Enabled status is a string, not an integer, why?

sections/login/index.php

@@ -253,7 +253,8 @@ else {
           }
 
           if (empty($TwoFactor) || $TwoFA->verifyCode($TwoFactor, $_POST['twofa'])) {
-            if ($Enabled == 1) {
+            # todo: Make sure the type is (int)
+            if ($Enabled === '1') {
 
               // Check if the current login attempt is from a location previously logged in from
               if (apcu_exists('DBKEY')) {
@@ -276,7 +277,7 @@ else {
                   $DB->query("SELECT ASN FROM geoip_asn WHERE StartIP<=INET6_ATON('$_SERVER[REMOTE_ADDR]') AND EndIP>=INET6_ATON('$_SERVER[REMOTE_ADDR]')");
                   list($CurrentASN) = $DB->next_record();
 
-                  // if FEATURE_ENFORCE_LOCATIONS is enabled, require users to confirm new logins
+                  // If FEATURE_ENFORCE_LOCATIONS is enabled, require users to confirm new logins
                   if (!in_array($CurrentASN, $PastASNs) && FEATURE_ENFORCE_LOCATIONS) {
                     // Never logged in from this location before
                     if ($Cache->get_value('new_location_'.$UserID.'_'.$CurrentASN) !== true) {
@@ -398,7 +399,8 @@ else {
                 // Save the username in a cookie for the disabled page
                 setcookie('username', db_string($_POST['username']), time() + 60 * 60, '/', '', false);
                 header('Location: login.php?action=disabled');
-              } elseif ($Enabled == 0) {
+                # todo: Make sure the type is (int)
+              } elseif ($Enabled === '0') {
                 $Err = 'Your account has not been confirmed.<br />Please check your email.';
               }
               setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);

sections/tools/misc/create_user.php

@@ -1,111 +1,108 @@
-<?
+<?php
+
 // todo: Rewrite this, make it cleaner, make it work right, add it common stuff
 if (!check_perms('admin_create_users')) {
-  error(403);
+    error(403);
 }
 
-//Show our beautiful header
+// Show our beautiful header
 View::show_header('Create a User');
 
-//Make sure the form was sent
+// Make sure the form was sent
 if (isset($_POST['Username'])) {
-  authorize();
+    authorize();
 
-  //Create variables for all the fields
-  $Username = trim($_POST['Username']);
-  $Email = trim($_POST['Email']);
-  $Password = $_POST['Password'];
+    // Create variables for all the fields
+    $Username = trim($_POST['Username']);
+    $Email = trim($_POST['Email']);
+    $Password = $_POST['Password'];
 
-  //Make sure all the fields are filled in
-  //Don't allow a username of "0" or "1" because of PHP's type juggling
-  if (!empty($Username) && !empty($Email) && !empty($Password) && $Username != '0' && $Username != '1') {
+    // Make sure all the fields are filled in
+    // Don't allow a username of "0" or "1" because of PHP's type juggling
+    if (!empty($Username) && !empty($Email) && !empty($Password) && $Username != '0' && $Username != '1') {
 
-    //Create hashes...
-    $torrent_pass = Users::make_secret();
+    // Create hashes...
+        $torrent_pass = Users::make_secret();
 
-    //Create the account
-    $DB->query("
+        // Create the account
+        $DB->query("
       INSERT INTO users_main
         (Username, Email, PassHash, torrent_pass, Enabled, PermissionID)
       VALUES
         ('".db_string($Username)."', '".Crypto::encrypt($Email)."', '".db_string(Users::make_sec_hash($Password))."', '".db_string($torrent_pass)."', '1', '".USER."')");
 
-    //Increment site user count
-    $Cache->increment('stats_user_count');
+        // Increment site user count
+        $Cache->increment('stats_user_count');
 
-    //Grab the userID
-    $UserID = $DB->inserted_id();
+        // Grab the UserID
+        $UserID = $DB->inserted_id();
 
-    Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));
+        Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));
 
-    //Default stylesheet
-    $DB->query("
+        // Default stylesheet
+        $DB->query("
       SELECT ID
       FROM stylesheets");
-    list($StyleID) = $DB->next_record();
+        list($StyleID) = $DB->next_record();
 
-    //Auth key
-    $AuthKey = Users::make_secret();
+        // Auth key
+        $AuthKey = Users::make_secret();
 
-    //Give them a row in users_info
-    $DB->query("
+        // Give them a row in users_info
+        $DB->query("
       INSERT INTO users_info
         (UserID, StyleID, AuthKey, JoinDate)
       VALUES
         ('".db_string($UserID)."', '".db_string($StyleID)."', '".db_string($AuthKey)."', NOW())");
 
-    // Give the notification settings
-    $DB->query("INSERT INTO users_notifications_settings (UserID) VALUES ('$UserID')");
-
-    //Redirect to users profile
-    header ("Location: user.php?id=$UserID");
-
-  //What to do if we don't have a username, email, or password
-  } elseif (empty($Username)) {
+        // Give the notification settings
+        $DB->query("INSERT INTO users_notifications_settings (UserID) VALUES ('$UserID')");
 
-    //Give the Error -- We do not have a username
-    error('Please supply a username');
+        // Redirect to users profile
+        header("Location: user.php?id=$UserID");
 
-  } elseif (empty($Email)) {
+    // What to do if we don't have a username, email, or password
+    } elseif (empty($Username)) {
 
-    //Give the Error -- We do not have an email address
-    error('Please supply an email address');
+    // Give the Error -- We do not have a username
+        error('Please supply a username');
+    } elseif (empty($Email)) {
 
-  } elseif (empty($Password)) {
+    // Give the Error -- We do not have an email address
+        error('Please supply an email address');
+    } elseif (empty($Password)) {
 
-    //Give the Error -- We do not have a password
-    error('Please supply a password');
+    // Give the Error -- We do not have a password
+        error('Please supply a password');
+    } else {
 
-  } else {
+    // Uh oh, something went wrong
+        error('Unknown error');
+    }
 
-    //Uh oh, something went wrong
-    error('Unknown error');
-
-  }
-
-//Form wasn't sent -- Show form
+    // Form wasn't sent -- Show form
 } else {
+    ?>
+<div class="header">
+  <h2>Create a User</h2>
+</div>
 
-  ?>
-  <div class="header">
-    <h2>Create a User</h2>
-  </div>
-
-  <div class="thin box pad">
+<div class="thin box pad">
   <form class="create_form" name="user" method="post" action="">
     <input type="hidden" name="action" value="create_user" />
-    <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
+    <input type="hidden" name="auth"
+      value="<?=$LoggedUser['AuthKey']?>" />
     <table class="layout" cellpadding="2" cellspacing="1" border="0" align="center">
       <tr valign="top">
-        <td align="right" class="label">Username:</td>
+        <td align="right" class="label">Username</td>
         <td align="left"><input type="text" name="Username" id="username" class="inputtext" /></td>
       </tr>
       <tr valign="top">
-        <td align="right" class="label">Email address:</td>
+        <td align="right" class="label">Email Address</td>
         <td align="left"><input type="email" name="Email" id="email" class="inputtext" /></td>
       </tr>
       <tr valign="top">
-        <td align="right" class="label">Password:</td>
+        <td align="right" class="label">Password</td>
         <td align="left"><input type="password" name="Password" id="password" class="inputtext" /></td>
       </tr>
       <tr>
@@ -115,8 +112,8 @@ if (isset($_POST['Username'])) {
       </tr>
     </table>
   </form>
-  </div>
-<?
+</div>
+<?php
 }
 
-View::show_footer(); ?>
+View::show_footer();