[aur-dev] [PATCH 1/3] aur.inc.php: allow all functions using DB to take handle as arg
Dan McGee
dan at archlinux.org
Wed Aug 10 19:20:05 EDT 2011
This prevents needless calls to db_connect() if we already have a
reference to a handle we can pass into a function. Although the current
underlying implementation using mysql_connect() will return the same
connection if all parameters are the same, this might not be true if we
switch to a more modern (e.g. PDO) interface.
In the face of safe transactions, it is extremely important all actions
are being taken over the same connection to the database.
Signed-off-by: Dan McGee <dan at archlinux.org>
---
web/lib/aur.inc.php | 74 +++++++++++++++++++++++++++++++++-----------------
1 files changed, 49 insertions(+), 25 deletions(-)
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 55cc8a9..0927604 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -17,7 +17,7 @@ include_once("cachefuncs.inc.php");
# see if the visitor is already logged in
#
-function check_sid() {
+function check_sid($dbh=NULL) {
global $_COOKIE;
global $LOGIN_TIMEOUT;
@@ -25,7 +25,9 @@ function check_sid() {
$failed = 0;
# the visitor is logged in, try and update the session
#
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
$q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
$result = db_query($q, $dbh);
@@ -97,11 +99,13 @@ function new_sid() {
# obtain the username if given their Users.ID
#
-function username_from_id($id="") {
+function username_from_id($id="", $dbh=NULL) {
if (!$id) {
return "";
}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT Username FROM Users WHERE ID = " . mysql_real_escape_string($id);
$result = db_query($q, $dbh);
if (!$result) {
@@ -115,11 +119,13 @@ function username_from_id($id="") {
# obtain the username if given their current SID
#
-function username_from_sid($sid="") {
+function username_from_sid($sid="", $dbh=NULL) {
if (!$sid) {
return "";
}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT Username ";
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
@@ -135,11 +141,13 @@ function username_from_sid($sid="") {
# obtain the email address if given their current SID
#
-function email_from_sid($sid="") {
+function email_from_sid($sid="", $dbh=NULL) {
if (!$sid) {
return "";
}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT Email ";
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
@@ -156,11 +164,13 @@ function email_from_sid($sid="") {
# obtain the account type if given their current SID
# Return either "", "User", "Trusted User", "Developer"
#
-function account_from_sid($sid="") {
+function account_from_sid($sid="", $dbh=NULL) {
if (!$sid) {
return "";
}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT AccountType ";
$q.= "FROM Users, AccountTypes, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
@@ -177,11 +187,13 @@ function account_from_sid($sid="") {
# obtain the Users.ID if given their current SID
#
-function uid_from_sid($sid="") {
+function uid_from_sid($sid="", $dbh=NULL) {
if (!$sid) {
return "";
}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT Users.ID ";
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
@@ -251,7 +263,7 @@ function db_query($query="", $db_handle="") {
# set up the visitor's language
#
-function set_lang() {
+function set_lang($dbh=NULL) {
global $LANG;
global $SUPPORTED_LANGS;
global $PERSISTENT_COOKIE_TIMEOUT;
@@ -272,7 +284,9 @@ function set_lang() {
} elseif (isset($_COOKIE["AURSID"])) {
# No language but a session; use default lang preference
#
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT LangPreference FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND Sessions.SessionID = '";
@@ -332,15 +346,17 @@ function html_footer($ver="") {
# check to see if the user can submit a package
#
-function can_submit_pkg($name="", $sid="") {
+function can_submit_pkg($name="", $sid="", $dbh=NULL) {
if (!$name || !$sid) {return 0;}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT MaintainerUID ";
$q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'";
$result = db_query($q, $dbh);
if (mysql_num_rows($result) == 0) {return 1;}
$row = mysql_fetch_row($result);
- $my_uid = uid_from_sid($sid);
+ $my_uid = uid_from_sid($sid, $dbh);
if ($row[0] === NULL || $row[0] == $my_uid) {
return 1;
@@ -401,12 +417,14 @@ function chmod_group($path) {
# obtain the uid given a Users.Username
#
-function uid_from_username($username="")
+function uid_from_username($username="", $dbh=NULL)
{
if (!$username) {
return "";
}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT ID FROM Users WHERE Username = '".mysql_real_escape_string($username)
."'";
$result = db_query($q, $dbh);
@@ -420,12 +438,14 @@ function uid_from_username($username="")
# obtain the uid given a Users.Email
#
-function uid_from_email($email="")
+function uid_from_email($email="", $dbh=NULL)
{
if (!$email) {
return "";
}
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$q = "SELECT ID FROM Users WHERE Email = '".mysql_real_escape_string($email)
."'";
$result = db_query($q, $dbh);
@@ -479,9 +499,11 @@ function mkurl($append) {
return substr($out, 5);
}
-function get_salt($user_id)
+function get_salt($user_id, $dbh=NULL)
{
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$salt_q = "SELECT Salt FROM Users WHERE ID = " . $user_id;
$result = db_query($salt_q, $dbh);
if ($result) {
@@ -491,9 +513,11 @@ function get_salt($user_id)
return;
}
-function save_salt($user_id, $passwd)
+function save_salt($user_id, $passwd, $dbh=NULL)
{
- $dbh = db_connect();
+ if(!$dbh) {
+ $dbh = db_connect();
+ }
$salt = generate_salt();
$hash = salted_hash($passwd, $salt);
$salting_q = "UPDATE Users SET Salt = '" . $salt . "', " .
--
1.7.6
More information about the aur-dev
mailing list