Remove ambiguity between usernames and user IDs

[sql-web.git] / lib / security.lib.php

diff --git a/lib/security.lib.php b/lib/security.lib.php
index f7a50b01d9255f2019eb97d542dfd6e4078996f4..00874c29dc189eb59ff60875c0ea194433053468 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -12,9 +12,9 @@ class Login {
                if (empty($u)) return;
                $this->u = $u;
                $this->p = $p;
-               if ((string)intval($u)===(string)$u) {
+               if (is_null($p)) {
                        $this->id = $u;
-                       $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
+                       $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
                } else {
                        $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
                        $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
@@ -58,13 +58,6 @@ class Login {
     function expire() {
         $this->info = null;
     }
-    function refresh() {
-               if (!empty($this->id)) {
-                       $this->Login($this->id);
-               } else {
-                       $this->Login($this->u,$this->p);
-               }
-    }
     function update($name=null,$email=null) {
         if (!$this->exists()) return;
         $arr = array();
@@ -292,6 +285,13 @@ function getSSLCert() {
        }
 }
 
+function getUsernameID($username) {
+       $sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username));
+       $r = fetchRows(DBSelect($sql), 'UserId');
+       $r = array_shift($r);
+       return count($r)?$r['UserId']:null;
+}
+
 ## 302 REDIRECTS
 
 function redirect($target=null,$secure=null) {