Added SQL-Injection protection

includes/account.php

@@ -2099,7 +2099,7 @@
 			$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
 		} else {
 			$row = mysql_fetch_assoc($res);
-			mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
+			mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
 					`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
 		}
 	}
@@ -2358,7 +2358,7 @@
 	{
 		if($_REQUEST['userid'] != "")
 			$_REQUEST['userid'] = intval($_REQUEST['userid']);
-		$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"));
+		$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
 		if($row['email'] == "")
 			$id = 42;
 		else
@@ -2373,7 +2373,7 @@
 			echo _("No such user found.");
 		} else {
 			mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
-			$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"));
+			$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
 			printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
 
 
@@ -2608,7 +2608,7 @@
 		if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "")
 			$_REQUEST['userid'] = intval($_REQUEST['userid']);
 
-		$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"));
+		$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
 		if($row['email'] == "")
 			$id = 42;
 		else