From 43a85886b2e8ef2944e885acace2e0918c69dc0d Mon Sep 17 00:00:00 2001 From: Brett Wilkins Date: Mon, 27 Sep 2010 14:27:12 +1300 Subject: [PATCH] MaharaAuthPlugin: Making sql queries more database friendly Also setting the strict() calls to return true, and correcting some whitespace issues. --- MaharaAuthPlugin.php | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/MaharaAuthPlugin.php b/MaharaAuthPlugin.php index 31e31bf..48b33be 100644 --- a/MaharaAuthPlugin.php +++ b/MaharaAuthPlugin.php @@ -33,7 +33,7 @@ class MaharaAuthPlugin extends AuthPlugin { /** * Check whether there exists a user account with the given name. * The name will be normalized to MediaWiki's requirements, so - * you might need to munge it (for instance, for lowercase initial + * you might need to munge it (for instance, for lowercase initial * letters). * * @param $username String: username. @@ -51,7 +51,7 @@ class MaharaAuthPlugin extends AuthPlugin { $this->dbname = $dbname; $this->host = $host; $this->prefix = $prefix; - $this->dbtype = $dbtype; + $this->dbtype = $dbtype; $this->dbuser = $user; $this->dbpass = $password; } @@ -59,7 +59,7 @@ class MaharaAuthPlugin extends AuthPlugin { public function userExists( $username ) { $username = strtolower($username); $db = $this->getDatabase(); - $sql = "SELECT username FROM ".$this->prefix."usr where username = '".$username."'"; + $sql = "SELECT username FROM ".$this->prefix."usr where LOWER(username) = '".$username."'"; $res = $db->query($sql); $val = $db->fetchObject($res); $db->close(); @@ -82,7 +82,7 @@ class MaharaAuthPlugin extends AuthPlugin { public function authenticate( $username, $password ) { $username = strtolower($username); $db = $this->getDatabase(); - $sql = "SELECT username, password, salt FROM ".$this->prefix."usr where username = '".$username."'"; + $sql = "SELECT username, password, salt FROM ".$this->prefix."usr where LOWER(username) = '".$username."'"; $res = $db->query($sql); $val = $db->fetchObject($res); $db->close(); @@ -136,8 +136,9 @@ class MaharaAuthPlugin extends AuthPlugin { * @param User $user */ public function updateUser( &$user ) { + $db = $this->getDatabase(); - $sql = "SELECT * FROM ".$this->prefix."usr where username = '".$username."'"; + $sql = "SELECT * FROM ".$this->prefix."usr where LOWER(username) = LOWER('".$user->username."')"; $res = $db->query($sql); $val = $db->fetchRow($res); $db->close(); @@ -234,7 +235,7 @@ class MaharaAuthPlugin extends AuthPlugin { * @return bool */ public function strict() { - return false; + return true; } /** @@ -245,7 +246,7 @@ class MaharaAuthPlugin extends AuthPlugin { * @return bool */ public function strictUserAuth( $username ) { - return false; + return true; } /** @@ -260,8 +261,9 @@ class MaharaAuthPlugin extends AuthPlugin { * @param $autocreate bool True if user is being autocreated on login */ public function initUser( &$user, $autocreate=false ) { + $username = strtolower($username); $db = $this->getDatabase(); - $sql = "SELECT * FROM ".$this->prefix."usr where username = '".$username."'"; + $sql = "SELECT * FROM ".$this->prefix."usr where LOWER(username) = '".$username."'"; $res = $db->query($sql); $val = $db->fetchRow($res); $db->close(); @@ -295,17 +297,9 @@ class MaharaAuthPlugin extends AuthPlugin { switch ($this->dbtype) { case 'mysql': return new DatabaseMysql($this->host,$this->dbuser,$this->dbpass,$this->dbname); - break; - case 'mssql': - return new DatabaseMssql($this->host,$this->dbuser,$this->dbpass,$this->dbname); - break; - case 'oracle': - return new DatabaseOracle($this->host,$this->dbuser,$this->dbpass,$this->dbname); - break; case 'postgres': default: return new DatabasePostgres($this->host,$this->dbuser,$this->dbpass,$this->dbname); - break; } return false; } -- GitLab