Commit e6ecdcc8 authored by Dan McGee's avatar Dan McGee Committed by Lukas Fleischer
Browse files

Require DB handle for most user account functions



This affects login the most, where we save about 4 calls to db_connect()
by passing a single handle into functions where necessary.

Signed-off-by: default avatarDan McGee <dan@archlinux.org>
Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 8dc7b379
......@@ -17,9 +17,8 @@ if (isset($_COOKIE["AURSID"])) {
# setting expiration to 1 means '1 second after midnight January 1, 1970'
setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
unset($_COOKIE['AURSID']);
clear_expired_sessions($dbh);
}
clear_expired_sessions();
header('Location: index.php');
......@@ -171,14 +171,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# error check and process request for a new/modified account
global $SUPPORTED_LANGS;
$dbh = db_connect();
if(isset($_COOKIE['AURSID'])) {
$editor_user = uid_from_sid($_COOKIE['AURSID']);
$editor_user = uid_from_sid($_COOKIE['AURSID'], $dbh);
}
else {
$editor_user = null;
}
$dbh = db_connect();
$error = "";
if (empty($E) || empty($U)) {
$error = __("Missing a required field.");
......@@ -196,7 +197,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
}
}
if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
if (!$error && !valid_username($U) && !user_is_privileged($editor_user, $dbh))
$error = __("The username is invalid.") . "<ul>\n"
."<li>" . __("It must be between %s and %s characters long",
USERNAME_MIN_LEN, USERNAME_MAX_LEN )
......@@ -592,21 +593,20 @@ function try_login() {
$userID = null;
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
$dbh = db_connect();
$userID = valid_user($_REQUEST['user'], $dbh);
$userID = valid_user($_REQUEST['user']);
if ( user_suspended( $userID ) ) {
if ( user_suspended($userID, $dbh) ) {
$login_error = "Account Suspended.";
}
elseif ( $userID && isset($_REQUEST['passwd'])
&& valid_passwd($userID, $_REQUEST['passwd']) ) {
&& valid_passwd($userID, $_REQUEST['passwd'], $dbh) ) {
$logged_in = 0;
$num_tries = 0;
# Account looks good. Generate a SID and store it.
$dbh = db_connect();
while (!$logged_in && $num_tries < 5) {
if ($MAX_SESSIONS_PER_USER) {
# Delete all user sessions except the
......@@ -704,11 +704,10 @@ function valid_username( $user )
* Checks if the username is valid and if it exists in the database
* Returns the username ID or nothing
*/
function valid_user( $user )
function valid_user( $user, $dbh )
{
/* if ( $user = valid_username($user) ) { */
if ( $user ) {
$dbh = db_connect();
$q = "SELECT ID FROM Users WHERE Username = '"
. mysql_real_escape_string($user). "'";
......@@ -733,11 +732,9 @@ function good_passwd( $passwd )
/* Verifies that the password is correct for the userID specified.
* Returns true or false
*/
function valid_passwd( $userID, $passwd )
function valid_passwd( $userID, $passwd, $dbh )
{
if ( strlen($passwd) > 0 ) {
$dbh = db_connect();
# get salt for this user
$salt = get_salt($userID);
if ($salt) {
......@@ -778,12 +775,11 @@ function valid_passwd( $userID, $passwd )
/*
* Is the user account suspended?
*/
function user_suspended( $id )
function user_suspended( $id, $dbh )
{
if (!$id) {
return false;
}
$dbh = db_connect();
$q = "SELECT Suspended FROM Users WHERE ID = " . $id;
$result = db_query($q, $dbh);
if ($result) {
......@@ -798,9 +794,8 @@ function user_suspended( $id )
/*
* This should be expanded to return something
*/
function user_delete( $id )
function user_delete( $id, $dbh )
{
$dbh = db_connect();
$q = "DELETE FROM Users WHERE ID = " . $id;
db_query($q, $dbh);
return;
......@@ -810,9 +805,8 @@ function user_delete( $id )
* A different way of determining a user's privileges
* rather than account_from_sid()
*/
function user_is_privileged( $id )
function user_is_privileged( $id, $dbh )
{
$dbh = db_connect();
$q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
$result = db_query($q, $dbh);
if ($result) {
......@@ -826,13 +820,9 @@ function user_is_privileged( $id )
}
# Clear out old expired sessions.
function clear_expired_sessions($dbh = null) {
function clear_expired_sessions( $dbh ) {
global $LOGIN_TIMEOUT;
if (empty($dbh)) {
$dbh = db_connect();
}
$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)";
db_query($q, $dbh);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment