exit();
}
+unset($found_users);
+
$link = @da_sql_pconnect($config);
if ($link){
- if (($search_IN == 'name' || $search_IN == 'ou') && $config[sql_use_user_info_table] == 'true'){
- $attr = ($search_IN == 'name') ? 'name' : 'department';
+ $search = da_sql_escape_string($search);
+ if (!is_numeric($max_results))
+ $max_results = 10;
+ if ($max_results > 500)
+ $max_results = 10;
+ if (($search_IN == 'name' || $search_IN == 'department' || $search_IN == 'username') &&
+ $config[sql_use_user_info_table] == 'true'){
$res = @da_sql_query($link,$config,
- "SELECT username FROM $config[sql_user_info_table] WHERE
- lower($attr) LIKE '%$search%' LIMIT $max_results;");
+ "SELECT da_sql_limit($max_results,0,$config) username FROM $config[sql_user_info_table] WHERE
+ lower($search_IN) LIKE '%$search%'
+ da_sql_limit($max_results,1,$config) da_sql_limit($max_results,2,$config);");
if ($res){
while(($row = @da_sql_fetch_array($res,$config)))
$found_users[] = $row[username];
}
$table = ($attr_type[$radius_attr] == 'checkItem') ? $config[sql_check_table] : $config[sql_reply_table];
$attr = $attrmap[$radius_attr];
+ $attr = da_sql_escape_string($attr);
$res = @da_sql_query($link,$config,
- "SELECT username FROM $table WHERE attribute = '$attr' AND value LIKE '%$search%' LIMIT $max_results;");
+ "SELECT da_sql_limit($max_results,0,$config) username FROM $table WHERE attribute = '$attr'
+ AND value LIKE '%$search%' da_sql_limit($max_results,1,$config) da_sql_limit($max_results,2,$config);");
if ($res){
while(($row = @da_sql_fetch_array($res,$config)))
$found_users[] = $row[username];