webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-08-09 05:02:44 +03:00
Code Activity

remove change to table_by_key() as the original bug has been found in Login

Browse Source
This commit is contained in:
David Goodwin
2021-01-26 21:06:15 +00:00
parent bcf1f8c7e4
commit 52933a6307
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
functions.inc.php
View File

@@ -2091,8 +2091,6 @@ function table_by_key($table_key) {
$table = $CONF['database_prefix'] . $table; $table = $CONF['database_prefix'] . $table;
if (db_mysql()) { if (db_mysql()) {
// try and ensure we don't get ``table`` ?
$table = preg_replace('/`/', '', $table);
return "`" . $table . "`"; return "`" . $table . "`";
} }

10
model/Login.php
View File

@@ -1,6 +1,7 @@
<?php <?php
class Login { class Login {
private $key_table;
private $table; private $table;
public function __construct(string $tableName) { public function __construct(string $tableName) {
@@ -9,7 +10,8 @@ class Login {
if (!in_array($tableName, $ok)) { if (!in_array($tableName, $ok)) {
throw new \InvalidArgumentException("Unsupported tableName for login: " . $tableName); throw new \InvalidArgumentException("Unsupported tableName for login: " . $tableName);
} }
$this->table = table_by_key($tableName); $this->table = $tableName;
$this->key_table = table_by_key($tableName);
} }
/** /**
@@ -21,7 +23,7 @@ class Login {
*/ */
public function login($username, $password): bool { public function login($username, $password): bool {
$active = db_get_boolean(true); $active = db_get_boolean(true);
$query = "SELECT password FROM {$this->table} WHERE username = :username AND active = :active"; $query = "SELECT password FROM {$this->key_table} WHERE username = :username AND active = :active";
$values = array('username' => $username, 'active' => $active); $values = array('username' => $username, 'active' => $active);
@@ -60,7 +62,7 @@ class Login {
* @throws Exception * @throws Exception
*/ */
public function generatePasswordRecoveryCode(string $username) { public function generatePasswordRecoveryCode(string $username) {
$sql = "SELECT count(1) FROM {$this->table} WHERE username = :username AND active = :active"; $sql = "SELECT count(1) FROM {$this->key_table} WHERE username = :username AND active = :active";
$active = db_get_boolean(true); $active = db_get_boolean(true);
@@ -108,7 +110,7 @@ class Login {
'password' => pacrypt($new_password), 'password' => pacrypt($new_password),
); );
$result = db_update('mailbox', 'username', $username, $set); $result = db_update($this->key_table, 'username', $username, $set);
if ($result != 1) { if ($result != 1) {
db_log($domain, 'edit_password', "FAILURE: " . $username); db_log($domain, 'edit_password', "FAILURE: " . $username);