usersmodel - provide sql checks for inputs

* use form input library to check validity of the inputs
  so avoid the sql injection attacks not using specific dbms
  this permit to use any kind of database manager engine.

Author: mckaygerhard

webappweb/models/Usersmodel.php

@@ -12,6 +12,14 @@ public function logindb($username, $password)
 	{
 		log_message('info', __METHOD__ .' begin ');
 
+		$validu = $this->form_validation->required($username);
+		$validu = $this->form_validation->alpha_dash($username);
+		$validu = $this->form_validation->max_length($username,40);
+		$valids = $this->form_validation->required($password);
+		$valids = $this->form_validation->alpha($password);
+
+		if($validu == FALSE AND $valids == FALSE) return FALSE;
+
 		$this->load->database();
 		$query = $this->db->get_where('users', array('username'=>$username, 'userpass'=>$password));
 		$array_result = $query->row_array();
@@ -24,6 +32,14 @@ public function loginimap($username, $password)
 	{
 		log_message('info', __METHOD__ .' begin ');
 
+		$validu = $this->form_validation->required($username);
+		$validu = $this->form_validation->alpha_dash($username);
+		$validu = $this->form_validation->max_length($username,40);
+		$valids = $this->form_validation->required($password);
+		$valids = $this->form_validation->alpha($password);
+
+		if($validu == FALSE AND $valids == FALSE) return FALSE;
+
 		$config = array('plain'=> TRUE, 'username' => $username, 'password' => $password);
 		$this->load->library('Imap', $config);
 		$valid  = $this->imap->connect($config);