mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-02 14:17:26 +02:00
Code Issues Releases Wiki Activity

Make use of database name, schema or other qualifier in all statements

Browse Source
This commit is contained in:
Marco
2018-08-28 23:44:50 +02:00
parent f70923679f
commit 382832457d
3 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Administration.php
View File

@@ -278,7 +278,7 @@ final class Administration extends UserManager {
$userId = (int) $userId;
$rolesBitmask = $this->db->selectValue(
'SELECT roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT roles_mask FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $userId ]
);
@@ -304,7 +304,7 @@ final class Administration extends UserManager {
$userId = (int) $userId;
$rolesBitmask = $this->db->selectValue(
'SELECT roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT roles_mask FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $userId ]
);
@@ -431,7 +431,7 @@ final class Administration extends UserManager {
private function deleteUsersByColumnValue($columnName, $columnValue) {
try {
return $this->db->delete(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[
$columnName => $columnValue
]
@@ -458,7 +458,7 @@ final class Administration extends UserManager {
private function modifyRolesForUserByColumnValue($columnName, $columnValue, callable $modification) {
try {
$userData = $this->db->selectRow(
'SELECT id, roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE ' . $columnName . ' = ?',
'SELECT id, roles_mask FROM ' . $this->makeTableName('users') . ' WHERE ' . $columnName . ' = ?',
[ $columnValue ]
);
}
@@ -474,7 +474,7 @@ final class Administration extends UserManager {
try {
$this->db->exec(
'UPDATE ' . $this->dbTablePrefix . 'users SET roles_mask = ? WHERE id = ?',
'UPDATE ' . $this->makeTableName('users') . ' SET roles_mask = ? WHERE id = ?',
[
$newRolesBitmask,
(int) $userData['id']
@@ -550,7 +550,7 @@ final class Administration extends UserManager {
private function logInAsUserByColumnValue($columnName, $columnValue) {
try {
$users = $this->db->select(
'SELECT verified, id, email, username, status, roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE ' . $columnName . ' = ? LIMIT 2 OFFSET 0',
'SELECT verified, id, email, username, status, roles_mask FROM ' . $this->makeTableName('users') . ' WHERE ' . $columnName . ' = ? LIMIT 2 OFFSET 0',
[ $columnValue ]
);
}

46
src/Auth.php
View File

@@ -115,7 +115,7 @@ final class Auth extends UserManager {
if (!empty($parts[0]) && !empty($parts[1])) {
try {
$rememberData = $this->db->selectRow(
'SELECT a.user, a.token, a.expires, b.email, b.username, b.status, b.roles_mask, b.force_logout FROM ' . $this->dbTablePrefix . 'users_remembered AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON a.user = b.id WHERE a.selector = ?',
'SELECT a.user, a.token, a.expires, b.email, b.username, b.status, b.roles_mask, b.force_logout FROM ' . $this->makeTableName('users_remembered') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON a.user = b.id WHERE a.selector = ?',
[ $parts[0] ]
);
}
@@ -157,7 +157,7 @@ final class Auth extends UserManager {
// fetch the authoritative data from the database again
try {
$authoritativeData = $this->db->selectRow(
'SELECT email, username, status, roles_mask, force_logout FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT email, username, status, roles_mask, force_logout FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
}
@@ -354,7 +354,7 @@ final class Auth extends UserManager {
try {
$expectedHash = $this->db->selectValue(
'SELECT password FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT password FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
}
@@ -497,7 +497,7 @@ final class Auth extends UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users_remembered',
$this->makeTableNameComponents('users_remembered'),
[
'user' => $userId,
'selector' => $selector,
@@ -567,7 +567,7 @@ final class Auth extends UserManager {
// update the timestamp of the user's last login
try {
$this->db->update(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[ 'last_login' => \time() ],
[ 'id' => $userId ]
);
@@ -621,7 +621,7 @@ final class Auth extends UserManager {
try {
$confirmationData = $this->db->selectRow(
'SELECT a.id, a.user_id, a.email AS new_email, a.token, a.expires, b.email AS old_email FROM ' . $this->dbTablePrefix . 'users_confirmations AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON b.id = a.user_id WHERE a.selector = ?',
'SELECT a.id, a.user_id, a.email AS new_email, a.token, a.expires, b.email AS old_email FROM ' . $this->makeTableName('users_confirmations') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON b.id = a.user_id WHERE a.selector = ?',
[ $selector ]
);
}
@@ -635,7 +635,7 @@ final class Auth extends UserManager {
// invalidate any potential outstanding password reset requests
try {
$this->db->delete(
$this->dbTablePrefix . 'users_resets',
$this->makeTableNameComponents('users_resets'),
[ 'user' => $confirmationData['user_id'] ]
);
}
@@ -646,7 +646,7 @@ final class Auth extends UserManager {
// mark the email address as verified (and possibly update it to the new address given)
try {
$this->db->update(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[
'email' => $confirmationData['new_email'],
'verified' => 1
@@ -673,7 +673,7 @@ final class Auth extends UserManager {
// consume the token just being used for confirmation
try {
$this->db->delete(
$this->dbTablePrefix . 'users_confirmations',
$this->makeTableNameComponents('users_confirmations'),
[ 'id' => $confirmationData['id'] ]
);
}
@@ -818,7 +818,7 @@ final class Auth extends UserManager {
try {
$existingUsersWithNewEmail = $this->db->selectValue(
'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users WHERE email = ?',
'SELECT COUNT(*) FROM ' . $this->makeTableName('users') . ' WHERE email = ?',
[ $newEmail ]
);
}
@@ -832,7 +832,7 @@ final class Auth extends UserManager {
try {
$verified = $this->db->selectValue(
'SELECT verified FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT verified FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
}
@@ -920,7 +920,7 @@ final class Auth extends UserManager {
private function resendConfirmationForColumnValue($columnName, $columnValue, callable $callback) {
try {
$latestAttempt = $this->db->selectRow(
'SELECT user_id, email FROM ' . $this->dbTablePrefix . 'users_confirmations WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0',
'SELECT user_id, email FROM ' . $this->makeTableName('users_confirmations') . ' WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0',
[ $columnValue ]
);
}
@@ -1133,7 +1133,7 @@ final class Auth extends UserManager {
try {
$projection = \implode(', ', $requestedColumns);
$userData = $this->db->selectRow(
'SELECT ' . $projection . ' FROM ' . $this->dbTablePrefix . 'users WHERE email = ?',
'SELECT ' . $projection . ' FROM ' . $this->makeTableName('users') . ' WHERE email = ?',
[ $email ]
);
}
@@ -1159,7 +1159,7 @@ final class Auth extends UserManager {
private function getOpenPasswordResetRequests($userId) {
try {
$requests = $this->db->selectValue(
'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users_resets WHERE user = ? AND expires > ?',
'SELECT COUNT(*) FROM ' . $this->makeTableName('users_resets') . ' WHERE user = ? AND expires > ?',
[
$userId,
\time()
@@ -1202,7 +1202,7 @@ final class Auth extends UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users_resets',
$this->makeTableNameComponents('users_resets'),
[
'user' => $userId,
'selector' => $selector,
@@ -1245,7 +1245,7 @@ final class Auth extends UserManager {
try {
$resetData = $this->db->selectRow(
'SELECT a.id, a.user, a.token, a.expires, b.resettable FROM ' . $this->dbTablePrefix . 'users_resets AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON b.id = a.user WHERE a.selector = ?',
'SELECT a.id, a.user, a.token, a.expires, b.resettable FROM ' . $this->makeTableName('users_resets') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON b.id = a.user WHERE a.selector = ?',
[ $selector ]
);
}
@@ -1263,7 +1263,7 @@ final class Auth extends UserManager {
try {
$this->db->delete(
$this->dbTablePrefix . 'users_resets',
$this->makeTableNameComponents('users_resets'),
[ 'id' => $resetData['id'] ]
);
}
@@ -1356,7 +1356,7 @@ final class Auth extends UserManager {
if ($this->isLoggedIn()) {
try {
$this->db->update(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[
'resettable' => $enabled ? 1 : 0
],
@@ -1385,7 +1385,7 @@ final class Auth extends UserManager {
if ($this->isLoggedIn()) {
try {
$enabled = $this->db->selectValue(
'SELECT resettable FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT resettable FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
@@ -1692,7 +1692,7 @@ final class Auth extends UserManager {
try {
$bucket = $this->db->selectRow(
'SELECT tokens, replenished_at FROM ' . $this->dbTablePrefix . 'users_throttling WHERE bucket = ?',
'SELECT tokens, replenished_at FROM ' . $this->makeTableName('users_throttling') . ' WHERE bucket = ?',
[ $key ]
);
}
@@ -1729,7 +1729,7 @@ final class Auth extends UserManager {
// merge the updated bucket into the database
try {
$affected = $this->db->update(
$this->dbTablePrefix . 'users_throttling',
$this->makeTableNameComponents('users_throttling'),
$bucket,
[ 'bucket' => $key ]
);
@@ -1743,7 +1743,7 @@ final class Auth extends UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users_throttling',
$this->makeTableNameComponents('users_throttling'),
$bucket
);
}
@@ -1869,7 +1869,7 @@ final class Auth extends UserManager {
if (isset($existingSelector)) {
// fetch the expiry date for the given selector
$existingExpiry = $this->db->selectValue(
'SELECT expires FROM ' . $this->dbTablePrefix . 'users_remembered WHERE selector = ? AND user = ?',
'SELECT expires FROM ' . $this->makeTableName('users_remembered') . ' WHERE selector = ? AND user = ?',
[
$existingSelector,
$this->getUserId()

14
src/UserManager.php
View File

@@ -144,7 +144,7 @@ abstract class UserManager {
if ($username !== null) {
// count the number of users who do already have that specified username
$occurrencesOfUsername = $this->db->selectValue(
'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users WHERE username = ?',
'SELECT COUNT(*) FROM ' . $this->makeTableName('users') . ' WHERE username = ?',
[ $username ]
);
@@ -161,7 +161,7 @@ abstract class UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[
'email' => $email,
'password' => $password,
@@ -201,7 +201,7 @@ abstract class UserManager {
try {
$affected = $this->db->update(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[ 'password' => $newPassword ],
[ 'id' => $userId ]
);
@@ -262,7 +262,7 @@ abstract class UserManager {
$projection = \implode(', ', $requestedColumns);
$users = $this->db->select(
'SELECT ' . $projection . ' FROM ' . $this->dbTablePrefix . 'users WHERE username = ? LIMIT 2 OFFSET 0',
'SELECT ' . $projection . ' FROM ' . $this->makeTableName('users') . ' WHERE username = ? LIMIT 2 OFFSET 0',
[ $username ]
);
}
@@ -349,7 +349,7 @@ abstract class UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users_confirmations',
$this->makeTableNameComponents('users_confirmations'),
[
'user_id' => (int) $userId,
'email' => $email,
@@ -389,7 +389,7 @@ abstract class UserManager {
try {
$this->db->delete(
$this->dbTablePrefix . 'users_remembered',
$this->makeTableNameComponents('users_remembered'),
$whereMappings
);
}
@@ -407,7 +407,7 @@ abstract class UserManager {
protected function forceLogoutForUserById($userId) {
$this->deleteRememberDirectiveForUserById($userId);
$this->db->exec(
'UPDATE ' . $this->dbTablePrefix . 'users SET force_logout = force_logout + 1 WHERE id = ?',
'UPDATE ' . $this->makeTableName('users') . ' SET force_logout = force_logout + 1 WHERE id = ?',
[ $userId ]
);
}