen before if it was “real”, and (b) am I opening up other problems later?
Apart from that, great work, well done and thank you!
