mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-10-23 11:56:04 +02:00
Code Issues Releases Wiki Activity

Make use of database name, schema or other qualifier in all statements

Browse Source
This commit is contained in:
Marco
2018-08-28 23:44:50 +02:00
parent f70923679f
commit 382832457d
3 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/Auth.php
View File

@@ -115,7 +115,7 @@ final class Auth extends UserManager {
if (!empty($parts[0]) && !empty($parts[1])) {
try {
$rememberData = $this->db->selectRow(
'SELECT a.user, a.token, a.expires, b.email, b.username, b.status, b.roles_mask, b.force_logout FROM ' . $this->dbTablePrefix . 'users_remembered AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON a.user = b.id WHERE a.selector = ?',
'SELECT a.user, a.token, a.expires, b.email, b.username, b.status, b.roles_mask, b.force_logout FROM ' . $this->makeTableName('users_remembered') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON a.user = b.id WHERE a.selector = ?',
[ $parts[0] ]
);
}
@@ -157,7 +157,7 @@ final class Auth extends UserManager {
// fetch the authoritative data from the database again
try {
$authoritativeData = $this->db->selectRow(
'SELECT email, username, status, roles_mask, force_logout FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT email, username, status, roles_mask, force_logout FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
}
@@ -354,7 +354,7 @@ final class Auth extends UserManager {
try {
$expectedHash = $this->db->selectValue(
'SELECT password FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT password FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
}
@@ -497,7 +497,7 @@ final class Auth extends UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users_remembered',
$this->makeTableNameComponents('users_remembered'),
[
'user' => $userId,
'selector' => $selector,
@@ -567,7 +567,7 @@ final class Auth extends UserManager {
// update the timestamp of the user's last login
try {
$this->db->update(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[ 'last_login' => \time() ],
[ 'id' => $userId ]
);
@@ -621,7 +621,7 @@ final class Auth extends UserManager {
try {
$confirmationData = $this->db->selectRow(
'SELECT a.id, a.user_id, a.email AS new_email, a.token, a.expires, b.email AS old_email FROM ' . $this->dbTablePrefix . 'users_confirmations AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON b.id = a.user_id WHERE a.selector = ?',
'SELECT a.id, a.user_id, a.email AS new_email, a.token, a.expires, b.email AS old_email FROM ' . $this->makeTableName('users_confirmations') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON b.id = a.user_id WHERE a.selector = ?',
[ $selector ]
);
}
@@ -635,7 +635,7 @@ final class Auth extends UserManager {
// invalidate any potential outstanding password reset requests
try {
$this->db->delete(
$this->dbTablePrefix . 'users_resets',
$this->makeTableNameComponents('users_resets'),
[ 'user' => $confirmationData['user_id'] ]
);
}
@@ -646,7 +646,7 @@ final class Auth extends UserManager {
// mark the email address as verified (and possibly update it to the new address given)
try {
$this->db->update(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[
'email' => $confirmationData['new_email'],
'verified' => 1
@@ -673,7 +673,7 @@ final class Auth extends UserManager {
// consume the token just being used for confirmation
try {
$this->db->delete(
$this->dbTablePrefix . 'users_confirmations',
$this->makeTableNameComponents('users_confirmations'),
[ 'id' => $confirmationData['id'] ]
);
}
@@ -818,7 +818,7 @@ final class Auth extends UserManager {
try {
$existingUsersWithNewEmail = $this->db->selectValue(
'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users WHERE email = ?',
'SELECT COUNT(*) FROM ' . $this->makeTableName('users') . ' WHERE email = ?',
[ $newEmail ]
);
}
@@ -832,7 +832,7 @@ final class Auth extends UserManager {
try {
$verified = $this->db->selectValue(
'SELECT verified FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT verified FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
}
@@ -920,7 +920,7 @@ final class Auth extends UserManager {
private function resendConfirmationForColumnValue($columnName, $columnValue, callable $callback) {
try {
$latestAttempt = $this->db->selectRow(
'SELECT user_id, email FROM ' . $this->dbTablePrefix . 'users_confirmations WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0',
'SELECT user_id, email FROM ' . $this->makeTableName('users_confirmations') . ' WHERE ' . $columnName . ' = ? ORDER BY id DESC LIMIT 1 OFFSET 0',
[ $columnValue ]
);
}
@@ -1133,7 +1133,7 @@ final class Auth extends UserManager {
try {
$projection = \implode(', ', $requestedColumns);
$userData = $this->db->selectRow(
'SELECT ' . $projection . ' FROM ' . $this->dbTablePrefix . 'users WHERE email = ?',
'SELECT ' . $projection . ' FROM ' . $this->makeTableName('users') . ' WHERE email = ?',
[ $email ]
);
}
@@ -1159,7 +1159,7 @@ final class Auth extends UserManager {
private function getOpenPasswordResetRequests($userId) {
try {
$requests = $this->db->selectValue(
'SELECT COUNT(*) FROM ' . $this->dbTablePrefix . 'users_resets WHERE user = ? AND expires > ?',
'SELECT COUNT(*) FROM ' . $this->makeTableName('users_resets') . ' WHERE user = ? AND expires > ?',
[
$userId,
\time()
@@ -1202,7 +1202,7 @@ final class Auth extends UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users_resets',
$this->makeTableNameComponents('users_resets'),
[
'user' => $userId,
'selector' => $selector,
@@ -1245,7 +1245,7 @@ final class Auth extends UserManager {
try {
$resetData = $this->db->selectRow(
'SELECT a.id, a.user, a.token, a.expires, b.resettable FROM ' . $this->dbTablePrefix . 'users_resets AS a JOIN ' . $this->dbTablePrefix . 'users AS b ON b.id = a.user WHERE a.selector = ?',
'SELECT a.id, a.user, a.token, a.expires, b.resettable FROM ' . $this->makeTableName('users_resets') . ' AS a JOIN ' . $this->makeTableName('users') . ' AS b ON b.id = a.user WHERE a.selector = ?',
[ $selector ]
);
}
@@ -1263,7 +1263,7 @@ final class Auth extends UserManager {
try {
$this->db->delete(
$this->dbTablePrefix . 'users_resets',
$this->makeTableNameComponents('users_resets'),
[ 'id' => $resetData['id'] ]
);
}
@@ -1356,7 +1356,7 @@ final class Auth extends UserManager {
if ($this->isLoggedIn()) {
try {
$this->db->update(
$this->dbTablePrefix . 'users',
$this->makeTableNameComponents('users'),
[
'resettable' => $enabled ? 1 : 0
],
@@ -1385,7 +1385,7 @@ final class Auth extends UserManager {
if ($this->isLoggedIn()) {
try {
$enabled = $this->db->selectValue(
'SELECT resettable FROM ' . $this->dbTablePrefix . 'users WHERE id = ?',
'SELECT resettable FROM ' . $this->makeTableName('users') . ' WHERE id = ?',
[ $this->getUserId() ]
);
@@ -1692,7 +1692,7 @@ final class Auth extends UserManager {
try {
$bucket = $this->db->selectRow(
'SELECT tokens, replenished_at FROM ' . $this->dbTablePrefix . 'users_throttling WHERE bucket = ?',
'SELECT tokens, replenished_at FROM ' . $this->makeTableName('users_throttling') . ' WHERE bucket = ?',
[ $key ]
);
}
@@ -1729,7 +1729,7 @@ final class Auth extends UserManager {
// merge the updated bucket into the database
try {
$affected = $this->db->update(
$this->dbTablePrefix . 'users_throttling',
$this->makeTableNameComponents('users_throttling'),
$bucket,
[ 'bucket' => $key ]
);
@@ -1743,7 +1743,7 @@ final class Auth extends UserManager {
try {
$this->db->insert(
$this->dbTablePrefix . 'users_throttling',
$this->makeTableNameComponents('users_throttling'),
$bucket
);
}
@@ -1869,7 +1869,7 @@ final class Auth extends UserManager {
if (isset($existingSelector)) {
// fetch the expiry date for the given selector
$existingExpiry = $this->db->selectValue(
'SELECT expires FROM ' . $this->dbTablePrefix . 'users_remembered WHERE selector = ? AND user = ?',
'SELECT expires FROM ' . $this->makeTableName('users_remembered') . ' WHERE selector = ? AND user = ?',
[
$existingSelector,
$this->getUserId()