Home Explore Help
Register Sign In
Oppaitime
/
Gazelle
Watch 9
Star 11
Fork 18
Code Issues 21 Pull Requests 7 Releases 0 Wiki Activity
Browse Source

Migrate some mysql queries to prepared statements

spaghetti 7 years ago
parent
c32c60ca8a
commit
3e81d5aabb
3 changed files with 41 additions and 42 deletions
Split View Show Diff Stats
  1. 24
    23
      sections/login/index.php
  2. 4
    4
      sections/user/edit.php
  3. 13
    15
      sections/user/take_edit.php

+ 24
- 23
sections/login/index.php View File 

@@ -44,8 +44,8 @@ if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
44 44 
         i.ResetExpires
45 45 
       FROM users_main AS m
46 46 
         INNER JOIN users_info AS i ON i.UserID = m.ID
47 
-      WHERE i.ResetKey = '".db_string($_REQUEST['key'])."'
48 
-        AND i.ResetKey != ''");
47 
+      WHERE i.ResetKey = ?
48 
+        AND i.ResetKey != ''", $_REQUEST['key']);
49 49 
     list($UserID, $Email, $Country, $Expires) = $DB->next_record();
50 50
51 51 
     if (!apcu_exists('DBKEY')) {
 
@@ -70,17 +70,17 @@ if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
70 70 
               users_main AS m,
71 71 
               users_info AS i
72 72 
             SET
73 
-              m.PassHash = '".db_string(Users::make_sec_hash($_REQUEST['password']))."',
73 
+              m.PassHash = ?,
74 74 
               i.ResetKey = '',
75 75 
               m.LastLogin = NOW(),
76 76 
               i.ResetExpires = NULL
77 
-            WHERE m.ID = '$UserID'
78 
-              AND i.UserID = m.ID");
77 
+            WHERE m.ID = ?
78 
+              AND i.UserID = m.ID", Users::make_sec_hash($_REQUEST['password']), $UserID);
79 79 
           $DB->query("
80 80 
             INSERT INTO users_history_passwords
81 81 
               (UserID, ChangerIP, ChangeTime)
82 82 
             VALUES
83 
-              ('$UserID', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");
83 
+              (?, ?, NOW())", $UserID, DBCrypt::encrypt($_SERVER['REMOTE_ADDR']));
84 84 
           $PassWasReset = true;
85 85 
           $LoggedUser['ID'] = $UserID; // Set $LoggedUser['ID'] for logout_all_sessions() to work
86 86 
           logout_all_sessions();
 
@@ -100,7 +100,7 @@ if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
100 100 
           UPDATE users_info
101 101 
           SET ResetKey = '',
102 102 
             ResetExpires = NULL
103 
-          WHERE UserID = '$UserID'");
103 
+          WHERE UserID = ?", $UserID);
104 104 
         $_SESSION['reseterr'] = 'The link you were given has expired.'; // Error message to display on form
105 105 
       }
106 106 
       // Show him the first form (enter email address)
 
@@ -138,7 +138,7 @@ if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
138 138 
             Username,
139 139 
             Email
140 140 
           FROM users_main
141 
-          WHERE Email = '$EncEmail'");
141 
+          WHERE Email = ?", $EncEmail);
142 142 
         list($UserID, $Username, $Email) = $DB->next_record();
143 143 
         $Email = DBCrypt::decrypt($Email);
144 144 
 
@@ -158,15 +158,15 @@ if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
158 158 
           $DB->query("
159 159 
             SELECT SessionID
160 160 
             FROM users_sessions
161 
-            WHERE UserID = '$UserID'");
161 
+            WHERE UserID = ?", $UserID);
162 162 
           while (list($SessionID) = $DB->next_record()) {
163 163 
             $Cache->delete_value("session_$UserID"."_$SessionID");
164 164 
           }
165 165 
           $DB->query("
166 166 
             UPDATE users_sessions
167 167 
             SET Active = 0
168 
-            WHERE UserID = '$UserID'
169 
-              AND Active = 1");
168 
+            WHERE UserID = ?
169 
+              AND Active = 1", $UserID);
170 170 
         } else {
171 171 
           $Err = 'There is no user with that email address.';
172 172 
         }
 
@@ -239,8 +239,8 @@ else {
239 239 
           TwoFactor,
240 240 
           Enabled
241 241 
         FROM users_main
242 
-        WHERE Username = '".db_string($_POST['username'])."'
243 
-          AND Username != ''");
242 
+        WHERE Username = ?
243 
+          AND Username != ''", $_POST['username']);
244 244 
       list($UserID, $PermissionID, $CustomPermissions, $PassHash, $TwoFactor, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2));
245 245 
       if (!$Banned) {
246 246 
         if ($UserID && Users::check_password($_POST['password'], $PassHash)) {
 
@@ -248,8 +248,8 @@ else {
248 248 
           if (password_needs_rehash($PassHash, PASSWORD_DEFAULT)) {
249 249 
             $DB->query("
250 250 
               UPDATE users_main
251 
-              SET PassHash = '".make_sec_hash($_POST['password'])."'
252 
-              WHERE Username = '".db_string($_POST['username'])."'");
251 
+              SET PassHash = ?
252 
+              WHERE Username = ?", make_sec_hash($_POST['password']), $_POST['username']);
253 253 
           }
254 254
255 255 
           if (empty($TwoFactor) || $TwoFA->verifyCode($TwoFactor, $_POST['twofa'])) {
 
@@ -260,7 +260,7 @@ else {
260 260 
                 $DB->query("
261 261 
                   SELECT IP
262 262 
                   FROM users_history_ips
263 
-                  WHERE UserID = $UserID");
263 
+                  WHERE UserID = ?", $UserID);
264 264 
                 $IPs = $DB->to_array(false, MYSQLI_NUM);
265 265 
                 $QueryParts = [];
266 266 
                 foreach ($IPs as $i => $IP) {
 
@@ -285,7 +285,7 @@ else {
285 285 
                           UserName,
286 286 
                           Email
287 287 
                         FROM users_main
288 
-                        WHERE ID = $UserID");
288 
+                        WHERE ID = ?", $UserID);
289 289 
                       list($Username, $Email) = $DB->next_record();
290 290 
                       Users::auth_location($UserID, $Username, $CurrentASN, DBCrypt::decrypt($Email));
291 291 
                       require('newlocation.php');
 
@@ -299,7 +299,7 @@ else {
299 299 
               $DB->query("
300 300 
                 SELECT KeyHandle, PublicKey, Certificate, Counter, Valid
301 301 
                 FROM u2f
302 
-                WHERE UserID = $UserID");
302 
+                WHERE UserID = ?", $UserID);
303 303 
               // Needs to be an array of objects, so we can't use to_array()
304 304 
               while (list($KeyHandle, $PublicKey, $Certificate, $Counter, $Valid) = $DB->next_record()) {
305 305 
                 $U2FRegs[] = (object)['keyHandle'=>$KeyHandle, 'publicKey'=>$PublicKey, 'certificate'=>$Certificate, 'counter'=>$Counter, 'valid'=>$Valid];
 
@@ -313,9 +313,10 @@ else {
313 313 
                     $U2FReg = $U2F->doAuthenticate(json_decode($_POST['u2f-request']), $U2FRegs, json_decode($_POST['u2f-response']));
314 314 
                     if ($U2FReg->valid != '1') throw new Exception('Token disabled.');
315 315 
                     $DB->query("UPDATE u2f
316 
-                                SET Counter = ".($U2FReg->counter)."
317 
-                                WHERE KeyHandle = '".db_string($U2FReg->keyHandle)."'
318 
-                                AND UserID = $UserID");
316 
+                                SET Counter = ?
317 
+                                WHERE KeyHandle = ?
318 
+                                AND UserID = ?",
319 
+                      $U2FReg->counter, $U2FReg->keyHandle, $UserID);
319 320 
                   } catch (Exception $e) {
320 321 
                     $U2FErr = 'U2F key invalid. Error: '.($e->getMessage());
321 322 
                     if ($e->getMessage() == 'Token disabled.') {
 
@@ -325,8 +326,8 @@ else {
325 326 
                       $BadHandle = json_decode($_POST['u2f-response'], true)['keyHandle'];
326 327 
                       $DB->query("UPDATE u2f
327 328 
                                   SET Valid = '0'
328 
-                                  WHERE KeyHandle = '".db_string($BadHandle)."'
329 
-                                  AND UserID = $UserID");
329 
+                                  WHERE KeyHandle = ?
330 
+                                  AND UserID = ?", $BadHandle, $UserID);
330 331 
                       $U2FErr = 'U2F counter too low. This token has been disabled due to suspected cloning. Contact staff for assistance.';
331 332 
                     }
332 333 
                   }

+ 4
- 4
sections/user/edit.php View File 

@@ -24,8 +24,8 @@ $DB->query("
24 24 
   FROM users_main AS m
25 25 
     JOIN users_info AS i ON i.UserID = m.ID
26 26 
     LEFT JOIN permissions AS p ON p.ID = m.PermissionID
27 
-  WHERE m.ID = '".db_string($UserID)."'");
28 
-list($Username, $TwoFactor, $PublicKey, $Email, $IRCKey, $Paranoia, $Info, $Avatar, $StyleID, $StyleURL, $SiteOptions, $UnseededAlerts, $Class, $InfoTitle) = $DB->next_record(MYSQLI_NUM, array(5, 10));
27 
+  WHERE m.ID = ?", $UserID);
28 
+list($Username, $TwoFactor, $PublicKey, $Email, $IRCKey, $Paranoia, $Info, $Avatar, $StyleID, $StyleURL, $SiteOptions, $UnseededAlerts, $Class, $InfoTitle) = $DB->next_record(MYSQLI_NUM, [5, 10]);
29 29
30 30 
 $TwoFA = new TwoFactorAuth();
31 31 
 
@@ -706,7 +706,7 @@ $RequestsVotedListChecked = checked(!in_array('requestsvoted_list', $Paranoia));
706 706 
 $DB->query("
707 707 
   SELECT COUNT(UserID)
708 708 
   FROM users_info
709 
-  WHERE Inviter = '$UserID'");
709 
+  WHERE Inviter = ?", $UserID);
710 710 
 list($Invited) = $DB->next_record();
711 711 
 ?>
712 712 
       <tr id="para_invited_tr">
 
@@ -719,7 +719,7 @@ list($Invited) = $DB->next_record();
719 719 
 $DB->query("
720 720 
   SELECT COUNT(ArtistID)
721 721 
   FROM torrents_artists
722 
-  WHERE UserID = $UserID");
722 
+  WHERE UserID = ?", $UserID);
723 723 
 list($ArtistsAdded) = $DB->next_record();
724 724 
 ?>
725 725 
       <tr id="para_artistsadded_tr">

+ 13
- 15
sections/user/take_edit.php View File 

@@ -135,7 +135,7 @@ if (isset($_POST['p_donor_stats'])) {
135 135 
 $DB->query("
136 136 
   SELECT Email, PassHash, IRCKey
137 137 
   FROM users_main
138 
-  WHERE ID = $UserID");
138 
+  WHERE ID = ?", $UserID);
139 139 
 list($CurEmail, $CurPassHash, $CurIRCKey) = $DB->next_record();
140 140
141 141 
 function require_password($Setting = false) {
 
@@ -157,20 +157,17 @@ if ($CurEmail != $_POST['email']) {
157 157 
     require_password("Change Email");
158 158 
   }
159 159
160 
-  $NewEmail = db_string($_POST['email']);
161 
-
162 160 
   // Update the time of their last email change to the current time *not* the current change.
163 
-  $ChangerIP = db_string($LoggedUser['IP']);
164 161 
   $DB->query("
165 162 
     UPDATE users_history_emails
166 
-    SET Time = '".sqltime()."'
167 
-    WHERE UserID = '$UserID'
168 
-      AND Time IS NULL");
163 
+    SET Time = NOW()
164 
+    WHERE UserID = ?
165 
+      AND Time IS NULL", $UserID);
169 166 
   $DB->query("
170 167 
     INSERT INTO users_history_emails
171 168 
       (UserID, Email, Time, IP)
172 169 
     VALUES
173 
-      ('$UserID', '".DBCrypt::encrypt($NewEmail)."', NULL, '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."')");
170 
+      (?, ?, NULL, ?)", $UserID, DBCrypt::encrypt($_POST['email']), DBCrypt::encrypt($_SERVER['REMOTE_ADDR']));
174 171
175 172 
 }
176 173 
 
@@ -308,28 +305,29 @@ $SQL = "
308 305 
     m.Paranoia = '".db_string(json_encode($Paranoia))."'";
309 306
310 307 
 if ($ResetPassword) {
311 
-  $ChangerIP = db_string(DBCrypt::encrypt($LoggedUser['IP']));
308 
+  $ChangerIP = DBCrypt::encrypt($LoggedUser['IP']);
312 309 
   $PassHash = Users::make_sec_hash($_POST['new_pass_1']);
313 310 
   $SQL.= ",m.PassHash = '".db_string($PassHash)."'";
314 311 
   $DB->query("
315 312 
     INSERT INTO users_history_passwords
316 313 
       (UserID, ChangerIP, ChangeTime)
317 314 
     VALUES
318 
-      ('$UserID', '$ChangerIP', '".sqltime()."')");
315 
+      (?, ?, NOW())", $UserID, $ChangerIP);
319 316 
 }
320 317
321 318 
 if (isset($_POST['resetpasskey'])) {
322 319
323 320 
   $UserInfo = Users::user_heavy_info($UserID);
324 
-  $OldPassKey = db_string($UserInfo['torrent_pass']);
325 
-  $NewPassKey = db_string(Users::make_secret());
326 
-  $ChangerIP = db_string(DBCrypt::encrypt($LoggedUser['IP']));
321 
+  $OldPassKey = $UserInfo['torrent_pass'];
322 
+  $NewPassKey = Users::make_secret();
323 
+  $ChangerIP = DBCrypt::encrypt($LoggedUser['IP']);
327 324 
   $SQL .= ",m.torrent_pass = '$NewPassKey'";
328 325 
   $DB->query("
329 326 
     INSERT INTO users_history_passkeys
330 327 
       (UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)
331 328 
     VALUES
332 
-      ('$UserID', '$OldPassKey', '$NewPassKey', '$ChangerIP', '".sqltime()."')");
329 
+      (?, ?, ?, ?, NOW())",
330 
+      $USerID, $OldPassKey, $NewPassKey, $ChangerIP);
333 331 
   $Cache->begin_transaction("user_info_heavy_$UserID");
334 332 
   $Cache->update_row(false, ['torrent_pass' => $NewPassKey]);
335 333 
   $Cache->commit_transaction(0);
 
@@ -345,7 +343,7 @@ if ($BadgesChanged) {
345 343 
   $DB->query("
346 344 
     UPDATE users_badges
347 345 
     SET Displayed = 0
348 
-    WHERE UserID = $UserID");
346 
+    WHERE UserID = ?", $UserID);
349 347 
   if (!empty($BadgeIDs)) {
350 348 
     $DB->query("
351 349 
       UPDATE users_badges

Write Preview
Loading…
Cancel
Save