DB expression help

voidet · May 2, 2010 · 2c68366 · 2c68366
1 parent af65659
commit 2c68366
Showing 1 changed file with 22 additions and 13 deletions.
diff --git a/models/behaviors/grey_tables.php b/models/behaviors/grey_tables.php
@@ -1,7 +1,7 @@
 <?php
 
 	class GreyTablesBehavior extends ModelBehavior {
-		
+
 		function setup(&$model, $settings = array()) {
 			$default = array(
 				'field' => 'salt',
@@ -15,7 +15,7 @@ function setup(&$model, $settings = array()) {
 
 			$this->settings[$model->name] = array_merge($this->settings[$model->name], ife(is_array($settings), $settings, array()));
 		}
-		
+
 		function beforeFind(&$model, $queryData) {
 			if(!empty($queryData['conditions'][$model->name.'.'.$this->settings[$model->name]['password']]) && !empty($queryData['conditions'][$model->name.'.'.$this->settings[$model->name]['username']]) && (empty($queryData['conditions']['avoidRecursion']) || $queryData['conditions']['avoidRecursion'] !== true)) {
 				$user_id = $this->findSaltedUser($model, $queryData['conditions']);
@@ -26,32 +26,41 @@ function beforeFind(&$model, $queryData) {
 			}
 			return $queryData;
 		}
-		
+
 		function beforeSave(&$model) {
 			if (empty($this->id) && !empty($model->data[$model->name])) {
 				$data = &$model->data[$model->name];
 				$data[$this->settings[$model->name]['password']] = $this->generateSaltedPassword($data[$this->settings[$model->name]['password']], $data[$this->settings[$model->name]['field']]);
 			}
 			return parent::beforeSave(&$model);
 		}
-		
+
 		function generateSaltedPassword($password = '', $saltString) {
 			if (!empty($password)) {
 				return Security::hash($password.$saltString, null, false);
 			}
 		}
-		
+
 		function findSaltedUser(&$model, $fields = array()) {
 			if (!empty($fields)) {
 
 				$db =& $model->getDataSource();
-				$saltQuery = $db->expression(sprintf(
-					'`'.$model->name.'`.%s = SHA1(CONCAT(%s, `%s`))', $db->name($this->settings[$model->name]['password']),
-					$db->value($fields[$model->name.'.'.$this->settings[$model->name]['password']]),
-					addslashes($this->settings[$model->name]['field'])
+				$passwordField
+				$passwordExpression = $db->expression(sprintf('SHA1(CONCAT(%s, %s))',
+					$db->name($this->settings[$model->name]['password']),
+					$db->name($this->settings[$model->name]['field']),
 				));
-
-				$user_id = $model->find('first', array('conditions' => array($model->name.'.'.$this->settings[$model->name][$this->settings[$model->name]['username']] => $fields[$model->name.'.'.$this->settings[$model->name][$this->settings[$model->name]['username']]], $saltQuery), 'fields' => array('id'), 'recursive' => -1, 'avoidRecursion' => true));
+
+				$user_id = $model->find('first', array(
+						'conditions' => array(
+							$model->name.'.'.$this->settings[$model->name][$this->settings[$model->name]['username']] => $fields[$model->name.'.'.$this->settings[$model->name][$this->settings[$model->name]['username']]],
+							$model->name . '.' . $this->settings[$model->name]['password'] = $passwordExpression
+						),
+						'fields' => array(
+							'id'),
+						'recursive' => -1,
+						'avoidRecursion' => true)
+				);
 
 				if (!empty($user_id)) {
 					$fields[$model->name.'.id'] = $user_id[$model->name]['id'];
@@ -60,7 +69,7 @@ function findSaltedUser(&$model, $fields = array()) {
 			}
 			return $fields;
 		}
-		
+
 		function hashPasswords(&$data, $alias) {
 			if (isset($data[$alias]['password'])) {
 				$model->data = $data;
@@ -70,7 +79,7 @@ function hashPasswords(&$data, $alias) {
 			}
 			return $data;
 		}
-		
+
 	}
 
 ?>