New API function to get User Id by cookie string

By calling user_get_id_by_cookie(), we avoid code duplication in authentication API, replacing 4 specific SQL statements against the user table. Fixes #28002
mantisbt · Mar 6, 2021 · 65ebd29 · 65ebd29
1 parent 7d532d6
commit 65ebd29
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 39 deletions.
diff --git a/core/authentication_api.php b/core/authentication_api.php
@@ -935,17 +935,7 @@ function auth_generate_unique_cookie_string() {
  * @throws ClientException
  */
 function auth_is_cookie_string_unique( $p_cookie_string ) {
-	db_param_push();
-	$t_query = 'SELECT COUNT(*) FROM {user} WHERE cookie_string=' . db_param();
-	$t_result = db_query( $t_query, array( $p_cookie_string ) );
-
-	$t_count = db_result( $t_result );
-
-	if( $t_count > 0 ) {
-		return false;
-	} else {
-		return true;
-	}
+	return false === user_get_id_by_cookie( $p_cookie_string );
 }
 
 /**
@@ -1108,17 +1098,7 @@ function auth_is_cookie_valid( $p_cookie_string ) {
 	}
 
 	# look up cookie in the database to see if it is valid
-	db_param_push();
-	$t_query = 'SELECT * FROM {user} WHERE cookie_string=' . db_param();
-	$t_result = db_query( $t_query, array( $p_cookie_string ) );
-
-	# return true if a matching cookie was found
-	if( 1 == db_num_rows( $t_result ) ) {
-		user_cache_database_result( db_fetch_array( $t_result ) );
-		return true;
-	} else {
-		return false;
-	}
+	return false !== user_get_id_by_cookie( $p_cookie_string );
 }
 
 /**
@@ -1145,15 +1125,11 @@ function auth_get_current_user_id() {
 	}
 
 	# @todo error with an error saying they aren't logged in? Or redirect to the login page maybe?
-	db_param_push();
-	$t_query = 'SELECT id FROM {user} WHERE cookie_string=' . db_param();
-	$t_result = db_query( $t_query, array( $t_cookie_string ) );
-
-	$t_user_id = (int)db_result( $t_result );
+	$t_user_id = user_get_id_by_cookie( $t_cookie_string );
 
 	# The cookie was invalid. Clear the cookie (to allow people to log in again)
 	# and give them an Access Denied message.
-	if( !$t_user_id ) {
+	if( $t_user_id === false ) {
 		auth_clear_cookies();
 		access_denied();
 		exit();
@@ -1174,17 +1150,7 @@ function auth_get_current_user_id() {
  * @throws ClientException
  */
 function auth_user_id_from_cookie( $p_cookie_string ) {
-	if( $t_result = user_search_cache( 'cookie_string', $p_cookie_string ) ) {
-		return (int)$t_result['id'];
-	}
-
-	db_param_push();
-	$t_query = 'SELECT id FROM {user} WHERE cookie_string=' . db_param();
-	$t_result = db_query( $t_query, array( $p_cookie_string ) );
-
-	$t_user_id = (int)db_result( $t_result );
-
-	return $t_user_id ? $t_user_id : false;
+	return user_get_id_by_cookie( $p_cookie_string );
 }
 
 /**

diff --git a/core/user_api.php b/core/user_api.php
@@ -807,6 +807,42 @@ function user_get_id_by_realname( $p_realname, $p_throw = false ) {
 	return (int)$t_row['id'];
 }
 
+/**
+ * Get a user id from their cookie string
+ *
+ * @param string  $p_cookie_string The cookie string to retrieve data for.
+ * @param boolean $p_throw         true to throw if not found, false otherwise.
+ *
+ * @return int|false User Id, false if cookie string not found
+ *
+ * @throws ClientException
+ */
+function user_get_id_by_cookie( $p_cookie_string, $p_throw = false ) {
+	if( $t_user = user_search_cache( 'cookie_string', $p_cookie_string ) ) {
+		return (int)$t_user['id'];
+	}
+
+	db_param_push();
+	$t_query = 'SELECT * FROM {user} WHERE cookie_string=' . db_param();
+	$t_result = db_query( $t_query, array( $p_cookie_string ) );
+
+	$t_row = db_fetch_array( $t_result );
+
+	if( !$t_row ) {
+		if( $p_throw ) {
+			throw new ClientException(
+				"User Cookie String '$p_cookie_string' not found",
+				ERROR_USER_BY_NAME_NOT_FOUND,
+				array( $p_cookie_string )
+			);
+		}
+		return false;
+	}
+
+	user_cache_database_result( $t_row );
+	return (int)$t_row['id'];
+}
+
 /**
  * Get a user id given an array that may have id, name, real_name, email, or name_or_realname.
  *