Remove ambiguity between usernames and user IDs

author Quentin Smith <quentin@mit.edu>

Mon, 1 Sep 2008 05:50:44 +0000 (05:50 +0000)

committer Quentin Smith <quentin@mit.edu>

Mon, 1 Sep 2008 05:50:44 +0000 (05:50 +0000)
author Quentin Smith <quentin@mit.edu>
Mon, 1 Sep 2008 05:50:44 +0000 (05:50 +0000)
committer Quentin Smith <quentin@mit.edu>
Mon, 1 Sep 2008 05:50:44 +0000 (05:50 +0000)
diff --git a/batch/signup.php b/batch/signup.php

index 20175b97dfdfc7ac28a242af27095208aeb1447e..1c64fd2b60e7c2b48b81a72ad8a537a17fba4d4c 100755 (executable)
--- a/batch/signup.php
+++ b/batch/signup.php
@@ -29,10 +29,10 @@ $myEmail = $myUsername.'@mit.edu';
  $myPassword = trim(exec(dirname(__FILE__).'/../bin/nicepass.py'));
  if (empty($myPassword)) exit('bad Password');
  
-$Login = new Login($myUsername);
+$Login = new Login(getUsernameID($myUsername));
  if (!$Login->exists() && !empty($myUsername)) {
         addUser(array('Name'=>$myName,'Username'=>$myUsername,'Email'=>$myEmail));
-       $Login->refresh();
+       $Login = new Login(getUsernameID($myUsername));
  }
  if ($Login->canSignup()) {
         $User = new User($Login->getUserId());
diff --git a/batch/status.php b/batch/status.php

index 072f064dd946fb0cc903cdb340d9ecce1000a614..fa670cafec9494231ebbea8ed32b92f05b2d4ff7 100755 (executable)
--- a/batch/status.php
+++ b/batch/status.php
@@ -5,7 +5,7 @@ require_once('mitsql.lib.php');
  
  require_once('batch.inc.php');
  
-$Login = new Login($i_u);
+$Login = new Login(getUsernameID($i_u));
  // Previously "-1" -- verify consistency
  if (!$Login->canLogin()) die('1');
  
diff --git a/global.act.php b/global.act.php

index 724ab548b15cebff648f7a88cea047becb0fa633..ee34748a31ab6385433813a80b9ed737c6935eb8 100644 (file)
--- a/global.act.php
+++ b/global.act.php
@@ -38,13 +38,13 @@ if (isOnline()) {
  
                 /*$LoginSSL = sess('LoginSSL');
                 if (!is_a($LoginSSL, 'Login')) { $LoginSSL = new Login($SSLUsername); }*/
-               $LoginSSL = new Login($SSLUsername);
+               $LoginSSL = new Login(getUsernameID($SSLUsername));
                 $LoginSSL->update($SSLCred['Name'],$SSLCred['Email']);
  
                 if (!isLoggedIn() && !$LoginSSL->exists()) {
                         if (!empty($SSLName))
                                 addUser($SSLCred);
-                       $LoginSSL->refresh();
+                       $LoginSSL = new Login(getUsernameID($SSLUsername));
                 }
         } else {
                 unset($_SESSION['LoginSSL']);
diff --git a/lib/security.lib.php b/lib/security.lib.php

index f7a50b01d9255f2019eb97d542dfd6e4078996f4..00874c29dc189eb59ff60875c0ea194433053468 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -12,9 +12,9 @@ class Login {
                 if (empty($u)) return;
                 $this->u = $u;
                 $this->p = $p;
-               if ((string)intval($u)===(string)$u) {
+               if (is_null($p)) {
                         $this->id = $u;
-                       $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
+                       $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
                 } else {
                         $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
                         $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
@@ -58,13 +58,6 @@ class Login {
      function expire() {
          $this->info = null;
      }
-    function refresh() {
-               if (!empty($this->id)) {
-                       $this->Login($this->id);
-               } else {
-                       $this->Login($this->u,$this->p);
-               }
-    }
      function update($name=null,$email=null) {
          if (!$this->exists()) return;
          $arr = array();
@@ -292,6 +285,13 @@ function getSSLCert() {
         }
  }
  
+function getUsernameID($username) {
+       $sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username));
+       $r = fetchRows(DBSelect($sql), 'UserId');
+       $r = array_shift($r);
+       return count($r)?$r['UserId']:null;
+}
+
  ## 302 REDIRECTS
  
  function redirect($target=null,$secure=null) {
diff --git a/test.php b/test.php

index 2c6210a5eed3b872db8f22a14300c1aa73efcced..1dc08ab8c1b8671707300c1312fceea369a82f3e 100755 (executable)
--- a/test.php
+++ b/test.php
@@ -6,7 +6,7 @@
  require_once('mitsql.cfg.php');
  require_once('mitsql.lib.php');
  
-include 'tpl/head.php';
+//include 'tpl/head.php';
  
  function getManagedDBs($owner=null) {
         $databases = array_keys(fetchRows(DBSelect('SELECT Name FROM DB WHERE bEnabled=1'),'Name'));
@@ -45,5 +45,7 @@ printMsgs(array('this is a test msg: test 1', 'this is a test msg: test 2'));
  printErrors(array('this is a test error: test 0'));
  printErrors(array('this is a test error: test 1', 'this is a test error: test 2'));
  
-include 'tpl/foot.php';
+print_r(getUsernameID('presbrey'));
+
+//include 'tpl/foot.php';
  ?>
author	Quentin Smith <quentin@mit.edu>
	Mon, 1 Sep 2008 05:50:44 +0000 (05:50 +0000)
committer	Quentin Smith <quentin@mit.edu>
	Mon, 1 Sep 2008 05:50:44 +0000 (05:50 +0000)
batch/signup.php		patch \| blob \| blame \| history
batch/status.php		patch \| blob \| blame \| history
global.act.php		patch \| blob \| blame \| history
lib/security.lib.php		patch \| blob \| blame \| history
test.php		patch \| blob \| blame \| history