while ( strlen( $string ) < $length )
{
$string .= crypt(substr(md5(rand().rand()), 0, $length+1));
- $string = preg_replace( '/\W/', '', $string+1);
+ $string = preg_replace( '/\W/', '', $string);
}
return substr( $string, 1, $length );
global $config;
$query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
- if ( array_key_exists ( 'search', $_GET ) )
+ if ( array_key_exists ( 'search', $_POST ) )
{
- $search = $_GET['search']; // TODO: Add some sanitation and input validation!
+ $search = $_POST['search']; // TODO: Add some sanitation and input validation!
$query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
}