]> andersk Git - sql-web.git/blobdiff - lib/security.lib.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove ambiguity between usernames and user IDs
[sql-web.git] / lib / security.lib.php
diff --git a/lib/security.lib.php b/lib/security.lib.php
index ee5cf37fa0ccefddb7257956c1c08509c0832f3c..00874c29dc189eb59ff60875c0ea194433053468 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -12,9 +12,9 @@ class Login {
                if (empty($u)) return;
                $this->u = $u;
                $this->p = $p;
-               if ((string)intval($u)===(string)$u) {
+               if (is_null($p)) {
                        $this->id = $u;
-                       $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
+                       $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
                } else {
                        $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
                        $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
@@ -58,13 +58,6 @@ class Login {
     function expire() {
         $this->info = null;
     }
-    function refresh() {
-               if (!empty($this->id)) {
-                       $this->Login($this->id);
-               } else {
-                       $this->Login($this->u,$this->p);
-               }
-    }
     function update($name=null,$email=null) {
         if (!$this->exists()) return;
         $arr = array();
@@ -292,26 +285,31 @@ function getSSLCert() {
        }
 }
 
+function getUsernameID($username) {
+       $sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username));
+       $r = fetchRows(DBSelect($sql), 'UserId');
+       $r = array_shift($r);
+       return count($r)?$r['UserId']:null;
+}
+
 ## 302 REDIRECTS
 
 function redirect($target=null,$secure=null) {
-    $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
+    $base = (is_null($target)||substr($target,0,1)=='?')?URI:((strlen(dirname(URI))>1?dirname(URI).'/':'/'));
     redirectFull(is_null($target)?$base:($base.$target),$secure);
 }
 function redirectStart() {
        redirectFull(BASE_URL,null);
 }
 function redirectFull($target,$secure) {
-       //redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
-       redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://scripts-cert.mit.edu':'http://scripts.mit.edu').$target);
+       redirect2((((isSSL()&&is_null($secure))||$secure==true)?BASE_HTTPS:BASE_HTTP).$target);
 }
 function redirect2($target) {
        header('Location: '.$target);
        exit;
 }
 function flipSSL() {
-       //return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
-       return (isSSL()?'http://scripts.mit.edu':'https://scripts-cert.mit.edu').$_SERVER['REDIRECT_URL'];
+       return (isSSL()?BASE_HTTP:BASE_HTTPS).URI;
 }
 
 ## USER SCRIPTS
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.412796 seconds and 4 git commands to generate.