Permalink
Browse files

Merge 2 queries in SignupAction

- Avoid INSERT + UDPATE, also using randomizing in PHP so that
  we don't depend on MySQL specifics.
  Using a random sha1 hash instead of a double-field with MySQL RAND()
  (Makes users table no longer backwards compatible with v0.2.0)

- Making all users table columns required, except for `email` and `request`
  • Loading branch information...
1 parent 076edf3 commit 2ab7f7022ff9b92cff695749296e8367c0af00d6 @Krinkle Krinkle committed Mar 31, 2012
Showing with 20 additions and 24 deletions.
  1. +5 −5 config/testswarm.sql
  2. +3 −3 inc/actions/LoginAction.php
  3. +12 −16 inc/actions/SignupAction.php
View
@@ -112,14 +112,14 @@ CREATE TABLE `useragents` (
CREATE TABLE `users` (
`id` int(11) NOT NULL auto_increment,
- `name` varchar(255) NOT NULL default '',
+ `name` varchar(255) NOT NULL,
`updated` binary(14) NOT NULL default '19700101000000',
`created` binary(14) NOT NULL default '19700101000000',
- `seed` double NOT NULL default '0',
- `password` varchar(40) NOT NULL default '',
- `auth` varchar(40) NOT NULL default '',
+ `seed` varchar(40) NOT NULL,
+ `password` varchar(40) NOT NULL,
+ `auth` varchar(40) NOT NULL,
`email` varchar(255) NOT NULL default '',
- `request` mediumtext NOT NULL,
+ `request` mediumtext NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@@ -31,17 +31,17 @@ public function doAction() {
return;
}
- $result = mysql_queryf(
+ $res = $db->query(str_queryf(
"SELECT id
FROM users
WHERE name = %s
AND password = SHA1(CONCAT(seed, %s))
LIMIT 1;",
$username,
$password
- );
+ ));
- if ( mysql_num_rows( $result ) > 0 ) {
+ if ( $res && $db->getNumRows( $res ) > 0 ) {
// Start logged-in session
$request->setSessionData( "username", $username );
$request->setSessionData( "auth", "yes" );
@@ -50,26 +50,22 @@ public function doAction() {
return;
}
+ // Random between 1,000,000,000 and 9,999,999,999
+ $seedHash = sha1( mt_rand( 1000000000, 9999999999 ) );
+ $passwordHash = sha1( $seedHash . $password );
+ $authTokenHash = sha1( mt_rand( 1000000000, 9999999999 ) );
+
// Create the user
$db->query(str_queryf(
- "INSERT INTO users (name, created, seed) VALUES(%s, %s, RAND());",
+ "INSERT INTO users
+ (name, updated, created, seed, password, auth)
+ VALUES(%s, %s, %s, %s, %s, %s);",
$username,
- swarmdb_dateformat( SWARM_NOW )
- ));
- $userID = $db->getInsertId();
-
- $db->query(str_queryf(
- "UPDATE
- users
- SET
- updated = %s,
- password = SHA1(CONCAT(seed, %s)),
- auth = SHA1(RAND())
- WHERE id = %u
- LIMIT 1;",
swarmdb_dateformat( SWARM_NOW ),
- $password,
- $userID
+ swarmdb_dateformat( SWARM_NOW ),
+ $seedHash,
+ $passwordHash,
+ $authTokenHash
));
$request->setSessionData( "username", $username );

0 comments on commit 2ab7f70

Please sign in to comment.