From 9a1412273a9b8190af5eeb6c0164a090a687b161 Mon Sep 17 00:00:00 2001 From: "Pierre Habouzit (MadCoder" Date: Tue, 28 Dec 2004 15:27:10 +0000 Subject: [PATCH] new DB for a few includes. enjoy the silence git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-159 --- ChangeLog | 3 + htdocs/TESTS/xorg_env.php | 2 +- include/user.func.inc.php | 246 +++++++++++++++++----------------------- include/validations.inc.php | 57 ++++------ include/xorg.globals.inc.php.in | 3 + include/xorg.inc.php | 2 - include/xorg/database.inc.php | 34 +++++- include/xorg/session.inc.php | 108 +++++++----------- 8 files changed, 208 insertions(+), 247 deletions(-) diff --git a/ChangeLog b/ChangeLog index 96e06ab..6bdd212 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ VERSION 0.9.4 29 Jan 2004 New : + + * Core : + - new SQL access API : gain in security and code factorization. -MC * Skins : - Openweb : update. -MC diff --git a/htdocs/TESTS/xorg_env.php b/htdocs/TESTS/xorg_env.php index dd34f3f..0060161 100644 --- a/htdocs/TESTS/xorg_env.php +++ b/htdocs/TESTS/xorg_env.php @@ -31,7 +31,7 @@ class TestOfEnv extends UnitTestCase { $_REQUEST['foo'] = Array(1,'a'); $this->assertIdentical(Env::getMixed('foo'), Array(1,'a')); - $this->assertIdentical(Env::getMixed('bar'), ''); + $this->assertIdentical(Env::getMixed('bar'), null); $this->assertIdentical(Env::getMixed('bar', 'bar'), 'bar'); } diff --git a/include/user.func.inc.php b/include/user.func.inc.php index b3f9cda..d716e95 100644 --- a/include/user.func.inc.php +++ b/include/user.func.inc.php @@ -32,32 +32,31 @@ function user_clear_all_subs($user_id, $really_del=true) // + delete maillists global $globals; - $uid=intval($user_id); - $res = $globals->db->query("select alias from aliases where type='a_vie' AND id=$uid"); - list($alias) = mysql_fetch_row($res); - mysql_free_result($res); + $uid = intval($user_id); + $res = $globals->xdb->query("SELECT alias FROM aliases WHERE type='a_vie' AND id={?}", $uid); + $alias = $res->fetchOneCell(); if ($really_del) { - $globals->db->query("delete from emails where uid=$uid"); - $globals->db->query("delete from newsletter_ins where user_id=$uid"); + $globals->xdb->execute("DELETE FROM emails WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM newsletter_ins WHERE user_id={?}", $uid); } - $globals->db->query("delete from virtual_redirect where redirect ='$alias@m4x.org'"); - $globals->db->query("delete from virtual_redirect where redirect ='$alias@polytechnique.org'"); - - $globals->db->query("update auth_user_md5 SET passwd='',smtppass='' WHERE user_id=$uid"); - $globals->db->query("update auth_user_quick SET watch_flags='' WHERE user_id=$uid"); - - $globals->db->query("delete from competences_ins where uid=$user_id"); - $globals->db->query("delete from entreprises where uid=$user_id"); - $globals->db->query("delete from langues_ins where uid=$user_id"); - $globals->db->query("delete from mentor_pays where uid=$user_id"); - $globals->db->query("delete from mentor_secteur where uid=$user_id"); - $globals->db->query("delete from mentor where uid=$user_id"); - $globals->db->query("delete from perte_pass where uid=$uid"); - $globals->db->query("delete from requests where user_id=$uid"); - $globals->db->query("delete from user_changes where user_id=$uid"); - $globals->db->query("delete from watch_sub where uid=$uid"); + $globals->xdb->execute("DELETE FROM virtual_redirect WHERE redirect = {?}", $alias.'@'.$globals->mail->domain); + $globals->xdb->execute("DELETE FROM virtual_redirect WHERE redirect = {?}", $alias.'@'.$globals->mail->domain2); + + $globals->xdb->execute("UPDATE auth_user_md5 SET passwd='',smtppass='' WHERE user_id={?}", $uid); + $globals->xdb->execute("UPDATE auth_user_quick SET watch_flags='' WHERE user_id={?}", $uid); + + $globals->xdb->execute("DELETE FROM competences_ins WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM entreprises WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM langues_ins WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM mentor_pays WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM mentor_secteur WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM mentor WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM perte_pass WHERE uid={?}", $uid); + $globals->xdb->execute("DELETE FROM requests WHERE user_id={?}", $uid); + $globals->xdb->execute("DELETE FROM user_changes WHERE user_id={?}", $uid); + $globals->xdb->execute("DELETE FROM watch_sub WHERE uid={?}", $uid); include_once('lists.inc.php'); if (function_exists(lists_xmlrpc)) { @@ -73,15 +72,13 @@ function get_user_login($data, $get_forlife = false) { global $globals, $page; if (preg_match(',^[0-9]*$,', $data)) { - $res = $globals->db->query("SELECT alias FROM aliases WHERE type='a_vie' AND id=$data"); - if (!mysql_num_rows($res)) { - $page->trig("il n'y a pas d'utilisateur avec cet id"); - $alias = false; + $res = $globals->xdb->query("SELECT alias FROM aliases WHERE type='a_vie' AND id={?}", $data); + if ($res->numRows()) { + return $res->fetchOneCell(); } else { - list($alias) = mysql_fetch_row($res); + $page->trig("il n'y a pas d'utilisateur avec cet id"); + return false; } - mysql_free_result($res); - return $alias; } $data = trim(strtolower($data)); @@ -93,65 +90,56 @@ function get_user_login($data, $get_forlife = false) { list($mbox, $fqdn) = split('@', $data); if ($fqdn == $globals->mail->domain || $fqdn == $globals->mail->domain2) { - $res = $globals->db->query("SELECT a.alias - FROM aliases AS a - INNER JOIN aliases AS b ON (a.id = b.id AND b.type IN ('alias', 'a_vie') AND b.alias='$mbox') - WHERE a.type = 'a_vie'"); - if (mysql_num_rows($res)) { - if ($get_forlife) { - list($alias) = mysql_fetch_row($res); - } else { - $alias = $mbox; - } + $res = $globals->xdb->query("SELECT a.alias + FROM aliases AS a + INNER JOIN aliases AS b ON (a.id = b.id AND b.type IN ('alias', 'a_vie') AND b.alias={?}) + WHERE a.type = 'a_vie'", $mbox); + if ($res->numRows()) { + return $get_forlife ? $res->fetchOneCell() : $mbox; } else { $page->trig("il n'y a pas d'utilisateur avec ce login"); - $alias = false; + return false; } - mysql_free_result($res); - return $alias; } elseif ($fqdn == $globals->mail->alias_dom || $fqdn == $globals->mail->alias_dom2) { - $res = $globals->db->query("SELECT redirect - FROM virtual_redirect - INNER JOIN virtual USING(vid) - WHERE alias='$mbox@{$globals->mail->alias_dom}'"); - if (list($redir) = mysql_fetch_row($res)) { + $res = $globals->xdb->query("SELECT redirect + FROM virtual_redirect + INNER JOIN virtual USING(vid) + WHERE alias={?}", $mbox.'@'.$globals->mail->alias_dom); + if ($redir = $res->fetchOneCell()) { list($alias) = split('@', $redir); } else { $page->trig("il n'y a pas d'utilisateur avec cet alias"); $alias = false; } - mysql_free_result($res); return $alias; } else { - $res = $globals->db->query("SELECT alias - FROM aliases AS a - INNER JOIN emails AS e ON e.uid=a.id - WHERE e.email='$data' AND a.type='a_vie'"); - switch ($i = mysql_num_rows($res)) { + $res = $globals->xdb->query("SELECT alias + FROM aliases AS a + INNER JOIN emails AS e ON e.uid=a.id + WHERE e.email={?} AND a.type='a_vie'", $data); + switch ($i = $res->numRows()) { case 0: $page->trig("il n'y a pas d'utilisateur avec cette addresse mail"); - $alias = false; - break; + return false; case 1: - list($alias) = mysql_fetch_row($res); - break; + return $res->fetchOneCell(); default: - $alias = false; if (has_perms()) { - $aliases = Array(); - while (list($a) = mysql_fetch_row($res)) $aliases[] = $a; + $aliases = $res->fetchColumn(); $page->trig("Il y a $i utilisateurs avec cette adresse mail : ".join(', ', $aliases)); + } else { + $res->free(); } } - mysql_free_result($res); - return $alias; } + + return false; } // }}} @@ -180,99 +168,75 @@ function &get_user_details($login, $from_uid = '') FROM auth_user_md5 AS u INNER JOIN aliases AS a ON (u.user_id=a.id AND a.type='a_vie') INNER JOIN aliases AS a2 ON (u.user_id=a2.id AND FIND_IN_SET('bestalias',a2.flags)) - LEFT JOIN contacts AS c ON (c.uid = '$from_uid' and c.contact = u.user_id) + LEFT JOIN contacts AS c ON (c.uid = {?} and c.contact = u.user_id) LEFT JOIN geoloc_pays AS gp ON (gp.a2 = u.nationalite) INNER JOIN sections ON (sections.id = u.section) LEFT JOIN photo AS p ON (p.uid = u.user_id) LEFT JOIN mentor AS m ON (m.uid = u.user_id) - WHERE a.alias = '$login'"; - - $res = $globals->db->query($reqsql); - $user = mysql_fetch_assoc($res); - mysql_free_result($res); - - $uid = $user['user_id']; - - $sql = "SELECT e.entreprise, s.label as secteur , ss.label as sous_secteur , f.fonction_fr as fonction, - e.poste, e.adr1, e.adr2, e.adr3, e.cp, e.ville, - gp.pays, gr.name, e.tel, e.fax - FROM entreprises AS e - LEFT JOIN emploi_secteur AS s ON(e.secteur = s.id) - LEFT JOIN emploi_ss_secteur AS ss ON(e.ss_secteur = ss.id AND e.secteur = ss.secteur) - LEFT JOIN fonctions_def AS f ON(e.fonction = f.id) - LEFT JOIN geoloc_pays AS gp ON (gp.a2 = e.pays) - LEFT JOIN geoloc_region AS gr ON (gr.a2 = e.pays and gr.region = e.region) - WHERE e.uid = $uid - ORDER BY e.entrid"; - $res = $globals->db->query($sql); - while($tmp = mysql_fetch_assoc($res)) { - $user['adr_pro'][] = $tmp; - } - mysql_free_result($res); - - $sql = "SELECT a.adr1,a.adr2,a.adr3,a.cp,a.ville, - gp.pays,gr.name AS region,a.tel,a.fax, - FIND_IN_SET('active', a.statut) AS active, - FIND_IN_SET('res-secondaire', a.statut) AS secondaire - FROM adresses AS a - LEFT JOIN geoloc_pays AS gp ON (gp.a2=a.pays) - LEFT JOIN geoloc_region AS gr ON (gr.a2=a.pays and gr.region=a.region) - WHERE uid={$user['user_id']} AND NOT FIND_IN_SET('pro',a.statut) - ORDER BY NOT FIND_IN_SET('active',a.statut), FIND_IN_SET('temporaire',a.statut), FIND_IN_SET('res-secondaire',a.statut)"; - $res = $globals->db->query($sql); - while($tmp = mysql_fetch_assoc($res)) { - $user['adr'][] = $tmp; - } - mysql_free_result($res); - - - $sql = "SELECT text - FROM binets_ins - LEFT JOIN binets_def ON binets_ins.binet_id = binets_def.id - WHERE user_id = {$user['user_id']}"; - $res = $globals->db->query($sql); - while (list($binet) = mysql_fetch_row($res)) { - $user['binets'][] = $binet; - } - if (mysql_num_rows($res)) { - $user['binets_join'] = join(', ', $user['binets']); - } - mysql_free_result($res); - - $res = $globals->db->query("SELECT text, url - FROM groupesx_ins - LEFT JOIN groupesx_def ON groupesx_ins.gid = groupesx_def.id - WHERE guid = '{$user['user_id']}'"); - while (list($gxt,$gxu) = mysql_fetch_row($res)) { - if ($gxu) { - $user['gpxs'][] = "$gxt"; - } else { - $user['gpxs'][] = $gxt; - } + WHERE a.alias = {?}"; + $res = $globals->xdb->query($reqsql, $from_uid, $login); + $user = $res->fetchOneAssoc(); + $uid = $user['user_id']; + + $sql = "SELECT e.entreprise, s.label as secteur , ss.label as sous_secteur , f.fonction_fr as fonction, + e.poste, e.adr1, e.adr2, e.adr3, e.cp, e.ville, + gp.pays, gr.name, e.tel, e.fax + FROM entreprises AS e + LEFT JOIN emploi_secteur AS s ON(e.secteur = s.id) + LEFT JOIN emploi_ss_secteur AS ss ON(e.ss_secteur = ss.id AND e.secteur = ss.secteur) + LEFT JOIN fonctions_def AS f ON(e.fonction = f.id) + LEFT JOIN geoloc_pays AS gp ON (gp.a2 = e.pays) + LEFT JOIN geoloc_region AS gr ON (gr.a2 = e.pays and gr.region = e.region) + WHERE e.uid = {?} + ORDER BY e.entrid"; + $res = $globals->xdb->query($sql, $uid); + $user['adr_pro'] = $res->fetchAllAssoc(); + + $sql = "SELECT a.adr1,a.adr2,a.adr3,a.cp,a.ville, + gp.pays,gr.name AS region,a.tel,a.fax, + FIND_IN_SET('active', a.statut) AS active, + FIND_IN_SET('res-secondaire', a.statut) AS secondaire + FROM adresses AS a + LEFT JOIN geoloc_pays AS gp ON (gp.a2=a.pays) + LEFT JOIN geoloc_region AS gr ON (gr.a2=a.pays and gr.region=a.region) + WHERE uid= {?} AND NOT FIND_IN_SET('pro',a.statut) + ORDER BY NOT FIND_IN_SET('active',a.statut), FIND_IN_SET('temporaire',a.statut), FIND_IN_SET('res-secondaire',a.statut)"; + $res = $globals->xdb->query($sql, $uid); + $user['adr'] = $res->fetchAllAssoc(); + + $sql = "SELECT text + FROM binets_ins + LEFT JOIN binets_def ON binets_ins.binet_id = binets_def.id + WHERE user_id = {?}"; + $res = $globals->xdb->query($sql, $uid); + $user['binets'] = $res->fetchColumn(); + $user['binets_join'] = join(', ', $user['binets']); + + $res = $globals->xdb->iterRow("SELECT text, url + FROM groupesx_ins + LEFT JOIN groupesx_def ON groupesx_ins.gid = groupesx_def.id + WHERE guid = {?}", $uid); + while (list($gxt, $gxu) = $res->next()) { + $user['gpxs'][] = $gxu ? "$gxt" : $gxt; } - if (mysql_num_rows($res)) { - $user['gpxs_join'] = join(', ', $user['gpxs']); - } - mysql_free_result($res); + $user['gpxs_join'] = join(', ', $user['gpxs']); - $res = $globals->db->query("SELECT applis_def.text, applis_def.url, applis_ins.type - FROM applis_ins - INNER JOIN applis_def ON applis_def.id = applis_ins.aid - WHERE uid='{$user['user_id']}' - ORDER BY ordre"); + $res = $globals->xdb->iterRow("SELECT applis_def.text, applis_def.url, applis_ins.type + FROM applis_ins + INNER JOIN applis_def ON applis_def.id = applis_ins.aid + WHERE uid={?} + ORDER BY ordre", $uid); - while (list($txt, $url, $type) = mysql_fetch_row($res)) { + while (list($txt, $url, $type) = $res->next()) { require_once('applis.func.inc.php'); $user['applis_fmt'][] = applis_fmt($type, $txt, $url); } - if (mysql_num_rows($res)) { - $user['applis_join'] = join(', ', $user['applis_fmt']); - } - mysql_free_result($res); + $user['applis_join'] = join(', ', $user['applis_fmt']); return $user; } // }}} + // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: ?> diff --git a/include/validations.inc.php b/include/validations.inc.php index c0c504f..408e080 100644 --- a/include/validations.inc.php +++ b/include/validations.inc.php @@ -29,36 +29,26 @@ define('SIZE_MAX', 32768); /** * Iterator class, that lists objects through the database */ -class ValidateIterator +class ValidateIterator extends XOrgDBIterator { - // {{{ properties - - /** variable interne qui conserve l'état en cours de la requête */ - var $sql; - - // }}} // {{{ constuctor - /** constructeur */ function ValidateIterator () { - global $globals; - $this->sql = $globals->db->query("SELECT data,stamp FROM requests ORDER BY stamp"); + parent::XOrgDBIterator('SELECT data,stamp FROM requests ORDER BY stamp', MYSQL_NUM); } // }}} // {{{ function next() - /** renvoie l'objet suivant, ou false */ function next () { - if (list($result,$stamp) = mysql_fetch_row($this->sql)) { + if (list($result, $stamp) = parent::next()) { $result = unserialize($result); $result->stamp = $stamp; return($result); } else { - mysql_free_result($this->sql); - return(false); + return null; } } @@ -118,18 +108,18 @@ class Validate function get_unique_request($uid,$type) { global $globals; - $sql = $globals->db->query("SELECT data,stamp FROM requests WHERE user_id='$uid' and type='$type'"); - if (list($result,$stamp) = mysql_fetch_row($sql)) { + $res = $globals->xdb->query('SELECT data,stamp FROM requests WHERE user_id={?} and type={?}', $uid, $type); + if (list($result, $stamp) = $res->fetchOneRow()) { $result = unserialize($result); // on ne fait jamais confiance au timestamp de l'objet, $result->stamp = $stamp; if (!$result->unique) { // on vérifie que c'est tout de même bien un objet unique $result = false; } - } else + } else { $result = false; - - mysql_free_result($sql); + } + return $result; } @@ -147,10 +137,9 @@ class Validate function get_request($uid, $type, $stamp) { global $globals; - $sql = $globals->db->query("SELECT data,stamp" - ." FROM requests" - ." WHERE user_id='$uid' and type = '$type' and stamp='$stamp'"); - if (list($result,$stamp) = mysql_fetch_row($sql)) { + $res = $globals->xdb->query("SELECT data, stamp FROM requests WHERE user_id={?} AND type={?} and stamp={?}", + $uid, $type, $stamp); + if (list($result, $stamp) = $res->fetchOneRow()) { $result = unserialize($result); // on ne fait jamais confiance au timestamp de l'objet, $result->stamp = $stamp; @@ -158,7 +147,6 @@ class Validate $result = false; } - mysql_free_result($sql); return($result); } @@ -172,17 +160,15 @@ class Validate { global $globals; if ($this->unique) { - $globals->db->query("DELETE FROM requests WHERE user_id='{$this->uid}' AND type='{$this->type}'"); + $globals->xdb->execute('DELETE FROM requests WHERE user_id={?} AND type={?}', $this->uid, $this->type); } - $globals->db->query("INSERT INTO requests (user_id, type, data) - VALUES ('{$this->uid}', '{$this->type}', '".addslashes(serialize($this))."')"); + $globals->xdb->execute('INSERT INTO requests (user_id, type, data) VALUES ({?}, {?}, {?})', + $this->uid, $this->type, $this); // au cas où l'objet est réutilisé après un commit, il faut mettre son stamp à jour - $sql = $globals->db->query("SELECT MAX(stamp) FROM requests - WHERE user_id='{$this->uid}' AND type='{$this->type}'"); - list($this->stamp) = mysql_fetch_row($sql); - mysql_free_result($sql); + $res = $globals->xdb->query('SELECT MAX(stamp) FROM requests WHERE user_id={?} AND type={?}', $this->uid, $this->type); + $this->stamp = $res->fetchOneCell(); return true; } @@ -195,8 +181,13 @@ class Validate function clean () { global $globals; - return $globals->db->query("DELETE FROM requests WHERE user_id='{$this->uid}' AND type='{$this->type}'" - .($this->unique ? "" : " AND stamp='".$this->stamp."'")); + if ($this->unique) { + return $globals->xdb->execute('DELETE FROM requests WHERE user_id={?} AND type={?}', + $this->uid, $this->type); + } else { + return $globals->xdb->execute('DELETE FROM requests WHERE user_id={?} AND type={?} AND stamp={?}', + $this->uid, $this->type, $this->stamp); + } } // }}} diff --git a/include/xorg.globals.inc.php.in b/include/xorg.globals.inc.php.in index adc24f2..51e54eb 100644 --- a/include/xorg.globals.inc.php.in +++ b/include/xorg.globals.inc.php.in @@ -20,6 +20,9 @@ ***************************************************************************/ require_once('diogenes.core.globals.inc.php'); +require_once('diogenes.database.inc.php'); +require_once('xorg/iterator.inc.php'); +require_once('xorg/database.inc.php'); // {{{ class XorgGlobals diff --git a/include/xorg.inc.php b/include/xorg.inc.php index 6c3daea..91082cf 100644 --- a/include/xorg.inc.php +++ b/include/xorg.inc.php @@ -44,8 +44,6 @@ define('NO_SKIN', 1); // {{{ globals + session init require_once('xorg/env.inc.php'); -require_once('xorg/iterator.inc.php'); -require_once('xorg/database.inc.php'); require_once('xorg.globals.inc.php'); require_once('xorg/session.inc.php'); XorgGlobals::init(); diff --git a/include/xorg/database.inc.php b/include/xorg/database.inc.php index 1013cbb..6acb89f 100644 --- a/include/xorg/database.inc.php +++ b/include/xorg/database.inc.php @@ -19,8 +19,6 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * **************************************************************************/ -require_once('diogenes.database.inc.php'); - // {{{ class XOrgDB class XOrgDB @@ -65,6 +63,17 @@ class XOrgDB } // }}} + // {{{ function iterator() + + function &iterRow() + { + $args = func_get_args(); + $query = array_map(Array($this, '_db_escape'), $args); + $query[0] = str_replace('{?}', '%s', $args[0]); + return new XOrgDBIterator(call_user_func_array('sprintf', $query), MYSQL_NUM); + } + + // }}} // {{{ function _db_escape function _db_escape($var) @@ -198,6 +207,25 @@ class XOrgDBResult } // }}} + // {{{ function fetchOneCell() + + function fetchColumn($key = 0) + { + $res = Array(); + if (is_numeric($key)) { + while($tmp = $this->_fetchRow()) { + $res[] = $tmp[$key]; + } + } else { + while($tmp = $this->_fetchAssoc()) { + $res[] = $tmp[$key]; + } + } + $this->free(); + return $res; + } + + // }}} // {{{ function numRows function numRows() @@ -221,7 +249,7 @@ class XOrgDBIterator extends XOrgIterator var $_mode = MYSQL_ASSOC; // }}} - // {{{ + // {{{ constructor function XOrgDBIterator($query, $mode = MYSQL_ASSOC) { diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index 358d16c..0b27f0d 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -80,14 +80,15 @@ class XorgSession extends DiogenesCoreSession // ou passwordpromptscreenlogged.tpl $uname = Env::get('username'); $field = preg_match('/^\d*$/', $uname) ? 'id' : 'alias'; - $res = @$globals->db->query( "SELECT u.user_id,u.password - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' ) - WHERE a.$field='$uname' AND u.perms IN('admin','user')"); + $res = $globals->xdb->query( + "SELECT u.user_id, u.password + FROM auth_user_md5 AS u + INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' ) + WHERE a.$field = {?} AND u.perms IN('admin','user')", $uname); $logger =& Session::getMixed('log'); - if (list($uid,$password)=mysql_fetch_row($res)) { + if (list($uid, $password) = $res->fetchOneRow()) { $expected_response=md5("$uname:$password:{$session->challenge}"); if (Env::get('response') == $expected_response) { unset($session->challenge); @@ -102,8 +103,6 @@ class XorgSession extends DiogenesCoreSession } elseif ($logger) { $logger->log('auth_fail','bad login'); } - - mysql_free_result($res); } $this->doLogin($page,$new_name); } @@ -163,11 +162,8 @@ class XorgSession extends DiogenesCoreSession function getUserId($auth,$username) { global $globals; - - $res = $globals->db->query("SELECT id FROM aliases WHERE alias='$username'"); - list($uid) = mysql_fetch_row($res); - mysql_free_result($res); - return $uid; + $res = $globals->xdb->query("SELECT id FROM aliases WHERE alias = {?}",$username); + return $res->fetchOneCell(); } // }}} @@ -176,11 +172,8 @@ class XorgSession extends DiogenesCoreSession function getUsername($auth,$uid) { global $globals; - - $res = $globals->db->query("SELECT alias FROM aliases WHERE id='$uid' AND type='a_vie'"); - list($username) = mysql_fetch_row($res); - mysql_free_result($res); - return $username; + $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND type='a_vie'", $uid); + return $res->fetchOneCell(); } // }}} @@ -258,12 +251,13 @@ function try_cookie() return -1; } - $res = @$globals->db->query( "SELECT user_id,password FROM auth_user_md5 WHERE user_id=" - .Cookie::getInt('ORGuid')." AND perms IN('admin','user')"); - if (@mysql_num_rows($res) != 0) { - list($uid,$password)=mysql_fetch_row($res); - mysql_free_result($res); - $expected_value=md5($password); + $res = @$globals->xdb->query( + "SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')", + Cookie::getInt('ORGuid') + ); + if ($res->numRows() != 0) { + list($uid, $password) = $res->fetchOneRow(); + $expected_value = md5($password); if ($expected_value == Cookie::get('ORGaccess')) { start_connexion($uid, false); return 0; @@ -286,52 +280,34 @@ function try_cookie() function start_connexion ($uid, $identified) { global $globals; - $result=$globals->db->query(" - SELECT prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias, - UNIX_TIMESTAMP(q.banana_last), q.watch_last, - a2.alias, password, FIND_IN_SET('femme', u.flags) + $res = $globals->xdb->query(" + SELECT u.user_id AS uid, prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, + a.alias AS forlife, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, + a2.alias AS bestalias, password, FIND_IN_SET('femme', u.flags) AS femme FROM auth_user_md5 AS u INNER JOIN auth_user_quick AS q USING(user_id) INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie') INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags)) LEFT JOIN logger.sessions AS s ON (s.uid=u.user_id AND s.suid=0) - WHERE u.user_id=$uid AND u.perms IN('admin','user') - ORDER BY s.start DESC, !FIND_IN_SET('epouse', a2.flags), length(a2.alias)"); - list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host, $forlife, - $banana_last, $watch_last, - $bestalias, $password, $femme) = mysql_fetch_row($result); - mysql_free_result($result); - + WHERE u.user_id = {?} AND u.perms IN('admin','user') + ORDER BY s.start DESC, !FIND_IN_SET('epouse', a2.flags), length(a2.alias)", $uid); + $sess = $res->fetchOneAssoc(); + echo mysql_error(); $suid = Session::getMixed('suid'); if ($suid) { - $logger = new DiogenesCoreLogger($uid,$suid); - $logger->log("suid_start",Session::get('forlife')." by {$suid['uid']}"); - $_SESSION = Array('suid'=>$suid, 'log'=>$logger); + $logger = new DiogenesCoreLogger($uid, $suid); + $logger->log("suid_start", Session::get('forlife')." by {$suid['uid']}"); + $sess['suid'] = $suid; } else { $logger = Session::getMixed('log', new DiogenesCoreLogger($uid)); - $_SESSION = Array('log' => $logger); - $logger->log("connexion",$_SERVER['PHP_SELF']); - setcookie('ORGuid',$uid,(time()+25920000),'/','',0); + $logger->log("connexion", $_SERVER['PHP_SELF']); + setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0); } - // le login est stocké pour un an - $_SESSION['lastlogin'] = $lastlogin; - $_SESSION['banana_last'] = $banana_last; - $_SESSION['watch_last'] = $watch_last; - $_SESSION['host'] = $host; + $_SESSION = $sess; + $_SESSION['log'] = $logger; $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE); - $_SESSION['uid'] = $uid; - $_SESSION['prenom'] = $prenom; - $_SESSION['nom'] = $nom; - $_SESSION['perms'] = $perms; - $_SESSION['promo'] = $promo; - $_SESSION['forlife'] = $forlife; - $_SESSION['bestalias'] = $bestalias; - $_SESSION['matricule'] = $matricule; - $_SESSION['password'] = $password; - $_SESSION['femme'] = $femme; - // on récupère le logger si il existe, sinon, on logge la connexion set_skin(); } @@ -343,23 +319,21 @@ function set_skin() global $globals; if (logged() && $globals->skin->enable) { $uid = Session::getInt('uid'); - $result = $globals->db->query("SELECT skin,skin_tpl - FROM auth_user_quick AS a - INNER JOIN skins AS s ON a.skin=s.id - WHERE user_id=$uid AND skin_tpl != ''"); - if (!(list($_SESSION['skin_id'], $_SESSION['skin']) = mysql_fetch_row($result))) { - $_SESSION['skin'] = $globals->skin->def_tpl; - $_SESSION['skin_id'] = $globals->skin->def_id; - } - mysql_free_result($result); - } elseif ($globals->skin->enable) { + $res = $globals->xdb->query("SELECT skin,skin_tpl + FROM auth_user_quick AS a + INNER JOIN skins AS s ON a.skin=s.id + WHERE user_id = {?} AND skin_tpl != ''", $uid); + if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) { + return; + } + } + if ($globals->skin->enable) { $_SESSION['skin'] = $globals->skin->def_tpl; $_SESSION['skin_id'] = $globals->skin->def_id; } else { $_SESSION['skin'] = 'default.tpl'; $_SESSION['skin_id'] = -1; } - } // }}} -- 2.1.4