From: Quentin Smith Date: Mon, 1 Sep 2008 05:50:44 +0000 (+0000) Subject: Remove ambiguity between usernames and user IDs X-Git-Url: http://andersk.mit.edu/gitweb/sql-web.git/commitdiff_plain/89905822275ff9062a8fefb007b088abee0b0b45 Remove ambiguity between usernames and user IDs git-svn-id: svn://presbrey.mit.edu/sql/web/dev@160 a142d4bd-2cfb-0310-9673-cb33a7e74f58 --- diff --git a/batch/signup.php b/batch/signup.php index 20175b9..1c64fd2 100755 --- a/batch/signup.php +++ b/batch/signup.php @@ -29,10 +29,10 @@ $myEmail = $myUsername.'@mit.edu'; $myPassword = trim(exec(dirname(__FILE__).'/../bin/nicepass.py')); if (empty($myPassword)) exit('bad Password'); -$Login = new Login($myUsername); +$Login = new Login(getUsernameID($myUsername)); if (!$Login->exists() && !empty($myUsername)) { addUser(array('Name'=>$myName,'Username'=>$myUsername,'Email'=>$myEmail)); - $Login->refresh(); + $Login = new Login(getUsernameID($myUsername)); } if ($Login->canSignup()) { $User = new User($Login->getUserId()); diff --git a/batch/status.php b/batch/status.php index 072f064..fa670ca 100755 --- a/batch/status.php +++ b/batch/status.php @@ -5,7 +5,7 @@ require_once('mitsql.lib.php'); require_once('batch.inc.php'); -$Login = new Login($i_u); +$Login = new Login(getUsernameID($i_u)); // Previously "-1" -- verify consistency if (!$Login->canLogin()) die('1'); diff --git a/global.act.php b/global.act.php index 724ab54..ee34748 100644 --- a/global.act.php +++ b/global.act.php @@ -38,13 +38,13 @@ if (isOnline()) { /*$LoginSSL = sess('LoginSSL'); if (!is_a($LoginSSL, 'Login')) { $LoginSSL = new Login($SSLUsername); }*/ - $LoginSSL = new Login($SSLUsername); + $LoginSSL = new Login(getUsernameID($SSLUsername)); $LoginSSL->update($SSLCred['Name'],$SSLCred['Email']); if (!isLoggedIn() && !$LoginSSL->exists()) { if (!empty($SSLName)) addUser($SSLCred); - $LoginSSL->refresh(); + $LoginSSL = new Login(getUsernameID($SSLUsername)); } } else { unset($_SESSION['LoginSSL']); diff --git a/lib/security.lib.php b/lib/security.lib.php index f7a50b0..00874c2 100644 --- a/lib/security.lib.php +++ b/lib/security.lib.php @@ -12,9 +12,9 @@ class Login { if (empty($u)) return; $this->u = $u; $this->p = $p; - if ((string)intval($u)===(string)$u) { + if (is_null($p)) { $this->id = $u; - $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u)); + $opt = sprintf(" UserId = '%s'", mysql_escape_string($u)); } else { $opt = sprintf(" Username = '%s'", mysql_escape_string($u)); $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p)))); @@ -58,13 +58,6 @@ class Login { function expire() { $this->info = null; } - function refresh() { - if (!empty($this->id)) { - $this->Login($this->id); - } else { - $this->Login($this->u,$this->p); - } - } function update($name=null,$email=null) { if (!$this->exists()) return; $arr = array(); @@ -292,6 +285,13 @@ function getSSLCert() { } } +function getUsernameID($username) { + $sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username)); + $r = fetchRows(DBSelect($sql), 'UserId'); + $r = array_shift($r); + return count($r)?$r['UserId']:null; +} + ## 302 REDIRECTS function redirect($target=null,$secure=null) { diff --git a/test.php b/test.php index 2c6210a..1dc08ab 100755 --- a/test.php +++ b/test.php @@ -6,7 +6,7 @@ require_once('mitsql.cfg.php'); require_once('mitsql.lib.php'); -include 'tpl/head.php'; +//include 'tpl/head.php'; function getManagedDBs($owner=null) { $databases = array_keys(fetchRows(DBSelect('SELECT Name FROM DB WHERE bEnabled=1'),'Name')); @@ -45,5 +45,7 @@ printMsgs(array('this is a test msg: test 1', 'this is a test msg: test 2')); printErrors(array('this is a test error: test 0')); printErrors(array('this is a test error: test 1', 'this is a test error: test 2')); -include 'tpl/foot.php'; +print_r(getUsernameID('presbrey')); + +//include 'tpl/foot.php'; ?>