From 91bd244393ae40e302e3c1e0f7fedb01ddeee957 Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Thu, 18 Sep 2014 22:05:08 +0300 Subject: Query builder in user login and controller --- application/controllers/user.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/user.php b/application/controllers/user.php index 079f1665c..45bd93816 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -102,11 +102,13 @@ class User extends MY_Controller { $key = random_alphanum(32); - $this->db->query(" - INSERT INTO `apikeys` - (`key`, `user`, `comment`, `access_level`) - VALUES (?, ?, ?, ?) - ", array($key, $userid, $comment, $access_level)); + $this->db->set([ + 'key' => $key, + 'user' => $userid, + 'comment' => $comment, + 'access_level' => $access_level + ]) + ->insert('apikeys'); if (static_storage("response_type") == "json") { return send_json_reply(array("new_key" => $key)); -- cgit v1.2.3-24-g4f1b From 17a84b1f27ff6b618778ef4e4378039f6ae266da Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Fri, 19 Sep 2014 00:02:30 +0300 Subject: User controller queries built dynamically --- application/controllers/user.php | 146 +++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 74 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/user.php b/application/controllers/user.php index 45bd93816..30e5b9fd7 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -102,12 +102,12 @@ class User extends MY_Controller { $key = random_alphanum(32); - $this->db->set([ + $this->db->set(array( 'key' => $key, 'user' => $userid, 'comment' => $comment, 'access_level' => $access_level - ]) + )) ->insert('apikeys'); if (static_storage("response_type") == "json") { @@ -128,11 +128,9 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); $key = $this->input->post("key"); - $this->db->query(" - DELETE FROM `apikeys` - WHERE `user` = ? - AND `key` = ? - ", array($userid, $key)); + $this->db->where('user', $userid) + ->where('key', $key) + ->delete('apikeys'); redirect("user/apikeys"); } @@ -143,11 +141,17 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); - $query = $this->db->query(" - SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`, `access_level` - FROM `apikeys` - WHERE `user` = ? order by created desc - ", array($userid))->result_array(); + $query = $this->db->select('key, created, comment, access_level') + ->from('apikeys') + ->where('user', $userid) + ->order_by('created', 'desc') + ->get()->result_array(); + + // Convert timestamp to unix timestamp + if (isset($query['created'])) + { + $query['created'] = strtotime($query['created']); + } if (static_storage("response_type") == "json") { return send_json_reply($query); @@ -167,12 +171,11 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); - $query = $this->db->query(" - SELECT count(*) count - FROM `actions` - WHERE `user` = ? - AND `action` = 'invitation' - ", array($userid))->row_array(); + $query = $this->db->select('user') + ->from('action') + ->where('user', $userid) + ->where('action', 'invitation') + ->count_all_results(); if ($query["count"] + 1 > 3) { show_error("You can't create more invitation keys at this time."); @@ -180,11 +183,13 @@ class User extends MY_Controller { $key = random_alphanum(12, 16); - $this->db->query(" - INSERT INTO `actions` - (`key`, `user`, `date`, `action`) - VALUES (?, ?, ?, 'invitation') - ", array($key, $userid, time())); + $this->db->set(array( + 'key' => $key, + 'user' => $userid, + 'date' => time(), + 'action' => 'invitation' + )) + ->insert('actions'); redirect("user/invite"); } @@ -196,12 +201,11 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); - $query = $this->db->query(" - SELECT `key`, `date` - FROM `actions` - WHERE `user` = ? - AND `action` = 'invitation' - ", array($userid))->result_array(); + $query = $this->db->select('key, date') + ->from('actions') + ->where('user', $userid) + ->where('action', 'invitation') + ->get()->result_array(); $this->data["query"] = $query; @@ -249,20 +253,17 @@ class User extends MY_Controller { } if (empty($error)) { - $this->db->query(" - INSERT INTO users - (`username`, `password`, `email`, `referrer`) - VALUES(?, ?, ?, ?) - ", array( - $username, - $this->muser->hash_password($password), - $email, - $referrer - )); - $this->db->query(" - DELETE FROM actions - WHERE `key` = ? - ", array($key)); + $this->db->set(array( + 'username' => $username, + 'password' => $this->muser->hash_password($password), + 'email' => $email, + 'referrer' => $referrer + )) + ->insert('users'); + + $this->db->where('key', $key) + ->delete('actions'); + $this->load->view('header', $this->data); $this->load->view($this->var->view_dir.'registered', $this->data); $this->load->view('footer', $this->data); @@ -321,27 +322,27 @@ class User extends MY_Controller { show_error("Invalid username"); } - $userinfo = $this->db->query(" - SELECT id, email, username - FROM users - WHERE username = ? - ", array($username))->row_array(); + $userinfo = $this->db->select('id, email, username') + ->from('users') + ->where('username', $username) + ->get()->row_array(); $this->load->library("email"); - $this->db->query(" - INSERT INTO `actions` - (`key`, `user`, `date`, `action`) - VALUES (?, ?, ?, 'passwordreset') - ", array($key, $userinfo["id"], time())); - - $admininfo = $this->db->query(" - SELECT email - FROM users - WHERE referrer is null - ORDER BY id asc - LIMIT 1 - ")->row_array(); + $this->db->set(array( + 'key' => $key, + 'user' => $userinfo['id'], + 'date' => time(), + 'action' => 'passwordreset' + )) + ->insert('actions'); + + $admininfo = $this->db->select('email') + ->from('users') + ->where('referrer', NULL) + ->order_by('id', 'asc') + ->limit(1) + ->get()->row_array(); $this->email->from($admininfo["email"]); $this->email->to($userinfo["email"]); @@ -383,15 +384,14 @@ class User extends MY_Controller { } if (empty($error)) { - $this->db->query(" - UPDATE users - SET `password` = ? - WHERE `id` = ? - ", array($this->muser->hash_password($password), $userid)); - $this->db->query(" - DELETE FROM actions - WHERE `key` = ? - ", array($key)); + $this->db->where('id', $userid) + ->update('users', [ + 'password' => $this->muser->hash_password($password) + ]); + + $this->db->where($key, $key) + ->delete('actions'); + $this->load->view('header', $this->data); $this->load->view($this->var->view_dir.'reset_password_success', $this->data); $this->load->view('footer', $this->data); @@ -510,9 +510,7 @@ class User extends MY_Controller { $oldest_time = (time() - $this->config->item('actions_max_age')); - $this->db->query(" - DELETE FROM actions - WHERE date < ? - ", array($oldest_time)); + $this->db->where('date <', $oldest_time) + ->delete('actions'); } } -- cgit v1.2.3-24-g4f1b From ce4d7b166d6785d23bf47255467ef2fbfdcf4efb Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Fri, 19 Sep 2014 15:35:19 +0300 Subject: File controller uses query builder, except 2 queries --- application/controllers/file.php | 68 +++++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 32 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/file.php b/application/controllers/file.php index e1b43d314..d293310c5 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -537,13 +537,13 @@ class File extends MY_Controller { $user = $this->muser->get_userid(); - $query = $this->db->query(" - SELECT `id`, `filename`, `mimetype`, `date`, `hash`, `filesize` - FROM files - WHERE user = ? - AND mimetype IN ('image/jpeg', 'image/png', 'image/gif') - ORDER BY date DESC - ", array($user))->result_array(); + $query = $this->db + ->select('id, filename, mimetype, date, hash, filesize') + ->from('files') + ->where('user', $user) + ->where('mimetype', array('image/jpeg', 'image/png', 'image/gif')) + ->order_by('date', 'desc') + ->get()->result_array(); foreach($query as $key => $item) { if (!$this->mfile->valid_id($item["id"])) { @@ -586,11 +586,10 @@ class File extends MY_Controller { $order = is_cli_client() ? "ASC" : "DESC"; - $items = $this->db->query(" - SELECT ".implode(",", array_keys($fields))." - FROM files - WHERE user = ? - ", array($user))->result_array(); + $items = $this->db->select(implode(',', array_keys($fields))) + ->from('files') + ->where('user', $user) + ->get()->result_array(); $query = $this->db->query(" SELECT m.url_id id, sum(f.filesize) filesize, m.date, '' hash, '' mimetype, concat(count(*), ' file(s)') filename @@ -630,10 +629,9 @@ class File extends MY_Controller { $total_size = $this->db->query(" SELECT sum(filesize) sum FROM ( - SELECT filesize + SELECT DISTINCT hash, filesize FROM files WHERE user = ? - GROUP BY hash ) sub ", array($user))->row_array(); @@ -1003,13 +1001,15 @@ class File extends MY_Controller { $small_upload_size = $this->config->item('small_upload_size'); - $query = $this->db->query(' - SELECT hash, id, user - FROM files - WHERE date < ? OR (user = 0 AND date < ?)', - array($oldest_time, $oldest_session_time)); + $query = $this->db->select('hash, id, user') + ->from('files') + ->where('date <', $oldest_time) + ->or_where_open() + ->where('user', 0) + ->where('date <', $oldest_session_time) + ->get()->result_array(); - foreach($query->result_array() as $row) { + foreach($query as $row) { $file = $this->mfile->file($row['hash']); if (!file_exists($file)) { $this->mfile->delete_id($row["id"]); @@ -1052,7 +1052,11 @@ class File extends MY_Controller { continue; } - $query = $this->db->query("SELECT hash FROM files WHERE hash = ? LIMIT 1", array($file))->row_array(); + $query = $this->db->select('hash') + ->from('files') + ->where('hash', $file) + ->limit(1) + ->get()->row_array(); if (empty($query)) { unlink($upload_path."/".$dir."/".$file); @@ -1097,23 +1101,23 @@ class File extends MY_Controller { $total = $this->db->count_all("files"); for ($limit = 0; $limit < $total; $limit += $chunk) { - $query = $this->db->query(" - SELECT hash - FROM files - GROUP BY hash - LIMIT $limit, $chunk - ")->result_array(); + $query = $this->db->select('hash') + ->from('files') + ->group_by('hash') + ->limit($limit, $chunk) + ->get()->result_array(); foreach ($query as $key => $item) { $hash = $item["hash"]; $filesize = intval(filesize($this->mfile->file($hash))); $mimetype = $this->mfile->mimetype($this->mfile->file($hash)); - $this->db->query(" - UPDATE files - SET filesize = ?, mimetype = ? - WHERE hash = ? - ", array($filesize, $mimetype, $hash)); + $this->db->where('hash', $hash) + ->set(array( + 'filesize' => $filesize, + 'mimetype' => $mimetype, + )) + ->update('files'); } } } -- cgit v1.2.3-24-g4f1b From 701f6b08f7d983e364b3b97d7525d3e94f5b19d0 Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Fri, 19 Sep 2014 15:56:53 +0300 Subject: Correct unsupported open/close where query statements --- application/controllers/file.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/file.php b/application/controllers/file.php index d293310c5..96c3fb9c6 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -1004,9 +1004,7 @@ class File extends MY_Controller { $query = $this->db->select('hash, id, user') ->from('files') ->where('date <', $oldest_time) - ->or_where_open() - ->where('user', 0) - ->where('date <', $oldest_session_time) + ->or_where("(user = 0 AND date < $oldest_session_time)") ->get()->result_array(); foreach($query as $row) { -- cgit v1.2.3-24-g4f1b From 1a007fc8e7bf71fc5e292929af00a15bcac6b2c2 Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Fri, 19 Sep 2014 17:00:19 +0300 Subject: Fix timestamp adjusting for a list of arrays --- application/controllers/user.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/user.php b/application/controllers/user.php index 30e5b9fd7..a9e50d742 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -148,10 +148,14 @@ class User extends MY_Controller { ->get()->result_array(); // Convert timestamp to unix timestamp - if (isset($query['created'])) + foreach ($query as & $record) { - $query['created'] = strtotime($query['created']); + if ( ! empty($record['created'])) + { + $record['created'] = strtotime($record['created']); + } } + unset($record); if (static_storage("response_type") == "json") { return send_json_reply($query); -- cgit v1.2.3-24-g4f1b From 8082cc98e7ebc9a27dcf8a8a4e6ee24dc71af1f3 Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Fri, 19 Sep 2014 18:36:51 +0300 Subject: where_in for in array queries a proper count usage --- application/controllers/file.php | 2 +- application/controllers/user.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/file.php b/application/controllers/file.php index 96c3fb9c6..ddb7a38cf 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -541,7 +541,7 @@ class File extends MY_Controller { ->select('id, filename, mimetype, date, hash, filesize') ->from('files') ->where('user', $user) - ->where('mimetype', array('image/jpeg', 'image/png', 'image/gif')) + ->where_in('mimetype', array('image/jpeg', 'image/png', 'image/gif')) ->order_by('date', 'desc') ->get()->result_array(); diff --git a/application/controllers/user.php b/application/controllers/user.php index a9e50d742..57c6498b1 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -175,13 +175,13 @@ class User extends MY_Controller { $userid = $this->muser->get_userid(); - $query = $this->db->select('user') - ->from('action') + $invitations = $this->db->select('user') + ->from('actions') ->where('user', $userid) ->where('action', 'invitation') ->count_all_results(); - if ($query["count"] + 1 > 3) { + if ($invitations + 1 > 3) { show_error("You can't create more invitation keys at this time."); } -- cgit v1.2.3-24-g4f1b From 4edab80a15cad1a479d110f6b7e782e1b434763d Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Sun, 28 Sep 2014 20:23:13 +0300 Subject: file/cron: Protecting identifiers --- application/controllers/file.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'application/controllers') diff --git a/application/controllers/file.php b/application/controllers/file.php index ddb7a38cf..329a0bdf7 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -1004,7 +1004,8 @@ class File extends MY_Controller { $query = $this->db->select('hash, id, user') ->from('files') ->where('date <', $oldest_time) - ->or_where("(user = 0 AND date < $oldest_session_time)") + ->or_where('('.$this->db->_protect_identifiers('user').' = 0 AND ' + .$this->db->_protect_identifiers('date')." < $oldest_session_time)") ->get()->result_array(); foreach($query as $row) { -- cgit v1.2.3-24-g4f1b From 1abe7372404a9d65f3b59eda2d83e628267b366d Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sun, 19 Oct 2014 23:01:51 +0200 Subject: Clean up the postgres changes Style cleanup and some regression fixes Signed-off-by: Florian Pritz --- application/controllers/file.php | 2 +- application/controllers/user.php | 13 ++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/file.php b/application/controllers/file.php index b81900af2..62cf342b1 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -1009,7 +1009,7 @@ class File extends MY_Controller { ->from('files') ->where('date <', $oldest_time) ->or_where('('.$this->db->_protect_identifiers('user').' = 0 AND ' - .$this->db->_protect_identifiers('date')." < $oldest_session_time)") + .$this->db->_protect_identifiers('date')." < $oldest_session_time)") ->get()->result_array(); foreach($query as $row) { diff --git a/application/controllers/user.php b/application/controllers/user.php index 57c6498b1..b542f2b4c 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -148,10 +148,9 @@ class User extends MY_Controller { ->get()->result_array(); // Convert timestamp to unix timestamp - foreach ($query as & $record) - { - if ( ! empty($record['created'])) - { + // TODO: migrate database to integer timestamp and get rid of this + foreach ($query as &$record) { + if (!empty($record['created'])) { $record['created'] = strtotime($record['created']); } } @@ -389,11 +388,11 @@ class User extends MY_Controller { if (empty($error)) { $this->db->where('id', $userid) - ->update('users', [ + ->update('users', array( 'password' => $this->muser->hash_password($password) - ]); + )); - $this->db->where($key, $key) + $this->db->where('key', $key) ->delete('actions'); $this->load->view('header', $this->data); -- cgit v1.2.3-24-g4f1b