[geeklog-cvs] geeklog: Use array notation for DBMS-specific SQL

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sat May 30 15:05:36 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/ba16cc1ff181
changeset: 7072:ba16cc1ff181
user:      Dirk Haun <dirk at haun-online.de>
date:      Sat May 30 21:03:23 2009 +0200
description:
Use array notation for DBMS-specific SQL

diffstat:

 system/lib-security.php |  24 ++++++++----------------
 1 files changed, 8 insertions(+), 16 deletions(-)

diffs (50 lines):

diff -r 67394698de67 -r ba16cc1ff181 system/lib-security.php
--- a/system/lib-security.php	Sat May 30 15:18:51 2009 +0200
+++ b/system/lib-security.php	Sat May 30 21:03:23 2009 +0200
@@ -1092,17 +1092,12 @@
     /* Generate the token */
     $token = md5($_USER['uid'].$pageURL.uniqid (rand (), 1));
     $pageURL = addslashes($pageURL);
-    
+
     /* Destroy exired tokens: */
-    if($_DB_dbms == 'mssql') {
-        $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW())"
-           . " AND (ttl > 0)";
-    } else {
-        $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
-           . " AND (ttl > 0)";
-    }
+    $sql['mssql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW()) AND (ttl > 0)";
+    $sql['mysql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND (ttl > 0)";
     DB_query($sql);
-    
+
     /* Destroy tokens for this user/url combination */
     $sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id={$_USER['uid']} AND urlfor='$pageURL'";
     DB_query($sql);
@@ -1140,20 +1135,17 @@
         $token = COM_applyFilter($_POST[CSRF_TOKEN]);
     }
     
-    if(trim($token) != '') {
-        if($_DB_dbms != 'mssql') {
-            $sql = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
-               . "{$_TABLES['tokens']} WHERE token='$token'";
-        } else {
-            $sql = "SELECT owner_id, urlfor, expired = 
+    if (trim($token) != '') {
+        $sql['mysql'] = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM {$_TABLES['tokens']} WHERE token='$token'";
+        $sql['mssql'] = "SELECT owner_id, urlfor, expired = 
                       CASE 
                          WHEN (DATEADD(s,ttl,created) < getUTCDate()) AND (ttl>0) THEN 1
                 
                          ELSE 0
                       END
                     FROM {$_TABLES['tokens']} WHERE token='$token'";
-        }
         $tokens = DB_query($sql);
+
         $numberOfTokens = DB_numRows($tokens);
         if($numberOfTokens != 1) {
             $return = false; // none, or multiple tokens. Both are invalid. (token is unique key...)

More information about the geeklog-cvs mailing list