From 27111047be40927230a6a06ce7fea21528dd7ada Mon Sep 17 00:00:00 2001 From: xevidos Date: Mon, 4 Feb 2019 17:35:54 -0500 Subject: [PATCH] Removed grave character from queries --- common.php | 14 ++-- components/install/process.php | 122 ++++++++++++++++----------------- components/update/update.php | 74 ++++++++++---------- 3 files changed, 105 insertions(+), 105 deletions(-) diff --git a/common.php b/common.php index 2d0a1d5..f7036b9 100755 --- a/common.php +++ b/common.php @@ -124,7 +124,7 @@ class Common { public static function check_project_access( $project_path, $action ) { global $sql; - $query = "SELECT * FROM `projects` WHERE `name`=? AND `path`=? AND ( `owner`=? OR `owner`='nobody' );"; + $query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );"; $bind_variables = array( $project_name, $project_path, $_SESSION["user"] ); $return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking project access." ) ); @@ -156,13 +156,13 @@ class Common { public static function get_users( $return = "return", $exclude_current = false ) { global $sql; - $query = "SELECT `username` FROM `users`"; + $query = "SELECT username FROM users"; $bind = ""; $bind_variables = array(); if( $exclude_current ) { - $query .= " WHERE `username`!=?"; + $query .= " WHERE username!=?"; $bind .= "s"; array_push( $bind_variables, $_SESSION["user"] ); } @@ -199,7 +199,7 @@ class Common { public static function is_admin() { global $sql; - $query = "SELECT COUNT( * ) FROM `users` WHERE `username`=? AND `access`=?;"; + $query = "SELECT COUNT( * ) FROM users WHERE username=? AND access=?;"; $bind_variables = array( $_SESSION["user"], "admin" ); $return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking user acess." ), 'fetchColumn' ); @@ -217,7 +217,7 @@ class Common { if( isset( $_SESSION["user"] ) ) { global $sql; - $query = "UPDATE `users` SET `token`=? WHERE `username`=?;"; + $query = "UPDATE users SET token=? WHERE username=?;"; $bind_variables = array( null, $_SESSION["user"] ); $return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error updating user information." ), 'fetchColumn' ); @@ -468,8 +468,8 @@ class Common { if( isset( $_SESSION["token"] ) && isset( $_SESSION["user"] ) ) { global $sql; - $query = "SELECT COUNT( * ) FROM `users` WHERE `username`=? AND `token`=SHA1( ? );"; - $bind_variables = array( $_SESSION["user"], $_SESSION["token"] ); + $query = "SELECT COUNT( * ) FROM users WHERE username=? AND token=?;"; + $bind_variables = array( $_SESSION["user"], sha1( $_SESSION["token"] ) ); $return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking access." ), "fetchColumn" ); if( $return > 0 ) { diff --git a/components/install/process.php b/components/install/process.php index a4a708a..618014f 100755 --- a/components/install/process.php +++ b/components/install/process.php @@ -117,63 +117,63 @@ SET time_zone = '+00:00'; /*!40101 SET NAMES utf8mb4 */; -- --- Database: `code_test` +-- Database: code_test -- -- -------------------------------------------------------- -- --- Table structure for table `options` +-- Table structure for table options -- -CREATE TABLE IF NOT EXISTS `options` ( - `id` int(11) NOT NULL, - `name` varchar(255) NOT NULL, - `value` text NOT NULL +CREATE TABLE IF NOT EXISTS options ( + id int(11) NOT NULL, + name varchar(255) NOT NULL, + value text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- --- Table structure for table `projects` +-- Table structure for table projects -- -CREATE TABLE IF NOT EXISTS `projects` ( - `id` int(11) NOT NULL, - `name` varchar(255) NOT NULL, - `path` varchar(255) NOT NULL, - `owner` varchar(255) NOT NULL, - `access` text +CREATE TABLE IF NOT EXISTS projects ( + id int(11) NOT NULL, + name varchar(255) NOT NULL, + path varchar(255) NOT NULL, + owner varchar(255) NOT NULL, + access text ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- --- Table structure for table `users` +-- Table structure for table users -- -CREATE TABLE IF NOT EXISTS `users` ( - `id` int(11) NOT NULL, - `first_name` varchar(255) DEFAULT NULL, - `last_name` varchar(255) DEFAULT NULL, - `username` varchar(255) NOT NULL, - `password` text NOT NULL, - `email` varchar(255) DEFAULT NULL, - `project` varchar(255) DEFAULT NULL, - `access` varchar(255) NOT NULL, - `groups` text, - `token` text +CREATE TABLE IF NOT EXISTS users ( + id int(11) NOT NULL, + first_name varchar(255) DEFAULT NULL, + last_name varchar(255) DEFAULT NULL, + username varchar(255) NOT NULL, + password text NOT NULL, + email varchar(255) DEFAULT NULL, + project varchar(255) DEFAULT NULL, + access varchar(255) NOT NULL, + groups text, + token text ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- --- Table structure for table `user_options` +-- Table structure for table user_options -- -CREATE TABLE IF NOT EXISTS `user_options` ( - `id` int(11) NOT NULL, - `name` varchar(255) NOT NULL, - `username` varchar(255) NOT NULL, - `value` text NOT NULL +CREATE TABLE IF NOT EXISTS user_options ( + id int(11) NOT NULL, + name varchar(255) NOT NULL, + username varchar(255) NOT NULL, + value text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- @@ -181,57 +181,57 @@ CREATE TABLE IF NOT EXISTS `user_options` ( -- -- --- Indexes for table `options` +-- Indexes for table options -- -ALTER TABLE `options` - ADD PRIMARY KEY (`id`), - ADD UNIQUE KEY `option_name` (`name`); +ALTER TABLE options + ADD PRIMARY KEY (id), + ADD UNIQUE KEY option_name (name); -- --- Indexes for table `projects` +-- Indexes for table projects -- -ALTER TABLE `projects` - ADD PRIMARY KEY (`id`), - ADD UNIQUE KEY `project_path` (`path`,`owner`); +ALTER TABLE projects + ADD PRIMARY KEY (id), + ADD UNIQUE KEY project_path (path,owner); -- --- Indexes for table `users` +-- Indexes for table users -- -ALTER TABLE `users` - ADD PRIMARY KEY (`id`), - ADD UNIQUE KEY `username` (`username`); +ALTER TABLE users + ADD PRIMARY KEY (id), + ADD UNIQUE KEY username (username); -- --- Indexes for table `user_options` +-- Indexes for table user_options -- -ALTER TABLE `user_options` - ADD PRIMARY KEY (`id`), - ADD UNIQUE KEY `option_name` (`name`,`username`); +ALTER TABLE user_options + ADD PRIMARY KEY (id), + ADD UNIQUE KEY option_name (name,username); -- -- AUTO_INCREMENT for dumped tables -- -- --- AUTO_INCREMENT for table `options` +-- AUTO_INCREMENT for table options -- -ALTER TABLE `options` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT; +ALTER TABLE options + MODIFY id int(11) NOT NULL AUTO_INCREMENT; -- --- AUTO_INCREMENT for table `projects` +-- AUTO_INCREMENT for table projects -- -ALTER TABLE `projects` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=41; +ALTER TABLE projects + MODIFY id int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=41; -- --- AUTO_INCREMENT for table `users` +-- AUTO_INCREMENT for table users -- -ALTER TABLE `users` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=79; +ALTER TABLE users + MODIFY id int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=79; -- --- AUTO_INCREMENT for table `user_options` +-- AUTO_INCREMENT for table user_options -- -ALTER TABLE `user_options` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2541; +ALTER TABLE user_options + MODIFY id int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2541; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; @@ -286,7 +286,7 @@ ALTER TABLE `user_options` $project_path, $username ); - $query = "INSERT INTO `projects`(`name`, `path`, `owner`) VALUES (?,?,?);"; + $query = "INSERT INTO projects(name, path, owner) VALUES (?,?,?);"; $statement = $connection->prepare( $query ); $statement->execute( $bind_variables ); @@ -301,7 +301,7 @@ ALTER TABLE `user_options` "", "" ); - $query = "INSERT INTO `users`(`first_name`, `last_name`, `username`, `password`, `email`, `project`, `access`, `groups`, `token`) VALUES (?,?,?,PASSWORD(?),?,?,?,?,?)"; + $query = "INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,PASSWORD(?),?,?,?,?,?)"; $statement = $connection->prepare( $query ); $statement->execute( $bind_variables ); diff --git a/components/update/update.php b/components/update/update.php index f92bc1c..f0aa6b4 100755 --- a/components/update/update.php +++ b/components/update/update.php @@ -262,44 +262,44 @@ class updater { $connection = $sql->connect(); $query = " -CREATE TABLE IF NOT EXISTS `options`( - `id` INT(11) NOT NULL, - `name` VARCHAR(255) NOT NULL, - `value` TEXT NOT NULL +CREATE TABLE IF NOT EXISTS options( + id INT(11) NOT NULL, + name VARCHAR(255) NOT NULL, + value TEXT NOT NULL ); -CREATE TABLE IF NOT EXISTS `projects`( - `id` INT(11) NOT NULL, - `name` VARCHAR(255) NOT NULL, - `path` VARCHAR(255) NOT NULL, - `owner` VARCHAR(255) NOT NULL, - `access` TEXT +CREATE TABLE IF NOT EXISTS projects( + id INT(11) NOT NULL, + name VARCHAR(255) NOT NULL, + path VARCHAR(255) NOT NULL, + owner VARCHAR(255) NOT NULL, + access TEXT ); -CREATE TABLE IF NOT EXISTS `users`( - `id` INT(11) NOT NULL, - `first_name` VARCHAR(255) DEFAULT NULL, - `last_name` VARCHAR(255) DEFAULT NULL, - `username` VARCHAR(255) NOT NULL, - `password` TEXT NOT NULL, - `email` VARCHAR(255) DEFAULT NULL, - `project` VARCHAR(255) DEFAULT NULL, - `access` VARCHAR(255) NOT NULL, - `groups` TEXT, - `token` TEXT +CREATE TABLE IF NOT EXISTS users( + id INT(11) NOT NULL, + first_name VARCHAR(255) DEFAULT NULL, + last_name VARCHAR(255) DEFAULT NULL, + username VARCHAR(255) NOT NULL, + password TEXT NOT NULL, + email VARCHAR(255) DEFAULT NULL, + project VARCHAR(255) DEFAULT NULL, + access VARCHAR(255) NOT NULL, + groups TEXT, + token TEXT ); -CREATE TABLE IF NOT EXISTS `user_options`( - `id` INT(11) NOT NULL, - `name` VARCHAR(255) NOT NULL, - `username` VARCHAR(255) NOT NULL, - `value` TEXT NOT NULL +CREATE TABLE IF NOT EXISTS user_options( + id INT(11) NOT NULL, + name VARCHAR(255) NOT NULL, + username VARCHAR(255) NOT NULL, + value TEXT NOT NULL ); -ALTER TABLE `options` ADD PRIMARY KEY(`id`), ADD UNIQUE KEY `option_name`(`name`); -ALTER TABLE `projects` ADD PRIMARY KEY(`id`), ADD UNIQUE KEY `project_path`(`path`, `owner`); -ALTER TABLE `users` ADD PRIMARY KEY(`id`), ADD UNIQUE KEY `username`(`username`); -ALTER TABLE `user_options` ADD PRIMARY KEY(`id`), ADD UNIQUE KEY `option_name`(`name`, `username`); -ALTER TABLE `options` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT; -ALTER TABLE `projects` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT; -ALTER TABLE `users` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT; -ALTER TABLE `user_options` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT; +ALTER TABLE options ADD PRIMARY KEY(id), ADD UNIQUE KEY option_name(name); +ALTER TABLE projects ADD PRIMARY KEY(id), ADD UNIQUE KEY project_path(path, owner); +ALTER TABLE users ADD PRIMARY KEY(id), ADD UNIQUE KEY username(username); +ALTER TABLE user_options ADD PRIMARY KEY(id), ADD UNIQUE KEY option_name(name, username); +ALTER TABLE options MODIFY id INT(11) NOT NULL AUTO_INCREMENT; +ALTER TABLE projects MODIFY id INT(11) NOT NULL AUTO_INCREMENT; +ALTER TABLE users MODIFY id INT(11) NOT NULL AUTO_INCREMENT; +ALTER TABLE user_options MODIFY id INT(11) NOT NULL AUTO_INCREMENT; DELETE FROM options; DELETE FROM projects; @@ -350,7 +350,7 @@ DELETE FROM user_options; $access = "user"; } - $query = "INSERT INTO `users`( `username`, `password`, `access`, `project` ) VALUES ( ?, ?, ?, ? );"; + $query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );"; $bind_variables = array( $user["username"], $user["password"], $access, null ); $return = $sql->query( $query, $bind_variables, 0, "rowCount" ); @@ -571,7 +571,7 @@ DELETE FROM user_options; public function update_option( $option, $value, $user_setting = null ) { - $query = "INSERT INTO user_options ( `name`, `username`, `value` ) VALUES ( ?, ?, ? );"; + $query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );"; $bind = "sss"; $bind_variables = array( $option, @@ -582,7 +582,7 @@ DELETE FROM user_options; if( $result !== true ) { - $query = "UPDATE user_options SET `value`=? WHERE `name`=? AND `username`=?;"; + $query = "UPDATE user_options SET value=? WHERE name=? AND username=?;"; $bind = "sss"; $bind_variables = array( $value,