usernameField Hard Coded to 'UID'

2007-01-27
2013-05-15
  • Travis Rennemann

    MOHA Chat looks like a sweet  chat program and I'm trying to make a module for my portal, I fund that 'UID' is hard coded in a few places.  The first place that I noticed it (which affects login) was in lib/users/Users.php on line 61 setcookie('user', $userExist['UID'] to $userExist['UID'], (time()+86400), '/');.  I noticed that the Users class variable was already set for the usernameField; so I just changed $userExist['UID'] to $userExist[$this->usernameField].

    Here's where else teh UID is hard codedthe like above:

    lib/chat/Buddy.php:66:        $sqlString = sprintf("INSERT INTO `%s` (`UID`, `BID`, `status`) VALUES ('%s', '%s', %s)", $this->buddyTable, $this->username, $buddyname, $status);           
    lib/chat/Buddy.php:81:        $sqlString = sprintf("SELECT `cust_status`, `cust_status_message`, `BID`, `status` FROM `%s` WHERE `UID` = '%s' AND `status` != -1", $this->buddyTable, $this->username);       
    lib/chat/Buddy.php:104:        $sqlString = sprintf("SELECT `UID` FROM `%s` WHERE `BID` = '%s' AND `status` = 4", $this->buddyTable, $this->username);       
    lib/chat/Buddy.php:140:        if (!$objUser->getUID($buddyname)) return false;
    lib/chat/Buddy.php:144:        $sqlString = sprintf("UPDATE `%s` SET `status` = %s WHERE `UID` = '%s' AND `BID` = '%s'", $this->buddyTable, $status, $username, $buddyname);           
    lib/chat/Buddy.php:158:        if (!$objUser->getUID($buddyname)) return false;
    lib/chat/Buddy.php:162:        $sqlString = sprintf("DELETE FROM `%s` WHERE `UID` = '%s' AND `BID` = '%s'", $this->buddyTable, $this->username, $buddyname);       
    lib/chat/Buddy.php:179:            $sqlString = sprintf("UPDATE `%s` SET `cust_status` = %s, `cust_status_message` = %s WHERE `BID` = '%s' AND `UID` = '%s'", $this->buddyTable, $status, $custMes, $this->username, $args[1]);           
    lib/chat/Buddy.php:181:            $sqlString = sprintf("UPDATE `%s` SET `cust_status` = %s, `cust_status_message` = %s WHERE `UID` = '%s' ", $this->pollTable, $status, $custMes, $this->username);           
    lib/chat/Buddy.php:192:        $sqlString = sprintf("SELECT `UID`, `cust_status`, `cust_status_message` FROM `%s` WHERE `BID` = '%s' AND `status` = 3 ORDER BY `UID` ASC", $this->buddyTable, $this->username);           
    lib/chat/Buddy.php:201:            $row['UID'] = strtolower($row['UID']);
    lib/chat/Buddy.php:225:        $sqlString = sprintf("UPDATE `%s` SET `time` = %s WHERE `UID` = '%s'", $this->pollTable, $time, $userId);       
    lib/chat/Buddy.php:230:            $sqlString = sprintf("INSERT INTO `%s` (`time`, `UID`) VALUES ( %s, '%s')", $this->pollTable, $time, $userId);       
    lib/chat/Buddy.php:280:        $sqlString = sprintf("SELECT `cust_status`, `cust_status_message` FROM `%s` WHERE `UID` = '%s' LIMIT 1", $this->pollTable, $this->username);       
    lib/chat/Buddy.php:308:            if (isset($resArr[strtolower($row['UID'])])) {
    lib/chat/Buddy.php:309:                $buddyStaticStatus = $resArr[strtolower($row['UID'])][2];
    lib/chat/Buddy.php:310:                $buddyStatus = $resArr[strtolower($row['UID'])];
    lib/chat/Buddy.php:311:                unset($resArr[strtolower($row['UID'])]);
    lib/chat/Buddy.php:313:                $resArr[$row['UID']][1] = $row['cust_status_message'];
    lib/chat/Buddy.php:315:                    $resArr[$row['UID']][1] = $buddyStatus[1];
    lib/chat/Buddy.php:318:                $resArr[$row['UID']][0] = $this->_deterStatus(1, $row['cust_status'], $buddyStaticStatus);               
    lib/chat/Buddy.php:320:                $resArr[$row['UID']][0] = 1;
    lib/chat/Buddy.php:327:            if (isset($resArr[strtolower($row['UID'])])) {
    lib/chat/Buddy.php:328:                $buddyStaticStatus = $resArr[strtolower($row['UID'])][2];
    lib/chat/Buddy.php:329:                $buddyStatus = $resArr[strtolower($row['UID'])];
    lib/chat/Buddy.php:330:                unset($resArr[strtolower($row['UID'])]);
    lib/chat/Buddy.php:332:                $resArr[$row['UID']][1] = $row['cust_status_message'];
    lib/chat/Buddy.php:334:                    $resArr[$row['UID']][1] = $buddyStatus[1];
    lib/chat/Buddy.php:337:                $resArr[$row['UID']][0] = $this->_deterStatus(2, $row['cust_status'], $buddyStaticStatus);                   
    lib/chat/Buddy.php:339:                $resArr[$row['UID']][0] = 2;
    lib/chat/Buddy.php:346:            if (isset($resArr[strtolower($row['UID'])])) {
    lib/chat/Buddy.php:347:                $buddyStaticStatus = $resArr[strtolower($row['UID'])][2];
    lib/chat/Buddy.php:348:                unset($resArr[strtolower($row['UID'])]);
    lib/chat/Buddy.php:349:                $resArr[$row['UID']][0] = $this->_deterStatus(3, $row['cust_status'], $buddyStaticStatus);               
    lib/chat/Buddy.php:351:                $resArr[$row['UID']][0] = 3;
    lib/chat/Buddy.php:373:        $sqlString = sprintf("SELECT a.`UID`, a.`cust_status`, a.`cust_status_message` FROM (`%s` a LEFT JOIN `%s` b ON (a.`UID` = b.`BID`)) WHERE a.`time` BETWEEN %s AND %s AND b.`UID` = '%s' AND b.`status` = 3 ORDER BY a.`UID` ASC", $this->pollTable, $this->buddyTable, $time_e, $time, $this->username);       
    lib/chat/Buddy.php:392:        $sqlString = sprintf("SELECT a.`UID`, a.`cust_status`, a.`cust_status_message` FROM (`%s` a LEFT JOIN `%s` b ON (a.`UID` = b.`BID`)) WHERE a.`time` BETWEEN %s AND %s AND b.`UID` = '%s' AND b.`status` = 3 ORDER BY a.`UID` ASC", $this->pollTable, $this->buddyTable, $time_e, $time, $this->username);
    lib/chat/Buddy.php:410:        $sqlString = sprintf("SELECT a.`UID`, a.`cust_status`, a.`cust_status_message` FROM (`%s` a JOIN `%s` b ON (a.`UID` = b.`BID`)) WHERE a.`time` < %s AND b.`UID` = '%s' AND b.`status` = 3 ORDER BY a.`UID` ASC", $this->pollTable, $this->buddyTable, $time_e, $this->username);
    lib/users/Users.php:37:    function getUID($user) {
    lib/users/Users.php:61:            setcookie('user', $userExist['UID'], (time()+86400), '/');
    lib/users/Validate.php:9:    function validator( $UID, $PWD, $PWC, $PRQ, $PRA, $name, $country, $email, $dob, $eula ) {
    lib/users/Validate.php:11:        $errs = $this->valSignInDetails ($UID, $PWD, $PWC);       
    lib/users/Validate.php:24:    function valSignInDetails ($UID, $PWD, $PWC) {   
    lib/users/Validate.php:29:        $userID = $usersClass -> getUID($UID);
    lib/users/Validate.php:31:        if ( $this->notEmpty($UID) ) {       
    lib/users/Validate.php:33:                $errs[] = array('UID' => 'There is another user of the same Username. Please choose a different Username.');
    lib/users/Validate.php:36:            $errs[] = array('UID' => 'Username is empty.');   

     
    • mohanjith

      mohanjith - 2007-01-27

      Sorry about hard coding the user ID field to UID in the User class. :)

      Buddy class you don't have to bother because, UID field there will not affect Sign In and it is solely concerned with the buddy table, which is internal to MOHA Chat.

      How ever to make it easy for some one to change field names easily, let me define the field names and table names as constants for that class in future releases.

      Validate class is unused in MOHA Chat, because it is solely concerned with validating the fields when a user is registering. Which is not available in MOHA Chat. Further validation class is not scalable, I hope to remove it in future releases.

      Thanks for your interest in MOHA Chat and your suggestions to improve MOHA Chat.

      Feel free to contact me if you have any droughts or suggestions over the forum.

       
    • Travis Rennemann

      Outstanding!  Thank you for your quick response.  I will certainly help if I can.  MOHA Chat is a great project, thank you!

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks