Skip to content

Commit b20e79a

Browse files
nilsteampassnetnilsteampassnet
authored
Merge pull request #4470 from corentin-soriano/sql_queries_improvement
Improve sql queries (break long lines, use SQL COUNT and more).
2 parents e85946c + 0b9ef5c commit b20e79a

File tree

2 files changed

+105
-108
lines changed

2 files changed

+105
-108
lines changed

pages/profile.php

+37-11
Original file line numberDiff line numberDiff line change
@@ -99,21 +99,46 @@
9999
// prepare list of timezones
100100
$zones = timezone_list();
101101
// prepare list of languages
102-
$languages = DB::query('SELECT label, name FROM ' . prefixTable('languages') . ' ORDER BY label ASC');
102+
$languages = DB::query(
103+
'SELECT label, name FROM ' . prefixTable('languages') . ' ORDER BY label ASC'
104+
);
105+
103106
// Do some stats
104-
DB::query('SELECT id_item FROM ' . prefixTable('log_items') . ' WHERE action = "at_creation" AND id_user = "' . $session->get('user-id') . '"');
105-
$userItemsNumber = DB::count();
106-
DB::query('SELECT id_item FROM ' . prefixTable('log_items') . ' WHERE action = "at_modification" AND id_user = "' . $session->get('user-id') . '"');
107-
$userModificationNumber = DB::count();
108-
DB::query('SELECT id_item FROM ' . prefixTable('log_items') . ' WHERE action = "at_shown" AND id_user = "' . $session->get('user-id') . '"');
109-
$userSeenItemsNumber = DB::count();
110-
DB::query('SELECT id_item FROM ' . prefixTable('log_items') . ' WHERE action = "at_password_shown" AND id_user = "' . $session->get('user-id') . '"');
111-
$userSeenPasswordsNumber = DB::count();
107+
$userItemsNumber = DB::queryFirstField(
108+
'SELECT COUNT(id_item) as count
109+
FROM ' . prefixTable('log_items') . '
110+
WHERE action = "at_creation" AND id_user = %i',
111+
$session->get('user-id')
112+
);
113+
114+
$userModificationNumber = DB::queryFirstField(
115+
'SELECT COUNT(id_item) as count
116+
FROM ' . prefixTable('log_items') . '
117+
WHERE action = "at_modification" AND id_user = %i',
118+
$session->get('user-id')
119+
);
120+
121+
$userSeenItemsNumber = DB::queryFirstField(
122+
'SELECT COUNT(id_item) as count
123+
FROM ' . prefixTable('log_items') . '
124+
WHERE action = "at_shown" AND id_user = %i',
125+
$session->get('user-id')
126+
);
127+
128+
$userSeenPasswordsNumber = DB::queryFirstField(
129+
'SELECT COUNT(id_item)
130+
FROM ' . prefixTable('log_items') . '
131+
WHERE action = "at_password_shown" AND id_user = %i',
132+
$session->get('user-id')
133+
);
134+
112135
$userInfo = DB::queryFirstRow(
113136
'SELECT avatar, last_pw_change
114137
FROM ' . prefixTable('users') . '
115-
WHERE id = "' . $session->get('user-id') . '"'
138+
WHERE id = %i',
139+
$session->get('user-id')
116140
);
141+
117142
if (empty($userInfo['avatar']) === true) {
118143
$avatar = $SETTINGS['cpassman_url'] . '/includes/images/photo.jpg';
119144
} else {
@@ -126,7 +151,8 @@
126151
$tmp = DB::queryFirstRow(
127152
'SELECT title
128153
FROM ' . prefixTable('roles_title') . '
129-
WHERE id = "' . $role . '"'
154+
WHERE id = %i',
155+
$role
130156
);
131157
if ($tmp !== null) {
132158
array_push($userParOfGroups, $tmp['title']);

sources/items.queries.php

+68-97
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,14 @@
183183
$filters
184184
);
185185

186+
// List of teampass users ids (and current user id).
187+
$tpUsersIDs = [
188+
OTV_USER_ID,
189+
SSH_USER_ID,
190+
API_USER_ID,
191+
$session->get('user-id'),
192+
];
193+
186194
// Do asked action
187195
switch ($inputData['type']) {
188196
/*
@@ -647,7 +655,13 @@
647655
if (empty($data['restricted_to']) === false) {
648656
foreach (explode(';', $data['restricted_to']) as $userRest) {
649657
if (empty($userRest) === false) {
650-
$dataTmp = DB::queryfirstrow('SELECT login FROM ' . prefixTable('users') . ' WHERE id= ' . $userRest);
658+
$dataTmp = DB::queryfirstrow(
659+
'SELECT login
660+
FROM ' . prefixTable('users') . '
661+
WHERE id= %i',
662+
$userRest
663+
);
664+
651665
if (empty($oldRestrictionList) === true) {
652666
$oldRestrictionList = $dataTmp['login'];
653667
} else {
@@ -3082,7 +3096,12 @@
30823096
if (empty($dataItem['restricted_to']) === false) {
30833097
foreach (explode(';', $dataItem['restricted_to']) as $userRest) {
30843098
if (empty($userRest) === false) {
3085-
$dataTmp = DB::queryfirstrow('SELECT login FROM ' . prefixTable('users') . ' WHERE id= ' . $userRest);
3099+
$dataTmp = DB::queryfirstrow(
3100+
'SELECT login
3101+
FROM ' . prefixTable('users') . '
3102+
WHERE id= %i',
3103+
$userRest
3104+
);
30863105
if (empty($listOfRestricted)) {
30873106
$listOfRestricted = $dataTmp['login'];
30883107
} else {
@@ -5225,9 +5244,11 @@
52255244
$users = DB::query(
52265245
'SELECT id, public_key
52275246
FROM ' . prefixTable('users') . '
5228-
WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '","' . $session->get('user-id') . '")
5229-
AND public_key != ""'
5247+
WHERE id NOT IN %li
5248+
AND public_key != ""',
5249+
$tpUsersIDs
52305250
);
5251+
52315252
foreach ($users as $user) {
52325253
// Insert in DB the new object key for this item by user
52335254
DB::insert(
@@ -5264,8 +5285,9 @@
52645285
$users = DB::query(
52655286
'SELECT id, public_key
52665287
FROM ' . prefixTable('users') . '
5267-
WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '","' . $session->get('user-id') . '")
5268-
AND public_key != ""'
5288+
WHERE id NOT IN %li
5289+
AND public_key != ""',
5290+
$tpUsersIDs
52695291
);
52705292
foreach ($users as $user) {
52715293
// Insert in DB the new object key for this item by user
@@ -5304,9 +5326,11 @@
53045326
$users = DB::query(
53055327
'SELECT id, public_key
53065328
FROM ' . prefixTable('users') . '
5307-
WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '","' . $session->get('user-id') . '")
5308-
AND public_key != ""'
5329+
WHERE id NOT IN %li
5330+
AND public_key != ""',
5331+
$tpUsersIDs
53095332
);
5333+
53105334
foreach ($users as $user) {
53115335
// Insert in DB the new object key for this item by user
53125336
DB::insert(
@@ -5550,9 +5574,11 @@
55505574
$users = DB::query(
55515575
'SELECT id, public_key
55525576
FROM ' . prefixTable('users') . '
5553-
WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '","' . $session->get('user-id') . '")
5554-
AND public_key != ""'
5577+
WHERE id NOT IN %li
5578+
AND public_key != ""',
5579+
$tpUsersIDs
55555580
);
5581+
55565582
foreach ($users as $user) {
55575583
// Insert in DB the new object key for this item by user
55585584
DB::insert(
@@ -5589,9 +5615,11 @@
55895615
$users = DB::query(
55905616
'SELECT id, public_key
55915617
FROM ' . prefixTable('users') . '
5592-
WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '","' . $session->get('user-id') . '")
5593-
AND public_key != ""'
5618+
WHERE id NOT IN %li
5619+
AND public_key != ""',
5620+
$tpUsersIDs
55945621
);
5622+
55955623
foreach ($users as $user) {
55965624
// Insert in DB the new object key for this item by user
55975625
DB::insert(
@@ -5629,9 +5657,11 @@
56295657
$users = DB::query(
56305658
'SELECT id, public_key
56315659
FROM ' . prefixTable('users') . '
5632-
WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '","' . $session->get('user-id') . '")
5633-
AND public_key != ""'
5660+
WHERE id NOT IN %li
5661+
AND public_key != ""',
5662+
$tpUsersIDs
56345663
);
5664+
56355665
foreach ($users as $user) {
56365666
// Insert in DB the new object key for this item by user
56375667
DB::insert(
@@ -5835,8 +5865,19 @@
58355865
}
58365866
if ($inputData['cat'] === 'request_access_to_author') {
58375867
// Variables
5838-
$dataAuthor = DB::queryfirstrow('SELECT email,login FROM ' . prefixTable('users') . ' WHERE id = ' . $post_content[1]);
5839-
$dataItem = DB::queryfirstrow('SELECT label, id_tree FROM ' . prefixTable('items') . ' WHERE id = ' . $post_content[0]);
5868+
$dataAuthor = DB::queryfirstrow(
5869+
'SELECT email,login
5870+
FROM ' . prefixTable('users') . '
5871+
WHERE id = %i',
5872+
$post_content[1]
5873+
);
5874+
5875+
$dataItem = DB::queryfirstrow(
5876+
'SELECT label, id_tree
5877+
FROM ' . prefixTable('items') . '
5878+
WHERE id = %i',
5879+
$post_content[0]
5880+
);
58405881

58415882
// Get path
58425883
$path = geItemReadablePath(
@@ -5903,60 +5944,9 @@
59035944
break;
59045945

59055946
/*
5906-
* CASE
5907-
* manage notification of an Item
5908-
*/
5909-
/*
5910-
case 'notify_a_user':
5911-
if ($inputData['key'] !== $session->get('key')) {
5912-
echo '[{"error" : "something_wrong"}]';
5913-
break;
5914-
}
5915-
if ($inputData['notifyType'] === 'on_show') {
5916-
// Check if values already exist
5917-
$data = DB::queryfirstrow(
5918-
'SELECT notification FROM ' . prefixTable('items') . ' WHERE id = %i',
5919-
$inputData['itemId']
5920-
);
5921-
$notifiedUsers = explode(';', $data['notification']);
5922-
// User is not in actual notification list
5923-
if ($inputData['status'] === 'true' && !in_array($inputData['userId'], $notifiedUsers)) {
5924-
// User is not in actual notification list and wants to be notified
5925-
DB::update(
5926-
prefixTable('items'),
5927-
array(
5928-
'notification' => empty($data['notification']) ?
5929-
$inputData['userId'] . ';'
5930-
: $data['notification'] . $inputData['userId'] ,
5931-
),
5932-
'id=%i',
5933-
$inputData['itemId']
5934-
);
5935-
echo '[{"error" : "", "new_status":"true"}]';
5936-
break;
5937-
}
5938-
if ($inputData['status'] === 'false' && in_array($inputData['userId'], $notifiedUsers)) {
5939-
// TODO : delete user from array and store in DB
5940-
// User is in actual notification list and doesn't want to be notified
5941-
DB::update(
5942-
prefixTable('items'),
5943-
array(
5944-
'notification' => empty($data['notification']) ?
5945-
$inputData['userId']
5946-
: $data['notification'] . ';' . $inputData['userId'],
5947-
),
5948-
'id=%i',
5949-
$inputData['itemId']
5950-
);
5951-
}
5952-
}
5953-
break;
5954-
*/
5955-
5956-
/*
5957-
* CASE
5958-
* Item History Log - add new entry
5959-
*/
5947+
* CASE
5948+
* Item History Log - add new entry
5949+
*/
59605950
case 'history_entry_add':
59615951
if ($inputData['key'] !== $session->get('key')) {
59625952
$data = array('error' => 'key_is_wrong');
@@ -6057,30 +6047,10 @@
60576047
);
60586048
break;
60596049

6060-
/*
6061-
* CASE
6062-
* Check if Item has been changed since loaded
6063-
*/
60646050
/*
6065-
case 'is_item_changed':
6066-
$data = DB::queryFirstRow(
6067-
'SELECT date FROM ' . prefixTable('log_items') . ' WHERE action = %s AND id_item = %i ORDER BY date DESC',
6068-
'at_modification',
6069-
$inputData['itemId']
6070-
);
6071-
// Check if it's in a personal folder. If yes, then force complexity overhead.
6072-
if ((int) $data['date'] > (int) $inputData['timestamp']) {
6073-
echo '{ "modified" : "1" }';
6074-
} else {
6075-
echo '{ "modified" : "0" }';
6076-
}
6077-
break;
6078-
*/
6079-
6080-
/*
6081-
* CASE
6082-
* Check if Item has been changed since loaded
6083-
*/
6051+
* CASE
6052+
* Check if Item has been changed since loaded
6053+
*/
60846054
case 'generate_OTV_url':
60856055
// Check KEY
60866056
if ($inputData['key'] !== $session->get('key')) {
@@ -6095,10 +6065,11 @@
60956065
);
60966066

60976067
// delete all existing old otv codes
6098-
$rows = DB::query('SELECT id FROM ' . prefixTable('otv') . ' WHERE time_limit < ' . time());
6099-
foreach ($rows as $record) {
6100-
DB::delete(prefixTable('otv'), 'id=%i', $record['id']);
6101-
}
6068+
DB::delete(
6069+
prefixTable('otv'),
6070+
'time_limit < %i',
6071+
time()
6072+
);
61026073

61036074
// generate session
61046075
$otv_code = GenerateCryptKey(32, false, true, true, false, true);

0 commit comments

Comments
 (0)