Home Explore Help
Register Sign In
Oppaitime
/
Gazelle
Watch 9
Star 11
Fork 18
Code Issues 21 Pull Requests 7 Releases 0 Wiki Activity
Browse Source

Migrate some mysql queries to prepared statements

spaghetti 7 years ago
parent
c32c60ca8a
commit
3e81d5aabb
3 changed files with 41 additions and 42 deletions
Unified View Show Diff Stats
  1. 24
    23
      sections/login/index.php
  2. 4
    4
      sections/user/edit.php
  3. 13
    15
      sections/user/take_edit.php

+ 24
- 23
sections/login/index.php View File

44 
         i.ResetExpires
 44 
         i.ResetExpires
45 
       FROM users_main AS m
 45 
       FROM users_main AS m
46 
         INNER JOIN users_info AS i ON i.UserID = m.ID
 46 
         INNER JOIN users_info AS i ON i.UserID = m.ID
47 
-      WHERE i.ResetKey = '".db_string($_REQUEST['key'])."'
48 
-        AND i.ResetKey != ''");
47 
+      WHERE i.ResetKey = ?
48 
+        AND i.ResetKey != ''", $_REQUEST['key']);
49 
     list($UserID, $Email, $Country, $Expires) = $DB->next_record();
 49 
     list($UserID, $Email, $Country, $Expires) = $DB->next_record();
50
50
51 
     if (!apcu_exists('DBKEY')) {
 51 
     if (!apcu_exists('DBKEY')) {
70 
               users_main AS m,
 70 
               users_main AS m,
71 
               users_info AS i
 71 
               users_info AS i
72 
             SET
 72 
             SET
73 
-              m.PassHash = '".db_string(Users::make_sec_hash($_REQUEST['password']))."',
73 
+              m.PassHash = ?,
74 
               i.ResetKey = '',
 74 
               i.ResetKey = '',
75 
               m.LastLogin = NOW(),
 75 
               m.LastLogin = NOW(),
76 
               i.ResetExpires = NULL
 76 
               i.ResetExpires = NULL
77 
-            WHERE m.ID = '$UserID'
78 
-              AND i.UserID = m.ID");
77 
+            WHERE m.ID = ?
78 
+              AND i.UserID = m.ID", Users::make_sec_hash($_REQUEST['password']), $UserID);
79 
           $DB->query("
 79 
           $DB->query("
80 
             INSERT INTO users_history_passwords
 80 
             INSERT INTO users_history_passwords
81 
               (UserID, ChangerIP, ChangeTime)
 81 
               (UserID, ChangerIP, ChangeTime)
82 
             VALUES
 82 
             VALUES
83 
-              ('$UserID', '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");
83 
+              (?, ?, NOW())", $UserID, DBCrypt::encrypt($_SERVER['REMOTE_ADDR']));
84 
           $PassWasReset = true;
 84 
           $PassWasReset = true;
85 
           $LoggedUser['ID'] = $UserID; // Set $LoggedUser['ID'] for logout_all_sessions() to work
 85 
           $LoggedUser['ID'] = $UserID; // Set $LoggedUser['ID'] for logout_all_sessions() to work
86 
           logout_all_sessions();
 86 
           logout_all_sessions();
100 
           UPDATE users_info
 100 
           UPDATE users_info
101 
           SET ResetKey = '',
 101 
           SET ResetKey = '',
102 
             ResetExpires = NULL
 102 
             ResetExpires = NULL
103 
-          WHERE UserID = '$UserID'");
103 
+          WHERE UserID = ?", $UserID);
104 
         $_SESSION['reseterr'] = 'The link you were given has expired.'; // Error message to display on form
 104 
         $_SESSION['reseterr'] = 'The link you were given has expired.'; // Error message to display on form
105 
       }
 105 
       }
106 
       // Show him the first form (enter email address)
 106 
       // Show him the first form (enter email address)
138 
             Username,
 138 
             Username,
139 
             Email
 139 
             Email
140 
           FROM users_main
 140 
           FROM users_main
141 
-          WHERE Email = '$EncEmail'");
141 
+          WHERE Email = ?", $EncEmail);
142 
         list($UserID, $Username, $Email) = $DB->next_record();
 142 
         list($UserID, $Username, $Email) = $DB->next_record();
143 
         $Email = DBCrypt::decrypt($Email);
 143 
         $Email = DBCrypt::decrypt($Email);
144
144
158 
           $DB->query("
 158 
           $DB->query("
159 
             SELECT SessionID
 159 
             SELECT SessionID
160 
             FROM users_sessions
 160 
             FROM users_sessions
161 
-            WHERE UserID = '$UserID'");
161 
+            WHERE UserID = ?", $UserID);
162 
           while (list($SessionID) = $DB->next_record()) {
 162 
           while (list($SessionID) = $DB->next_record()) {
163 
             $Cache->delete_value("session_$UserID"."_$SessionID");
 163 
             $Cache->delete_value("session_$UserID"."_$SessionID");
164 
           }
 164 
           }
165 
           $DB->query("
 165 
           $DB->query("
166 
             UPDATE users_sessions
 166 
             UPDATE users_sessions
167 
             SET Active = 0
 167 
             SET Active = 0
168 
-            WHERE UserID = '$UserID'
169 
-              AND Active = 1");
168 
+            WHERE UserID = ?
169 
+              AND Active = 1", $UserID);
170 
         } else {
 170 
         } else {
171 
           $Err = 'There is no user with that email address.';
 171 
           $Err = 'There is no user with that email address.';
172 
         }
 172 
         }
239 
           TwoFactor,
 239 
           TwoFactor,
240 
           Enabled
 240 
           Enabled
241 
         FROM users_main
 241 
         FROM users_main
242 
-        WHERE Username = '".db_string($_POST['username'])."'
243 
-          AND Username != ''");
242 
+        WHERE Username = ?
243 
+          AND Username != ''", $_POST['username']);
244 
       list($UserID, $PermissionID, $CustomPermissions, $PassHash, $TwoFactor, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2));
 244 
       list($UserID, $PermissionID, $CustomPermissions, $PassHash, $TwoFactor, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2));
245 
       if (!$Banned) {
 245 
       if (!$Banned) {
246 
         if ($UserID && Users::check_password($_POST['password'], $PassHash)) {
 246 
         if ($UserID && Users::check_password($_POST['password'], $PassHash)) {
248 
           if (password_needs_rehash($PassHash, PASSWORD_DEFAULT)) {
 248 
           if (password_needs_rehash($PassHash, PASSWORD_DEFAULT)) {
249 
             $DB->query("
 249 
             $DB->query("
250 
               UPDATE users_main
 250 
               UPDATE users_main
251 
-              SET PassHash = '".make_sec_hash($_POST['password'])."'
252 
-              WHERE Username = '".db_string($_POST['username'])."'");
251 
+              SET PassHash = ?
252 
+              WHERE Username = ?", make_sec_hash($_POST['password']), $_POST['username']);
253 
           }
 253 
           }
254
254
255 
           if (empty($TwoFactor) || $TwoFA->verifyCode($TwoFactor, $_POST['twofa'])) {
 255 
           if (empty($TwoFactor) || $TwoFA->verifyCode($TwoFactor, $_POST['twofa'])) {
260 
                 $DB->query("
 260 
                 $DB->query("
261 
                   SELECT IP
 261 
                   SELECT IP
262 
                   FROM users_history_ips
 262 
                   FROM users_history_ips
263 
-                  WHERE UserID = $UserID");
263 
+                  WHERE UserID = ?", $UserID);
264 
                 $IPs = $DB->to_array(false, MYSQLI_NUM);
 264 
                 $IPs = $DB->to_array(false, MYSQLI_NUM);
265 
                 $QueryParts = [];
 265 
                 $QueryParts = [];
266 
                 foreach ($IPs as $i => $IP) {
 266 
                 foreach ($IPs as $i => $IP) {
285 
                           UserName,
 285 
                           UserName,
286 
                           Email
 286 
                           Email
287 
                         FROM users_main
 287 
                         FROM users_main
288 
-                        WHERE ID = $UserID");
288 
+                        WHERE ID = ?", $UserID);
289 
                       list($Username, $Email) = $DB->next_record();
 289 
                       list($Username, $Email) = $DB->next_record();
290 
                       Users::auth_location($UserID, $Username, $CurrentASN, DBCrypt::decrypt($Email));
 290 
                       Users::auth_location($UserID, $Username, $CurrentASN, DBCrypt::decrypt($Email));
291 
                       require('newlocation.php');
 291 
                       require('newlocation.php');
299 
               $DB->query("
 299 
               $DB->query("
300 
                 SELECT KeyHandle, PublicKey, Certificate, Counter, Valid
 300 
                 SELECT KeyHandle, PublicKey, Certificate, Counter, Valid
301 
                 FROM u2f
 301 
                 FROM u2f
302 
-                WHERE UserID = $UserID");
302 
+                WHERE UserID = ?", $UserID);
303 
               // Needs to be an array of objects, so we can't use to_array()
 303 
               // Needs to be an array of objects, so we can't use to_array()
304 
               while (list($KeyHandle, $PublicKey, $Certificate, $Counter, $Valid) = $DB->next_record()) {
 304 
               while (list($KeyHandle, $PublicKey, $Certificate, $Counter, $Valid) = $DB->next_record()) {
305 
                 $U2FRegs[] = (object)['keyHandle'=>$KeyHandle, 'publicKey'=>$PublicKey, 'certificate'=>$Certificate, 'counter'=>$Counter, 'valid'=>$Valid];
 305 
                 $U2FRegs[] = (object)['keyHandle'=>$KeyHandle, 'publicKey'=>$PublicKey, 'certificate'=>$Certificate, 'counter'=>$Counter, 'valid'=>$Valid];
313 
                     $U2FReg = $U2F->doAuthenticate(json_decode($_POST['u2f-request']), $U2FRegs, json_decode($_POST['u2f-response']));
 313 
                     $U2FReg = $U2F->doAuthenticate(json_decode($_POST['u2f-request']), $U2FRegs, json_decode($_POST['u2f-response']));
314 
                     if ($U2FReg->valid != '1') throw new Exception('Token disabled.');
 314 
                     if ($U2FReg->valid != '1') throw new Exception('Token disabled.');
315 
                     $DB->query("UPDATE u2f
 315 
                     $DB->query("UPDATE u2f
316 
-                                SET Counter = ".($U2FReg->counter)."
317 
-                                WHERE KeyHandle = '".db_string($U2FReg->keyHandle)."'
318 
-                                AND UserID = $UserID");
316 
+                                SET Counter = ?
317 
+                                WHERE KeyHandle = ?
318 
+                                AND UserID = ?",
319 
+                      $U2FReg->counter, $U2FReg->keyHandle, $UserID);
319 
                   } catch (Exception $e) {
 320 
                   } catch (Exception $e) {
320 
                     $U2FErr = 'U2F key invalid. Error: '.($e->getMessage());
 321 
                     $U2FErr = 'U2F key invalid. Error: '.($e->getMessage());
321 
                     if ($e->getMessage() == 'Token disabled.') {
 322 
                     if ($e->getMessage() == 'Token disabled.') {
325 
                       $BadHandle = json_decode($_POST['u2f-response'], true)['keyHandle'];
 326 
                       $BadHandle = json_decode($_POST['u2f-response'], true)['keyHandle'];
326 
                       $DB->query("UPDATE u2f
 327 
                       $DB->query("UPDATE u2f
327 
                                   SET Valid = '0'
 328 
                                   SET Valid = '0'
328 
-                                  WHERE KeyHandle = '".db_string($BadHandle)."'
329 
-                                  AND UserID = $UserID");
329 
+                                  WHERE KeyHandle = ?
330 
+                                  AND UserID = ?", $BadHandle, $UserID);
330 
                       $U2FErr = 'U2F counter too low. This token has been disabled due to suspected cloning. Contact staff for assistance.';
 331 
                       $U2FErr = 'U2F counter too low. This token has been disabled due to suspected cloning. Contact staff for assistance.';
331 
                     }
 332 
                     }
332 
                   }
 333 
                   }

+ 4
- 4
sections/user/edit.php View File

24 
   FROM users_main AS m
 24 
   FROM users_main AS m
25 
     JOIN users_info AS i ON i.UserID = m.ID
 25 
     JOIN users_info AS i ON i.UserID = m.ID
26 
     LEFT JOIN permissions AS p ON p.ID = m.PermissionID
 26 
     LEFT JOIN permissions AS p ON p.ID = m.PermissionID
27 
-  WHERE m.ID = '".db_string($UserID)."'");
28 
-list($Username, $TwoFactor, $PublicKey, $Email, $IRCKey, $Paranoia, $Info, $Avatar, $StyleID, $StyleURL, $SiteOptions, $UnseededAlerts, $Class, $InfoTitle) = $DB->next_record(MYSQLI_NUM, array(5, 10));
27 
+  WHERE m.ID = ?", $UserID);
28 
+list($Username, $TwoFactor, $PublicKey, $Email, $IRCKey, $Paranoia, $Info, $Avatar, $StyleID, $StyleURL, $SiteOptions, $UnseededAlerts, $Class, $InfoTitle) = $DB->next_record(MYSQLI_NUM, [5, 10]);
29
29
30 
 $TwoFA = new TwoFactorAuth();
 30 
 $TwoFA = new TwoFactorAuth();
31
31
706 
 $DB->query("
 706 
 $DB->query("
707 
   SELECT COUNT(UserID)
 707 
   SELECT COUNT(UserID)
708 
   FROM users_info
 708 
   FROM users_info
709 
-  WHERE Inviter = '$UserID'");
709 
+  WHERE Inviter = ?", $UserID);
710 
 list($Invited) = $DB->next_record();
 710 
 list($Invited) = $DB->next_record();
711 
 ?>
 711 
 ?>
712 
       <tr id="para_invited_tr">
 712 
       <tr id="para_invited_tr">
719 
 $DB->query("
 719 
 $DB->query("
720 
   SELECT COUNT(ArtistID)
 720 
   SELECT COUNT(ArtistID)
721 
   FROM torrents_artists
 721 
   FROM torrents_artists
722 
-  WHERE UserID = $UserID");
722 
+  WHERE UserID = ?", $UserID);
723 
 list($ArtistsAdded) = $DB->next_record();
 723 
 list($ArtistsAdded) = $DB->next_record();
724 
 ?>
 724 
 ?>
725 
       <tr id="para_artistsadded_tr">
 725 
       <tr id="para_artistsadded_tr">

+ 13
- 15
sections/user/take_edit.php View File

135 
 $DB->query("
 135 
 $DB->query("
136 
   SELECT Email, PassHash, IRCKey
 136 
   SELECT Email, PassHash, IRCKey
137 
   FROM users_main
 137 
   FROM users_main
138 
-  WHERE ID = $UserID");
138 
+  WHERE ID = ?", $UserID);
139 
 list($CurEmail, $CurPassHash, $CurIRCKey) = $DB->next_record();
 139 
 list($CurEmail, $CurPassHash, $CurIRCKey) = $DB->next_record();
140
140
141 
 function require_password($Setting = false) {
 141 
 function require_password($Setting = false) {
157 
     require_password("Change Email");
 157 
     require_password("Change Email");
158 
   }
 158 
   }
159
159
160 
-  $NewEmail = db_string($_POST['email']);
161 
-
162 
   // Update the time of their last email change to the current time *not* the current change.
 160 
   // Update the time of their last email change to the current time *not* the current change.
163 
-  $ChangerIP = db_string($LoggedUser['IP']);
164 
   $DB->query("
 161 
   $DB->query("
165 
     UPDATE users_history_emails
 162 
     UPDATE users_history_emails
166 
-    SET Time = '".sqltime()."'
167 
-    WHERE UserID = '$UserID'
168 
-      AND Time IS NULL");
163 
+    SET Time = NOW()
164 
+    WHERE UserID = ?
165 
+      AND Time IS NULL", $UserID);
169 
   $DB->query("
 166 
   $DB->query("
170 
     INSERT INTO users_history_emails
 167 
     INSERT INTO users_history_emails
171 
       (UserID, Email, Time, IP)
 168 
       (UserID, Email, Time, IP)
172 
     VALUES
 169 
     VALUES
173 
-      ('$UserID', '".DBCrypt::encrypt($NewEmail)."', NULL, '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."')");
170 
+      (?, ?, NULL, ?)", $UserID, DBCrypt::encrypt($_POST['email']), DBCrypt::encrypt($_SERVER['REMOTE_ADDR']));
174
171
175 
 }
 172 
 }
176
173
308 
     m.Paranoia = '".db_string(json_encode($Paranoia))."'";
 305 
     m.Paranoia = '".db_string(json_encode($Paranoia))."'";
309
306
310 
 if ($ResetPassword) {
 307 
 if ($ResetPassword) {
311 
-  $ChangerIP = db_string(DBCrypt::encrypt($LoggedUser['IP']));
308 
+  $ChangerIP = DBCrypt::encrypt($LoggedUser['IP']);
312 
   $PassHash = Users::make_sec_hash($_POST['new_pass_1']);
 309 
   $PassHash = Users::make_sec_hash($_POST['new_pass_1']);
313 
   $SQL.= ",m.PassHash = '".db_string($PassHash)."'";
 310 
   $SQL.= ",m.PassHash = '".db_string($PassHash)."'";
314 
   $DB->query("
 311 
   $DB->query("
315 
     INSERT INTO users_history_passwords
 312 
     INSERT INTO users_history_passwords
316 
       (UserID, ChangerIP, ChangeTime)
 313 
       (UserID, ChangerIP, ChangeTime)
317 
     VALUES
 314 
     VALUES
318 
-      ('$UserID', '$ChangerIP', '".sqltime()."')");
315 
+      (?, ?, NOW())", $UserID, $ChangerIP);
319 
 }
 316 
 }
320
317
321 
 if (isset($_POST['resetpasskey'])) {
 318 
 if (isset($_POST['resetpasskey'])) {
322
319
323 
   $UserInfo = Users::user_heavy_info($UserID);
 320 
   $UserInfo = Users::user_heavy_info($UserID);
324 
-  $OldPassKey = db_string($UserInfo['torrent_pass']);
325 
-  $NewPassKey = db_string(Users::make_secret());
326 
-  $ChangerIP = db_string(DBCrypt::encrypt($LoggedUser['IP']));
321 
+  $OldPassKey = $UserInfo['torrent_pass'];
322 
+  $NewPassKey = Users::make_secret();
323 
+  $ChangerIP = DBCrypt::encrypt($LoggedUser['IP']);
327 
   $SQL .= ",m.torrent_pass = '$NewPassKey'";
 324 
   $SQL .= ",m.torrent_pass = '$NewPassKey'";
328 
   $DB->query("
 325 
   $DB->query("
329 
     INSERT INTO users_history_passkeys
 326 
     INSERT INTO users_history_passkeys
330 
       (UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)
 327 
       (UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)
331 
     VALUES
 328 
     VALUES
332 
-      ('$UserID', '$OldPassKey', '$NewPassKey', '$ChangerIP', '".sqltime()."')");
329 
+      (?, ?, ?, ?, NOW())",
330 
+      $USerID, $OldPassKey, $NewPassKey, $ChangerIP);
333 
   $Cache->begin_transaction("user_info_heavy_$UserID");
 331 
   $Cache->begin_transaction("user_info_heavy_$UserID");
334 
   $Cache->update_row(false, ['torrent_pass' => $NewPassKey]);
 332 
   $Cache->update_row(false, ['torrent_pass' => $NewPassKey]);
335 
   $Cache->commit_transaction(0);
 333 
   $Cache->commit_transaction(0);
345 
   $DB->query("
 343 
   $DB->query("
346 
     UPDATE users_badges
 344 
     UPDATE users_badges
347 
     SET Displayed = 0
 345 
     SET Displayed = 0
348 
-    WHERE UserID = $UserID");
346 
+    WHERE UserID = ?", $UserID);
349 
   if (!empty($BadgeIDs)) {
 347 
   if (!empty($BadgeIDs)) {
350 
     $DB->query("
 348 
     $DB->query("
351 
       UPDATE users_badges
 349 
       UPDATE users_badges

Write Preview
Loading…
Cancel
Save