external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Require DB handle for most user account functions

Browse source 
This affects login the most, where we save about 4 calls to db_connect()
by passing a single handle into functions where necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Dan McGee 2011-10-21 16:03:40 -05:00 committed by Lukas Fleischer
parent 8dc7b37909
commit e6ecdcc835
2 changed files with 15 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
web/html/logout.php
View file

@ -17,9 +17,8 @@ if (isset($_COOKIE["AURSID"])) {
# setting expiration to 1 means '1 second after midnight January 1, 1970' # setting expiration to 1 means '1 second after midnight January 1, 1970'
setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true); setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
unset($_COOKIE['AURSID']); unset($_COOKIE['AURSID']);
clear_expired_sessions($dbh);
} }
clear_expired_sessions();
header('Location: index.php'); header('Location: index.php');

38
web/lib/acctfuncs.inc.php
View file

@ -171,14 +171,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# error check and process request for a new/modified account # error check and process request for a new/modified account
global $SUPPORTED_LANGS; global $SUPPORTED_LANGS;
$dbh = db_connect();
if(isset($_COOKIE['AURSID'])) { if(isset($_COOKIE['AURSID'])) {
$editor_user = uid_from_sid($_COOKIE['AURSID']); $editor_user = uid_from_sid($_COOKIE['AURSID'], $dbh);
} }
else { else {
$editor_user = null; $editor_user = null;
} }
$dbh = db_connect();
$error = ""; $error = "";
if (empty($E) || empty($U)) { if (empty($E) || empty($U)) {
$error = __("Missing a required field."); $error = __("Missing a required field.");
@ -196,7 +197,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
} }
} }
if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) if (!$error && !valid_username($U) && !user_is_privileged($editor_user, $dbh))
$error = __("The username is invalid.") . "<ul>\n" $error = __("The username is invalid.") . "<ul>\n"
."<li>" . __("It must be between %s and %s characters long", ."<li>" . __("It must be between %s and %s characters long",
USERNAME_MIN_LEN, USERNAME_MAX_LEN ) USERNAME_MIN_LEN, USERNAME_MAX_LEN )
@ -592,21 +593,20 @@ function try_login() {
$userID = null; $userID = null;
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
$dbh = db_connect();
$userID = valid_user($_REQUEST['user'], $dbh);
$userID = valid_user($_REQUEST['user']); if ( user_suspended($userID, $dbh) ) {
if ( user_suspended( $userID ) ) {
$login_error = "Account Suspended."; $login_error = "Account Suspended.";
} }
elseif ( $userID && isset($_REQUEST['passwd']) elseif ( $userID && isset($_REQUEST['passwd'])
&& valid_passwd($userID, $_REQUEST['passwd']) ) { && valid_passwd($userID, $_REQUEST['passwd'], $dbh) ) {
$logged_in = 0; $logged_in = 0;
$num_tries = 0; $num_tries = 0;
# Account looks good. Generate a SID and store it. # Account looks good. Generate a SID and store it.
$dbh = db_connect();
while (!$logged_in && $num_tries < 5) { while (!$logged_in && $num_tries < 5) {
if ($MAX_SESSIONS_PER_USER) { if ($MAX_SESSIONS_PER_USER) {
# Delete all user sessions except the # Delete all user sessions except the
@ -704,11 +704,10 @@ function valid_username( $user )
* Checks if the username is valid and if it exists in the database * Checks if the username is valid and if it exists in the database
* Returns the username ID or nothing * Returns the username ID or nothing
*/ */
function valid_user( $user ) function valid_user( $user, $dbh )
{ {
/* if ( $user = valid_username($user) ) { */ /* if ( $user = valid_username($user) ) { */
if ( $user ) { if ( $user ) {
$dbh = db_connect();
$q = "SELECT ID FROM Users WHERE Username = '" $q = "SELECT ID FROM Users WHERE Username = '"
. mysql_real_escape_string($user). "'"; . mysql_real_escape_string($user). "'";
@ -733,11 +732,9 @@ function good_passwd( $passwd )
/* Verifies that the password is correct for the userID specified. /* Verifies that the password is correct for the userID specified.
* Returns true or false * Returns true or false
*/ */
function valid_passwd( $userID, $passwd ) function valid_passwd( $userID, $passwd, $dbh )
{ {
if ( strlen($passwd) > 0 ) { if ( strlen($passwd) > 0 ) {
$dbh = db_connect();
# get salt for this user # get salt for this user
$salt = get_salt($userID); $salt = get_salt($userID);
if ($salt) { if ($salt) {
@ -778,12 +775,11 @@ function valid_passwd( $userID, $passwd )
/* /*
* Is the user account suspended? * Is the user account suspended?
*/ */
function user_suspended( $id ) function user_suspended( $id, $dbh )
{ {
if (!$id) { if (!$id) {
return false; return false;
} }
$dbh = db_connect();
$q = "SELECT Suspended FROM Users WHERE ID = " . $id; $q = "SELECT Suspended FROM Users WHERE ID = " . $id;
$result = db_query($q, $dbh); $result = db_query($q, $dbh);
if ($result) { if ($result) {
@ -798,9 +794,8 @@ function user_suspended( $id )
/* /*
* This should be expanded to return something * This should be expanded to return something
*/ */
function user_delete( $id ) function user_delete( $id, $dbh )
{ {
$dbh = db_connect();
$q = "DELETE FROM Users WHERE ID = " . $id; $q = "DELETE FROM Users WHERE ID = " . $id;
db_query($q, $dbh); db_query($q, $dbh);
return; return;
@ -810,9 +805,8 @@ function user_delete( $id )
* A different way of determining a user's privileges * A different way of determining a user's privileges
* rather than account_from_sid() * rather than account_from_sid()
*/ */
function user_is_privileged( $id ) function user_is_privileged( $id, $dbh )
{ {
$dbh = db_connect();
$q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id; $q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
$result = db_query($q, $dbh); $result = db_query($q, $dbh);
if ($result) { if ($result) {
@ -826,13 +820,9 @@ function user_is_privileged( $id )
} }
# Clear out old expired sessions. # Clear out old expired sessions.
function clear_expired_sessions($dbh = null) { function clear_expired_sessions( $dbh ) {
global $LOGIN_TIMEOUT; global $LOGIN_TIMEOUT;
if (empty($dbh)) {
$dbh = db_connect();
}
$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)"; $q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)";
db_query($q, $dbh); db_query($q, $dbh);