From 382832457debf42a31e8009e9607f90ed547f57e Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 28 Aug 2018 23:44:50 +0200 Subject: [PATCH] Make use of database name, schema or other qualifier in all statements --- src/Administration.php | 12 +++++------ src/Auth.php | 46 +++++++++++++++++++++--------------------- src/UserManager.php | 14 ++++++------- 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/src/Administration.php b/src/Administration.php index 5e97b38..85f25a7 100644 --- a/src/Administration.php +++ b/src/Administration.php @@ -278,7 +278,7 @@ final class Administration extends UserManager { $userId = (int) $userId; $rolesBitmask = $this->db->selectValue( - 'SELECT roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE id = ?', + 'SELECT roles_mask FROM ' . $this->makeTableName('users') . ' WHERE id = ?', [ $userId ] ); @@ -304,7 +304,7 @@ final class Administration extends UserManager { $userId = (int) $userId; $rolesBitmask = $this->db->selectValue( - 'SELECT roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE id = ?', + 'SELECT roles_mask FROM ' . $this->makeTableName('users') . ' WHERE id = ?', [ $userId ] ); @@ -431,7 +431,7 @@ final class Administration extends UserManager { private function deleteUsersByColumnValue($columnName, $columnValue) { try { return $this->db->delete( - $this->dbTablePrefix . 'users', + $this->makeTableNameComponents('users'), [ $columnName => $columnValue ] @@ -458,7 +458,7 @@ final class Administration extends UserManager { private function modifyRolesForUserByColumnValue($columnName, $columnValue, callable $modification) { try { $userData = $this->db->selectRow( - 'SELECT id, roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE ' . $columnName . ' = ?', + 'SELECT id, roles_mask FROM ' . $this->makeTableName('users') . ' WHERE ' . $columnName . ' = ?', [ $columnValue ] ); } @@ -474,7 +474,7 @@ final class Administration extends UserManager { try { $this->db->exec( - 'UPDATE ' . $this->dbTablePrefix . 'users SET roles_mask = ? WHERE id = ?', + 'UPDATE ' . $this->makeTableName('users') . ' SET roles_mask = ? WHERE id = ?', [ $newRolesBitmask, (int) $userData['id'] @@ -550,7 +550,7 @@ final class Administration extends UserManager { private function logInAsUserByColumnValue($columnName, $columnValue) { try { $users = $this->db->select( - 'SELECT verified, id, email, username, status, roles_mask FROM ' . $this->dbTablePrefix . 'users WHERE ' . $columnName . ' = ? LIMIT 2 OFFSET 0', + 'SELECT verified, id, email, username, status, roles_mask FROM ' . $this->makeTableName('users') . ' WHERE ' . $columnName . ' = ? LIMIT 2 OFFSET 0', [ $columnValue ] ); } diff --git a/src/Auth.php b/src/Auth.php index 41a1410..62c9097 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -115,7 +115,7 @@ final class Auth extends UserManager { if (!empty($parts[0]) && !empty($parts[1])) { try { $rememberData = $this->db->selectRow( - 'SELECT a.user, a.token, a.expires, b.email, b.username, b.status, b.roles_mask, b.force_logout FROM ' . $this->dbTablePrefix . 'users_remembered AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON a.user = b.id WHERE a.selector = ?', + 'SELECT a.user, a.token, a.expires, b.email, b.username, b.status, b.roles_mask, b.force_logout FROM ' . $this->makeTableName('users_remembered') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON a.user = b.id WHERE a.selector = ?', [ $parts[0] ] ); } @@ -157,7 +157,7 @@ final class Auth extends UserManager { // fetch the authoritative data from the database again try { $authoritativeData = $this->db->selectRow( - 'SELECT email, username, status, roles_mask, force_logout FROM ' . $this->dbTablePrefix . 'users WHERE id = ?', + 'SELECT email, username, status, roles_mask, force_logout FROM ' . $this->makeTableName('users') . ' WHERE id = ?', [ $this->getUserId() ] ); } @@ -354,7 +354,7 @@ final class Auth extends UserManager { try { $expectedHash = $this->db->selectValue( - 'SELECT password FROM ' . $this->dbTablePrefix . 'users WHERE id = ?', + 'SELECT password FROM ' . $this->makeTableName('users') . ' WHERE id = ?', [ $this->getUserId() ] ); } @@ -497,7 +497,7 @@ final class Auth extends UserManager { try { $this->db->insert( - $this->dbTablePrefix . 'users_remembered', + $this->makeTableNameComponents('users_remembered'), [ 'user' => $userId, 'selector' => $selector, @@ -567,7 +567,7 @@ final class Auth extends UserManager { // update the timestamp of the user's last login try { $this->db->update( - $this->dbTablePrefix . 'users', + $this->makeTableNameComponents('users'), [ 'last_login' => \time() ], [ 'id' => $userId ] ); @@ -621,7 +621,7 @@ final class Auth extends UserManager { try { $confirmationData = $this->db->selectRow( - 'SELECT a.id, a.user_id, a.email AS new_email, a.token, a.expires, b.email AS old_email FROM ' . $this->dbTablePrefix . 'users_confirmations AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON b.id = a.user_id WHERE a.selector = ?', + 'SELECT a.id, a.user_id, a.email AS new_email, a.token, a.expires, b.email AS old_email FROM ' . $this->makeTableName('users_confirmations') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON b.id = a.user_id WHERE a.selector = ?', [ $selector ] ); } @@ -635,7 +635,7 @@ final class Auth extends UserManager { // invalidate any potential outstanding password reset requests try { $this->db->delete( - $this->dbTablePrefix . 'users_resets', + $this->makeTableNameComponents('users_resets'), [ 'user' => $confirmationData['user_id'] ] ); } @@ -646,7 +646,7 @@ final class Auth extends UserManager { // mark the email address as verified (and possibly update it to the new address given) try { $this->db->update( - $this->dbTablePrefix . 'users', + $this->makeTableNameComponents('users'), [ 'email' => $confirmationData['new_email'], 'verified' => 1 @@ -673,7 +673,7 @@ final class Auth extends UserManager { // consume the token just being used for confirmation try { $this->db->delete( - $this->dbTablePrefix . 'users_confirmations', + $this->makeTableNameComponents('users_confirmations'), [ 'id' => $confirmationData['id'] ] ); } @@ -818,7 +818,7 @@ final class Auth extends UserManager { try { $existingUsersWithNewEmail = $this->db->selectValue( - 'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users WHERE email = ?', + 'SELECT COUNT(*) FROM ' . $this->makeTableName('users') . ' WHERE email = ?', [ $newEmail ] ); } @@ -832,7 +832,7 @@ final class Auth extends UserManager { try { $verified = $this->db->selectValue( - 'SELECT verified FROM ' . $this->dbTablePrefix . 'users WHERE id = ?', + 'SELECT verified FROM ' . $this->makeTableName('users') . ' WHERE id = ?', [ $this->getUserId() ] ); } @@ -920,7 +920,7 @@ final class Auth extends UserManager { private function resendConfirmationForColumnValue($columnName, $columnValue, callable $callback) { try { $latestAttempt = $this->db->selectRow( - 'SELECT user_id, email FROM ' . $this->dbTablePrefix . 'users_confirmations WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0', + 'SELECT user_id, email FROM ' . $this->makeTableName('users_confirmations') . ' WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0', [ $columnValue ] ); } @@ -1133,7 +1133,7 @@ final class Auth extends UserManager { try { $projection = \implode(', ', $requestedColumns); $userData = $this->db->selectRow( - 'SELECT ' . $projection . ' FROM ' . $this->dbTablePrefix . 'users WHERE email = ?', + 'SELECT ' . $projection . ' FROM ' . $this->makeTableName('users') . ' WHERE email = ?', [ $email ] ); } @@ -1159,7 +1159,7 @@ final class Auth extends UserManager { private function getOpenPasswordResetRequests($userId) { try { $requests = $this->db->selectValue( - 'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users_resets WHERE user = ? AND expires > ?', + 'SELECT COUNT(*) FROM ' . $this->makeTableName('users_resets') . ' WHERE user = ? AND expires > ?', [ $userId, \time() @@ -1202,7 +1202,7 @@ final class Auth extends UserManager { try { $this->db->insert( - $this->dbTablePrefix . 'users_resets', + $this->makeTableNameComponents('users_resets'), [ 'user' => $userId, 'selector' => $selector, @@ -1245,7 +1245,7 @@ final class Auth extends UserManager { try { $resetData = $this->db->selectRow( - 'SELECT a.id, a.user, a.token, a.expires, b.resettable FROM ' . $this->dbTablePrefix . 'users_resets AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON b.id = a.user WHERE a.selector = ?', + 'SELECT a.id, a.user, a.token, a.expires, b.resettable FROM ' . $this->makeTableName('users_resets') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON b.id = a.user WHERE a.selector = ?', [ $selector ] ); } @@ -1263,7 +1263,7 @@ final class Auth extends UserManager { try { $this->db->delete( - $this->dbTablePrefix . 'users_resets', + $this->makeTableNameComponents('users_resets'), [ 'id' => $resetData['id'] ] ); } @@ -1356,7 +1356,7 @@ final class Auth extends UserManager { if ($this->isLoggedIn()) { try { $this->db->update( - $this->dbTablePrefix . 'users', + $this->makeTableNameComponents('users'), [ 'resettable' => $enabled ? 1 : 0 ], @@ -1385,7 +1385,7 @@ final class Auth extends UserManager { if ($this->isLoggedIn()) { try { $enabled = $this->db->selectValue( - 'SELECT resettable FROM ' . $this->dbTablePrefix . 'users WHERE id = ?', + 'SELECT resettable FROM ' . $this->makeTableName('users') . ' WHERE id = ?', [ $this->getUserId() ] ); @@ -1692,7 +1692,7 @@ final class Auth extends UserManager { try { $bucket = $this->db->selectRow( - 'SELECT tokens, replenished_at FROM ' . $this->dbTablePrefix . 'users_throttling WHERE bucket = ?', + 'SELECT tokens, replenished_at FROM ' . $this->makeTableName('users_throttling') . ' WHERE bucket = ?', [ $key ] ); } @@ -1729,7 +1729,7 @@ final class Auth extends UserManager { // merge the updated bucket into the database try { $affected = $this->db->update( - $this->dbTablePrefix . 'users_throttling', + $this->makeTableNameComponents('users_throttling'), $bucket, [ 'bucket' => $key ] ); @@ -1743,7 +1743,7 @@ final class Auth extends UserManager { try { $this->db->insert( - $this->dbTablePrefix . 'users_throttling', + $this->makeTableNameComponents('users_throttling'), $bucket ); } @@ -1869,7 +1869,7 @@ final class Auth extends UserManager { if (isset($existingSelector)) { // fetch the expiry date for the given selector $existingExpiry = $this->db->selectValue( - 'SELECT expires FROM ' . $this->dbTablePrefix . 'users_remembered WHERE selector = ? AND user = ?', + 'SELECT expires FROM ' . $this->makeTableName('users_remembered') . ' WHERE selector = ? AND user = ?', [ $existingSelector, $this->getUserId() diff --git a/src/UserManager.php b/src/UserManager.php index 787b368..fa31381 100644 --- a/src/UserManager.php +++ b/src/UserManager.php @@ -144,7 +144,7 @@ abstract class UserManager { if ($username !== null) { // count the number of users who do already have that specified username $occurrencesOfUsername = $this->db->selectValue( - 'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users WHERE username = ?', + 'SELECT COUNT(*) FROM ' . $this->makeTableName('users') . ' WHERE username = ?', [ $username ] ); @@ -161,7 +161,7 @@ abstract class UserManager { try { $this->db->insert( - $this->dbTablePrefix . 'users', + $this->makeTableNameComponents('users'), [ 'email' => $email, 'password' => $password, @@ -201,7 +201,7 @@ abstract class UserManager { try { $affected = $this->db->update( - $this->dbTablePrefix . 'users', + $this->makeTableNameComponents('users'), [ 'password' => $newPassword ], [ 'id' => $userId ] ); @@ -262,7 +262,7 @@ abstract class UserManager { $projection = \implode(', ', $requestedColumns); $users = $this->db->select( - 'SELECT ' . $projection . ' FROM ' . $this->dbTablePrefix . 'users WHERE username = ? LIMIT 2 OFFSET 0', + 'SELECT ' . $projection . ' FROM ' . $this->makeTableName('users') . ' WHERE username = ? LIMIT 2 OFFSET 0', [ $username ] ); } @@ -349,7 +349,7 @@ abstract class UserManager { try { $this->db->insert( - $this->dbTablePrefix . 'users_confirmations', + $this->makeTableNameComponents('users_confirmations'), [ 'user_id' => (int) $userId, 'email' => $email, @@ -389,7 +389,7 @@ abstract class UserManager { try { $this->db->delete( - $this->dbTablePrefix . 'users_remembered', + $this->makeTableNameComponents('users_remembered'), $whereMappings ); } @@ -407,7 +407,7 @@ abstract class UserManager { protected function forceLogoutForUserById($userId) { $this->deleteRememberDirectiveForUserById($userId); $this->db->exec( - 'UPDATE ' . $this->dbTablePrefix . 'users SET force_logout = force_logout + 1 WHERE id = ?', + 'UPDATE ' . $this->makeTableName('users') . ' SET force_logout = force_logout + 1 WHERE id = ?', [ $userId ] ); }