From: Tim Düsterhus Date: Thu, 12 May 2022 15:13:13 +0000 (+0200) Subject: Use `->prepare()` instead of `->prepareStatement()` in SessionHandler X-Git-Tag: 6.0.0_Alpha_1~1318 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=37aa9bc25f98495a80e91e46bf27c1a4798cc35d;p=GitHub%2FWoltLab%2FWCF.git Use `->prepare()` instead of `->prepareStatement()` in SessionHandler --- diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index b71e9fdf80..fe2843a84c 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -603,9 +603,9 @@ final class SessionHandler extends SingletonFactory protected function getExistingSession(string $sessionID): bool { $sql = "SELECT * - FROM wcf" . WCF_N . "_user_session + FROM wcf1_user_session WHERE sessionID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ $sessionID, ]); @@ -637,12 +637,12 @@ final class SessionHandler extends SingletonFactory // The former two fields are not going to rapidly change and the latter is just // used for session expiry, where accuracy to the second is not required. if ($row['lastActivityTime'] < (TIME_NOW - 60)) { - $sql = "UPDATE wcf" . WCF_N . "_user_session + $sql = "UPDATE wcf1_user_session SET ipAddress = ?, userAgent = ?, lastActivityTime = ? WHERE sessionID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ UserUtil::getIpAddress(), UserUtil::getUserAgent(), @@ -669,9 +669,9 @@ final class SessionHandler extends SingletonFactory } $sql = "SELECT * - FROM wcf" . WCF_N . "_session - " . $condition; - $legacySessionStatement = WCF::getDB()->prepareStatement($sql); + FROM wcf1_session + {$condition}"; + $legacySessionStatement = WCF::getDB()->prepare($sql); $legacySessionStatement->execute($condition->getParameters()); $this->legacySession = $legacySessionStatement->fetchSingleObject(LegacySession::class); @@ -712,10 +712,10 @@ final class SessionHandler extends SingletonFactory ]; // Create new session. - $sql = "INSERT INTO wcf" . WCF_N . "_user_session + $sql = "INSERT INTO wcf1_user_session (sessionID, ipAddress, userAgent, creationTime, lastActivityTime, sessionVariables) VALUES (?, ?, ?, ?, ?, ?)"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ $this->sessionID, UserUtil::getIpAddress(), @@ -743,11 +743,11 @@ final class SessionHandler extends SingletonFactory $spiderID = $this->getSpiderID(UserUtil::getUserAgent()); if ($spiderID) { $sql = "SELECT * - FROM wcf" . WCF_N . "_session + FROM wcf1_session WHERE spiderID = ? AND userID IS NULL ORDER BY lastActivityTime DESC"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([$spiderID]); $this->legacySession = $statement->fetchSingleObject(LegacySession::class); } @@ -845,9 +845,9 @@ final class SessionHandler extends SingletonFactory // work-around for setup process (package wcf does not exist yet) if (!PACKAGE_ID) { $sql = "SELECT groupID - FROM wcf" . WCF_N . "_user_to_group + FROM wcf1_user_to_group WHERE userID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([$this->user->userID]); $groupIDs = $statement->fetchAll(\PDO::FETCH_COLUMN); } else { @@ -891,9 +891,9 @@ final class SessionHandler extends SingletonFactory // work-around for setup process (package wcf does not exist yet) if (!PACKAGE_ID) { $sql = "SELECT languageID - FROM wcf" . WCF_N . "_user_to_language + FROM wcf1_user_to_language WHERE userID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([$this->user->userID]); $this->languageIDs = $statement->fetchAll(\PDO::FETCH_COLUMN); } else { @@ -1053,16 +1053,16 @@ final class SessionHandler extends SingletonFactory $this->create(); // ... delete the newly created legacy session ... - $sql = "DELETE FROM wcf" . WCF_N . "_session + $sql = "DELETE FROM wcf1_session WHERE sessionID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([$this->sessionID]); // ... perform the login ... - $sql = "UPDATE wcf" . WCF_N . "_user_session + $sql = "UPDATE wcf1_user_session SET userID = ? WHERE sessionID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ $user->userID, $this->sessionID, @@ -1070,10 +1070,10 @@ final class SessionHandler extends SingletonFactory // ... delete any user sessions exceeding the limit ... $sql = "SELECT all_sessions.sessionID - FROM wcf" . WCF_N . "_user_session all_sessions + FROM wcf1_user_session all_sessions LEFT JOIN ( SELECT sessionID - FROM wcf" . WCF_N . "_user_session + FROM wcf1_user_session WHERE userID = ? ORDER BY lastActivityTime DESC LIMIT " . self::USER_SESSION_LIMIT . " @@ -1081,7 +1081,7 @@ final class SessionHandler extends SingletonFactory ON newest_sessions.sessionID = all_sessions.sessionID WHERE all_sessions.userID = ? AND newest_sessions.sessionID IS NULL"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ $user->userID, $user->userID, @@ -1237,10 +1237,10 @@ final class SessionHandler extends SingletonFactory } if ($this->variablesChanged) { - $sql = "UPDATE wcf" . WCF_N . "_user_session + $sql = "UPDATE wcf1_user_session SET sessionVariables = ? WHERE sessionID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ \serialize($this->variables), $this->sessionID, @@ -1311,19 +1311,19 @@ final class SessionHandler extends SingletonFactory */ public function prune() { - $sql = "DELETE FROM wcf" . WCF_N . "_user_session + $sql = "DELETE FROM wcf1_user_session WHERE (lastActivityTime < ? AND userID IS NULL) OR (lastActivityTime < ? AND userID IS NOT NULL)"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ TIME_NOW - self::GUEST_SESSION_LIFETIME, TIME_NOW - self::USER_SESSION_LIFETIME, ]); // Legacy sessions live 120 minutes, they will be re-created on demand. - $sql = "DELETE FROM wcf" . WCF_N . "_session + $sql = "DELETE FROM wcf1_session WHERE lastActivityTime < ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([ TIME_NOW - (3600 * 2), ]); @@ -1445,9 +1445,9 @@ final class SessionHandler extends SingletonFactory } $sql = "SELECT * - FROM wcf" . WCF_N . "_user_session + FROM wcf1_user_session WHERE userID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([$user->userID]); $sessions = []; @@ -1479,15 +1479,15 @@ final class SessionHandler extends SingletonFactory $conditionBuilder->add('sessionID <> ?', [$sessionID]); } - $sql = "DELETE FROM wcf" . WCF_N . "_user_session - " . $conditionBuilder; - $statement = WCF::getDB()->prepareStatement($sql); + $sql = "DELETE FROM wcf1_user_session + {$conditionBuilder}"; + $statement = WCF::getDB()->prepare($sql); $statement->execute($conditionBuilder->getParameters()); // Delete legacy session. - $sql = "DELETE FROM wcf" . WCF_N . "_session - " . $conditionBuilder; - $statement = WCF::getDB()->prepareStatement($sql); + $sql = "DELETE FROM wcf1_session + {$conditionBuilder}"; + $statement = WCF::getDB()->prepare($sql); $statement->execute($conditionBuilder->getParameters()); } @@ -1498,15 +1498,15 @@ final class SessionHandler extends SingletonFactory */ public function deleteUserSession(string $sessionID): void { - $sql = "DELETE FROM wcf" . WCF_N . "_user_session + $sql = "DELETE FROM wcf1_user_session WHERE sessionID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([$sessionID]); // Delete legacy session. - $sql = "DELETE FROM wcf" . WCF_N . "_session + $sql = "DELETE FROM wcf1_session WHERE sessionID = ?"; - $statement = WCF::getDB()->prepareStatement($sql); + $statement = WCF::getDB()->prepare($sql); $statement->execute([$sessionID]); } }