[geeklog-cvs] geeklog: security
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Jan 26 15:53:45 EST 2010
changeset 7636:bbe74acb618e
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/bbe74acb618e
user: stan <yankees26an at gmail.com>
date: Sat Jul 18 12:59:09 2009 -0400
description:
security
diffstat:
system/lib-security.php | 28 ++++++++++++++++------------
1 files changed, 16 insertions(+), 12 deletions(-)
diffs (77 lines):
diff -r e632cea6afac -r bbe74acb618e system/lib-security.php
--- a/system/lib-security.php Fri Jul 17 19:47:17 2009 -0400
+++ b/system/lib-security.php Sat Jul 18 12:59:09 2009 -0400
@@ -116,26 +116,29 @@
return $groups;
}
- $A = DB_fetchArray($result);
$nrows = DB_numRows($result);
+
if ($_SEC_VERBOSE) {
COM_errorLog("got $nrows rows",1);
}
while ($nrows > 0) {
$cgroups = array();
+
for ($i = 1; $i <= $nrows; $i++) {
+ $A = DB_fetchArray($result);
+
if ($_SEC_VERBOSE) {
COM_errorLog('user is in group ' . $A['grp_name'],1);
}
- if (!in_array($A['ug_main_grp_id'][$i-1], $groups)) {
- array_push($cgroups, $A['ug_main_grp_id'][$i-1]);
+ if (!in_array($A['ug_main_grp_id'], $groups)) {
+ array_push($cgroups, $A['ug_main_grp_id']);
$groups[$A['grp_name']] = $A['ug_main_grp_id'];
}
}
if (sizeof ($cgroups) > 0) {
- $glist = implode(',', $cgroups);
+ $glist = join(',', $cgroups);
$result = DB_query("SELECT ug_main_grp_id,grp_name FROM {$_TABLES["group_assignments"]},{$_TABLES["groups"]}"
. " WHERE grp_id = ug_main_grp_id AND ug_grp_id IN ($glist)",1);
$nrows = DB_numRows($result);
@@ -1091,13 +1094,12 @@
$pageURL = addslashes($pageURL);
/* Destroy exired tokens: */
- if($_DB_dbms == 'mssql') {
- $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW())"
+ $sql['mssql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW())"
. " AND (ttl > 0)";
- } else {
- $sql = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
+ $sql['mysql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())"
. " AND (ttl > 0)";
- }
+ $sql['pgsql'] = "DELETE FROM {$_TABLES['tokens']} WHERE ROUND(EXTRACT(EPOCH FROM ABSTIME(created)))::int4 + (SELECT ttl from tokens LIMIT 1) < ROUND(EXTRACT(EPOCH FROM ABSTIME(NOW())))::int4"
+ . " AND (ttl > 0)";
DB_query($sql);
/* Destroy tokens for this user/url combination */
@@ -1139,16 +1141,18 @@
if(trim($token) != '') {
if($_DB_dbms != 'mssql') {
- $sql = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
+ $sql['mysql'] = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM "
+ . "{$_TABLES['tokens']} WHERE token='$token'";
+ $sql['pgsql'] = "SELECT ((ROUND(EXTRACT(EPOCH FROM ABSTIME(created))) + (SELECT ttl from tokens LIMIT 1)) < ROUND(EXTRACT(EPOCH FROM ABSTIME(NOW()))) AND ttl > 0) as expired, owner_id, urlfor FROM "
. "{$_TABLES['tokens']} WHERE token='$token'";
} else {
- $sql = "SELECT owner_id, urlfor, expired =
+ $sql['mssql'] = "SELECT owner_id, urlfor, expired =
CASE
WHEN (DATEADD(s,ttl,created) < getUTCDate()) AND (ttl>0) THEN 1
ELSE 0
END
- FROM {$_TABLES['tokens']} WHERE token='$token'";
+ FROM {$_TABLES['tokens']} WHERE token='$token'";
}
$tokens = DB_query($sql);
$numberOfTokens = DB_numRows($tokens);
More information about the geeklog-cvs
mailing list