[geeklog-cvs] geeklog: Use array notation for DBMS-specific SQL
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat May 30 15:05:36 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/ba16cc1ff181
changeset: 7072:ba16cc1ff181
user: Dirk Haun <dirk at haun-online.de>
date: Sat May 30 21:03:23 2009 +0200
description:
Use array notation for DBMS-specific SQL
diffstat:
system/lib-security.php | 24 ++++++++----------------
1 files changed, 8 insertions(+), 16 deletions(-)
diffs (50 lines):
diff -r 67394698de67 -r ba16cc1ff181 system/lib-security.php
--- a/system/lib-security.php Sat May 30 15:18:51 2009 +0200
+++ b/system/lib-security.php Sat May 30 21:03:23 2009 +0200
@@ -1092,17 +1092,12 @@
/* Generate the token */
$token = md5($_USER['uid'].$pageURL.uniqid (rand (), 1));
$pageURL = addslashes($pageURL);
-
+
/* Destroy exired tokens: */
- if($_DB_dbms == 'mssql') {
- $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW())"
- . " AND (ttl > 0)";
- } else {
- $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
- . " AND (ttl > 0)";
- }
+ $sql['mssql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW()) AND (ttl > 0)";
+ $sql['mysql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND (ttl > 0)";
DB_query($sql);
-
+
/* Destroy tokens for this user/url combination */
$sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id={$_USER['uid']} AND urlfor='$pageURL'";
DB_query($sql);
@@ -1140,20 +1135,17 @@
$token = COM_applyFilter($_POST[CSRF_TOKEN]);
}
- if(trim($token) != '') {
- if($_DB_dbms != 'mssql') {
- $sql = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
- . "{$_TABLES['tokens']} WHERE token='$token'";
- } else {
- $sql = "SELECT owner_id, urlfor, expired =
+ if (trim($token) != '') {
+ $sql['mysql'] = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM {$_TABLES['tokens']} WHERE token='$token'";
+ $sql['mssql'] = "SELECT owner_id, urlfor, expired =
CASE
WHEN (DATEADD(s,ttl,created) < getUTCDate()) AND (ttl>0) THEN 1
ELSE 0
END
FROM {$_TABLES['tokens']} WHERE token='$token'";
- }
$tokens = DB_query($sql);
+
$numberOfTokens = DB_numRows($tokens);
if($numberOfTokens != 1) {
$return = false; // none, or multiple tokens. Both are invalid. (token is unique key...)
More information about the geeklog-cvs
mailing list