* Update password_check to work with all password attributes and use the configuration directives
* Add more documentation for per user counter limit attributes (daily/weekly/monthly limits)
* Make all counter limits default to none so that people don't get confused
+* In clear_opensessions depending on sql type use either IS NULL or = 0 in the DELETE statement.
+ We need to find a cleaner solution to this. This closes bug#175
Ver 1.75:
* A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to
be accessed by normal users (not administrators).
$sql_servers = array();
if ($config[sql_extra_servers] != '')
$sql_servers = explode(' ',$config[sql_extra_servers]);
+ $quer = '= 0';
+ if ($config[sql_type] == 'pg')
+ $quer = 'IS NULL';
$sql_servers[] = $config[sql_server];
foreach ($sql_servers as $server){
$link = @da_sql_host_connect($server,$config);
if ($link){
$res = @da_sql_query($link,$config,
"DELETE FROM $config[sql_accounting_table]
- WHERE username='$login' AND acctstoptime = 0 $sql_extra_query;");
+ WHERE username='$login' AND acctstoptime $quer $sql_extra_query;");
if ($res)
echo "<b>Deleted open sessions from accounting table on server $server</b><br>\n";
else