From 2196a0577b29dcec1ba4d2c32be10fa5f0e91034 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 26 Nov 2017 14:55:47 -0500 Subject: [PATCH] Remove unused upubkey and uprvkey from queries - Switched queries to new dba::* functions --- include/auth.php | 40 +++++++++++++++++++++++++++------------- include/security.php | 2 +- mod/openid.php | 3 ++- mod/settings.php | 4 ++-- src/Model/User.php | 11 +++++------ src/Worker/Delivery.php | 2 +- src/Worker/Notifier.php | 4 ++-- src/Worker/Queue.php | 26 +++++++++----------------- 8 files changed, 49 insertions(+), 43 deletions(-) diff --git a/include/auth.php b/include/auth.php index 181ba71a62..5da71ef6e1 100644 --- a/include/auth.php +++ b/include/auth.php @@ -13,13 +13,21 @@ require_once 'include/datetime.php'; if (isset($_COOKIE["Friendica"])) { $data = json_decode($_COOKIE["Friendica"]); if (isset($data->uid)) { - $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `uid` = %d AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified` LIMIT 1", - intval($data->uid) + + $user = dba::select('user', + [], + [ + 'uid' => intval($data->uid), + 'blocked' => 0, + 'account_expired' => 0, + 'account_removed' => 0, + 'verified' => 1, + ], + ['limit' => 1] ); - if ($r) { - if ($data->hash != cookie_hash($r[0])) { + if (DBM::is_result($user)) { + if ($data->hash != cookie_hash($user)) { logger("Hash for user " . $data->uid . " doesn't fit."); nuke_session(); goaway(System::baseUrl()); @@ -29,11 +37,11 @@ if (isset($_COOKIE["Friendica"])) { // Expires after 7 days by default, // can be set via system.auth_cookie_lifetime $authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7); - new_cookie($authcookiedays * 24 * 60 * 60, $r[0]); + new_cookie($authcookiedays * 24 * 60 * 60, $user); // Do the authentification if not done by now if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) { - authenticate_success($r[0]); + authenticate_success($user); if (Config::get('system', 'paranoia')) { $_SESSION['addr'] = $data->ip; @@ -75,12 +83,18 @@ if (isset($_SESSION) && x($_SESSION, 'authenticated') && (!x($_POST, 'auth-param goaway(System::baseUrl()); } - $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `uid` = %d AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified` LIMIT 1", - intval($_SESSION['uid']) + $user = dba::select('user', + [], + [ + 'uid' => intval($_SESSION['uid']), + 'blocked' => 0, + 'account_expired' => 0, + 'account_removed' => 0, + 'verified' => 1, + ], + ['limit' => 1] ); - - if (!DBM::is_result($r)) { + if (!DBM::is_result($user)) { nuke_session(); goaway(System::baseUrl()); } @@ -95,7 +109,7 @@ if (isset($_SESSION) && x($_SESSION, 'authenticated') && (!x($_POST, 'auth-param $_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC'); $login_refresh = true; } - authenticate_success($r[0], false, false, $login_refresh); + authenticate_success($user, false, false, $login_refresh); } } else { session_unset(); diff --git a/include/security.php b/include/security.php index 18793ce060..6f6ef94b69 100644 --- a/include/security.php +++ b/include/security.php @@ -15,7 +15,7 @@ use Friendica\Database\DBM; */ function cookie_hash($user) { return(hash("sha256", Config::get("system", "site_prvkey"). - $user["uprvkey"]. + $user["prvkey"]. $user["password"])); } diff --git a/mod/openid.php b/mod/openid.php index 45b80638d5..613cd222f6 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -33,7 +33,8 @@ function openid_content(App $a) { // mod/settings.php in 8367cad so it might have left mixed // records in the user table // - $r = q("SELECT *, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user` + $r = q("SELECT * + FROM `user` WHERE ( `openid` = '%s' OR `openid` = '%s' ) AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 diff --git a/mod/settings.php b/mod/settings.php index 7628f77825..8ad82b023d 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -506,14 +506,14 @@ function settings_post(App $a) { } // check the email is valid if (!valid_email($email)) { - $err .= t(' Not valid email.'); + $err .= t('Invalid email.'); } // ensure new email is not the admin mail //if ((x($a->config, 'admin_email')) && (strcasecmp($email, $a->config['admin_email']) == 0)) { if (x($a->config, 'admin_email')) { $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); if (in_array(strtolower($email), $adminlist)) { - $err .= t(' Cannot change to that email.'); + $err .= t('Cannot change to that email.'); $email = $a->user['email']; } } diff --git a/src/Model/User.php b/src/Model/User.php index a7f59b6a3d..87663dbe5f 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -78,21 +78,20 @@ class User logger('Removing user: ' . $uid); - $r = dba::select('user', array(), array('uid' => $uid), array("limit" => 1)); + $user = dba::select('user', [], ['uid' => $uid], ['limit' => 1]); - call_hooks('remove_user', $r); + call_hooks('remove_user', $user); // save username (actually the nickname as it is guaranteed // unique), so it cannot be re-registered in the future. - - dba::insert('userd', array('username' => $r['nickname'])); + dba::insert('userd', ['username' => $user['nickname']]); // The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php) - q("UPDATE `user` SET `account_removed` = 1, `account_expires_on` = UTC_TIMESTAMP() WHERE `uid` = %d", intval($uid)); + dba::update('user', ['account_removed' => 1, 'account_expires_on' => datetime_convert()], ['uid' => intval($uid)]); Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid); // Send an update to the directory - Worker::add(PRIORITY_LOW, "Directory", $r['url']); + Worker::add(PRIORITY_LOW, "Directory", $user['url']); if ($uid == local_user()) { unset($_SESSION['authenticated']); diff --git a/src/Worker/Delivery.php b/src/Worker/Delivery.php index 216d2520d9..c47e98287b 100644 --- a/src/Worker/Delivery.php +++ b/src/Worker/Delivery.php @@ -140,7 +140,7 @@ class Delivery { } } - $r = q("SELECT `contact`.*, `user`.`pubkey` AS `upubkey`, `user`.`prvkey` AS `uprvkey`, + $r = q("SELECT `contact`.*, `user`.`prvkey` AS `uprvkey`, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`, `user`.`page-flags`, `user`.`account-type`, `user`.`prvnets` FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid` diff --git a/src/Worker/Notifier.php b/src/Worker/Notifier.php index ac8cf123c5..b261b32fc0 100644 --- a/src/Worker/Notifier.php +++ b/src/Worker/Notifier.php @@ -108,7 +108,7 @@ class Notifier { $recipients[] = $suggest[0]['cid']; $item = $suggest[0]; } elseif ($cmd === 'removeme') { - $r = q("SELECT `contact`.*, `user`.`pubkey` AS `upubkey`, `user`.`prvkey` AS `uprvkey`, + $r = q("SELECT `contact`.*, `user`.`prvkey` AS `uprvkey`, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`, `user`.`page-flags`, `user`.`prvnets`, `user`.`account-type`, `user`.`guid` FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid` @@ -173,7 +173,7 @@ class Notifier { } - $r = q("SELECT `contact`.*, `user`.`pubkey` AS `upubkey`, `user`.`prvkey` AS `uprvkey`, + $r = q("SELECT `contact`.*, `user`.`prvkey` AS `uprvkey`, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`, `user`.`page-flags`, `user`.`prvnets`, `user`.`account-type` FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid` diff --git a/src/Worker/Queue.php b/src/Worker/Queue.php index 73726098e9..f09def003d 100644 --- a/src/Worker/Queue.php +++ b/src/Worker/Queue.php @@ -80,33 +80,29 @@ class Queue $q_item = $r[0]; - $c = q( - "SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($q_item['cid']) - ); - - if (!DBM::is_result($c)) { + $contact = dba::select('contact', [], ['id' => intval($q_item['cid'])], ['limit' => 1]); + if (!DBM::is_result($contact)) { remove_queue_item($q_item['id']); return; } - $dead = Cache::get($cachekey_deadguy . $c[0]['notify']); + $dead = Cache::get($cachekey_deadguy . $contact['notify']); if (!is_null($dead) && $dead) { - logger('queue: skipping known dead url: ' . $c[0]['notify']); + logger('queue: skipping known dead url: ' . $contact['notify']); update_queue_time($q_item['id']); return; } - $server = PortableContact::detectServer($c[0]['url']); + $server = PortableContact::detectServer($contact['url']); if ($server != "") { $vital = Cache::get($cachekey_server . $server); if (is_null($vital)) { - logger("Check server " . $server . " (" . $c[0]["network"] . ")"); + logger("Check server " . $server . " (" . $contact["network"] . ")"); - $vital = PortableContact::checkServer($server, $c[0]["network"], true); + $vital = PortableContact::checkServer($server, $contact["network"], true); Cache::set($cachekey_server . $server, $vital, CACHE_QUARTER_HOUR); } @@ -117,12 +113,8 @@ class Queue } } - $u = q( - "SELECT `user`.*, `user`.`pubkey` AS `upubkey`, `user`.`prvkey` AS `uprvkey` - FROM `user` WHERE `uid` = %d LIMIT 1", - intval($c[0]['uid']) - ); - if (!DBM::is_result($u)) { + $user = dba::select('user', [], ['uid' => intval($contact['uid'])], ['limit' => 1]); + if (!DBM::is_result($user)) { remove_queue_item($q_item['id']); return; }