mysql variable substitution
This commit is contained in:
parent
d6eca5086f
commit
55c456828b
47
main.go
47
main.go
|
@ -49,7 +49,6 @@ type metadata struct {
|
||||||
|
|
||||||
var c config
|
var c config
|
||||||
|
|
||||||
|
|
||||||
func Init(dbin *sqlx.DB, tp, sitename, fromaddr, smtpserver string) {
|
func Init(dbin *sqlx.DB, tp, sitename, fromaddr, smtpserver string) {
|
||||||
c.db = dbin
|
c.db = dbin
|
||||||
c.TablePrefix = tp
|
c.TablePrefix = tp
|
||||||
|
@ -69,7 +68,7 @@ func UsernameAvailable(username string) bool {
|
||||||
var tmp string
|
var tmp string
|
||||||
username = strings.ToLower(username)
|
username = strings.ToLower(username)
|
||||||
|
|
||||||
q := fmt.Sprintf("select username from %s_auth where username = $1", c.TablePrefix)
|
q := fmt.Sprintf("select username from %s_auth where username = ?", c.TablePrefix)
|
||||||
err := c.db.Get(&tmp, q, username)
|
err := c.db.Get(&tmp, q, username)
|
||||||
if err == sql.ErrNoRows {
|
if err == sql.ErrNoRows {
|
||||||
return true
|
return true
|
||||||
|
@ -95,7 +94,7 @@ func Register(username, email, ip string) bool {
|
||||||
log.Printf("scsusers.Register: Bcrypt GenerateFromPassword failed? Pass is %s and error is %s\n", pass, err.Error())
|
log.Printf("scsusers.Register: Bcrypt GenerateFromPassword failed? Pass is %s and error is %s\n", pass, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
_, err = c.db.Query(fmt.Sprintf("insert into %s_auth (username, password) VALUES ($1, $2)", c.TablePrefix), username, crypt)
|
_, err = c.db.Query(fmt.Sprintf("insert into %s_auth (username, password) VALUES (?,?)", c.TablePrefix), username, crypt)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("scsusers.Register: insert failed: %s\n", err.Error())
|
log.Printf("scsusers.Register: insert failed: %s\n", err.Error())
|
||||||
return false
|
return false
|
||||||
|
@ -108,7 +107,7 @@ func Register(username, email, ip string) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
log.Printf("scsusers.Register: Failed to send registration email, deleting user %s\n", username)
|
log.Printf("scsusers.Register: Failed to send registration email, deleting user %s\n", username)
|
||||||
q := fmt.Sprintf("delete from %s_auth where username = $1 AND password=$2", c.TablePrefix)
|
q := fmt.Sprintf("delete from %s_auth where username = ? AND password=?", c.TablePrefix)
|
||||||
_, err = c.db.Exec(q, username, string(crypt))
|
_, err = c.db.Exec(q, username, string(crypt))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("scsusers.Register: Failed to delete new user %s: %s\n", username, err.Error())
|
log.Printf("scsusers.Register: Failed to delete new user %s: %s\n", username, err.Error())
|
||||||
|
@ -125,7 +124,7 @@ func NewUser() *UserData {
|
||||||
func Get(username string) (*UserData, bool) {
|
func Get(username string) (*UserData, bool) {
|
||||||
|
|
||||||
u := NewUser()
|
u := NewUser()
|
||||||
q := fmt.Sprintf("select username, password, id from %s_auth where username=$1", c.TablePrefix)
|
q := fmt.Sprintf("select username, password, id from %s_auth where username=?", c.TablePrefix)
|
||||||
err := c.db.Get(&u, q, username)
|
err := c.db.Get(&u, q, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == sql.ErrNoRows {
|
if err == sql.ErrNoRows {
|
||||||
|
@ -165,8 +164,8 @@ func (u *UserData) ChangePassword(oldpass, newpass string) bool {
|
||||||
log.Printf("scsusers.ChangePassword: generate: %s", err.Error())
|
log.Printf("scsusers.ChangePassword: generate: %s", err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
q := fmt.Sprintf("update %s_auth set password=$2 where userid=$1", c.TablePrefix)
|
q := fmt.Sprintf("update %s_auth set password=? where userid=?", c.TablePrefix)
|
||||||
_, err = c.db.Exec(q, u.UserID, newcrypt)
|
_, err = c.db.Exec(q, newcrypt, u.UserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("scsusers.ChangePassword: update failed for %s: %s\n", u.Username, err.Error())
|
log.Printf("scsusers.ChangePassword: update failed for %s: %s\n", u.Username, err.Error())
|
||||||
return false
|
return false
|
||||||
|
@ -179,7 +178,7 @@ func GetUserid(username string) int64 {
|
||||||
var i int64
|
var i int64
|
||||||
username = strings.ToLower(username)
|
username = strings.ToLower(username)
|
||||||
|
|
||||||
q := fmt.Sprintf("select userid from %s_auth where username = $1", c.TablePrefix)
|
q := fmt.Sprintf("select userid from %s_auth where username = ?", c.TablePrefix)
|
||||||
err := c.db.Get(&i, q, username)
|
err := c.db.Get(&i, q, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("scsusers.getUserId: Error loading user: %s : %s\n", username, err.Error())
|
log.Printf("scsusers.getUserId: Error loading user: %s : %s\n", username, err.Error())
|
||||||
|
@ -196,14 +195,14 @@ func (u *UserData) Get(key string) (string, bool) {
|
||||||
func (u *UserData) Set(key, value string) error {
|
func (u *UserData) Set(key, value string) error {
|
||||||
tmp, ok := u.Meta[key]
|
tmp, ok := u.Meta[key]
|
||||||
if ok {
|
if ok {
|
||||||
_, err := c.db.Query(fmt.Sprintf("delete from %s_meta where id=$1", c.TablePrefix), tmp.ID)
|
_, err := c.db.Query(fmt.Sprintf("delete from %s_meta where id=?", c.TablePrefix), tmp.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("scsauth: set: delete: %s", err.Error())
|
log.Printf("scsauth: set: delete: %s", err.Error())
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
var insertid int64
|
var insertid int64
|
||||||
err := c.db.Get(&insertid, fmt.Sprintf("insert into %s_meta (userid, meta_key, meta_value) VALUES ($1, $2, $3) returning id", c.TablePrefix), u.UserID, key, value)
|
err := c.db.Get(&insertid, fmt.Sprintf("insert into %s_meta (userid, meta_key, meta_value) VALUES (?,?,?) returning id", c.TablePrefix), u.UserID, key, value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("scsauth: set: insert: %s", err.Error())
|
log.Printf("scsauth: set: insert: %s", err.Error())
|
||||||
return err
|
return err
|
||||||
|
@ -219,7 +218,7 @@ func (u *UserData) Set(key, value string) error {
|
||||||
|
|
||||||
func SaveUser(username string, d UserData) bool {
|
func SaveUser(username string, d UserData) bool {
|
||||||
username = strings.ToLower(username)
|
username = strings.ToLower(username)
|
||||||
q := fmt.Sprintf("update %s_userdata set data=$1 where username = $2", c.TablePrefix)
|
q := fmt.Sprintf("update %s_userdata set data=? where username = ?", c.TablePrefix)
|
||||||
j, err := json.Marshal(d)
|
j, err := json.Marshal(d)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("scsusers.SaveUser: json.Marshal failed for username %s : %s\n", username, err.Error())
|
log.Printf("scsusers.SaveUser: json.Marshal failed for username %s : %s\n", username, err.Error())
|
||||||
|
@ -233,16 +232,6 @@ func SaveUser(username string, d UserData) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func Bump(username string, ip string) {
|
|
||||||
|
|
||||||
username = strings.ToLower(username)
|
|
||||||
q := fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP, lastseenip=$2 where username = $1 limit 1", c.TablePrefix)
|
|
||||||
_, err := c.db.Exec(q, username, ip)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("scsusers.Bump: Error on user bump: %s : %s\n", username, err.Error())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
type Metadata struct {
|
type Metadata struct {
|
||||||
MetaKey string `db:"meta_key"`
|
MetaKey string `db:"meta_key"`
|
||||||
MetaValue string `db:"meta_value"`
|
MetaValue string `db:"meta_value"`
|
||||||
|
@ -254,7 +243,7 @@ func GetAllMeta(username string) map[string]string {
|
||||||
|
|
||||||
q := fmt.Sprintf(`select meta_key, meta_value
|
q := fmt.Sprintf(`select meta_key, meta_value
|
||||||
from %s_user_metadata where
|
from %s_user_metadata where
|
||||||
user_id=(select userid from %s_auth where username = $1)`,
|
user_id=(select userid from %s_auth where username = ?)`,
|
||||||
c.TablePrefix, c.TablePrefix)
|
c.TablePrefix, c.TablePrefix)
|
||||||
rows, err := c.db.Queryx(q, username)
|
rows, err := c.db.Queryx(q, username)
|
||||||
if err != nil && err != sql.ErrNoRows {
|
if err != nil && err != sql.ErrNoRows {
|
||||||
|
@ -278,7 +267,7 @@ func GetMeta(username string, metakey string) string {
|
||||||
username = strings.ToLower(username)
|
username = strings.ToLower(username)
|
||||||
|
|
||||||
q := fmt.Sprintf(`select meta_value from %s_user_metadata where
|
q := fmt.Sprintf(`select meta_value from %s_user_metadata where
|
||||||
user_id=(select userid from %s_auth where username = $1) AND meta_key=$2`, c.TablePrefix, c.TablePrefix)
|
user_id=(select userid from %s_auth where username = ?) AND meta_key=?`, c.TablePrefix, c.TablePrefix)
|
||||||
err := c.db.Get(&v, q, username, metakey)
|
err := c.db.Get(&v, q, username, metakey)
|
||||||
if err != nil && err != sql.ErrNoRows {
|
if err != nil && err != sql.ErrNoRows {
|
||||||
log.Printf("scsusers.GetMeta: %s - %s - %s\n", username, metakey, err.Error())
|
log.Printf("scsusers.GetMeta: %s - %s - %s\n", username, metakey, err.Error())
|
||||||
|
@ -299,12 +288,12 @@ func SetMeta(username string, metakey string, metavalue string) {
|
||||||
username = strings.ToLower(username)
|
username = strings.ToLower(username)
|
||||||
|
|
||||||
if metavalue == "" {
|
if metavalue == "" {
|
||||||
q := fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username = $1) AND meta_key=$2`,
|
q := fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username = ?) AND meta_key=?`,
|
||||||
c.TablePrefix, c.TablePrefix)
|
c.TablePrefix, c.TablePrefix)
|
||||||
_, err = c.db.Exec(q, username, metakey)
|
_, err = c.db.Exec(q, username, metakey)
|
||||||
} else {
|
} else {
|
||||||
q := fmt.Sprintf(`insert into %s_user_metadata (user_id, meta_key, meta_value) VALUES
|
q := fmt.Sprintf(`insert into %s_user_metadata (user_id, meta_key, meta_value) VALUES
|
||||||
((select userid from %s_auth where username = $1), $2, $3)`, c.TablePrefix, c.TablePrefix)
|
((select userid from %s_auth where username = ?), ?, ?)`, c.TablePrefix, c.TablePrefix)
|
||||||
_, err = c.db.Exec(q, username, metakey, metavalue)
|
_, err = c.db.Exec(q, username, metakey, metavalue)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -316,11 +305,11 @@ func RecoverByUsername(username string) {
|
||||||
var email string
|
var email string
|
||||||
username = strings.ToLower(username)
|
username = strings.ToLower(username)
|
||||||
|
|
||||||
q := fmt.Sprintf("select email from %s_auth where username = $1", c.TablePrefix)
|
q := fmt.Sprintf("select email from %s_auth where username = ?", c.TablePrefix)
|
||||||
err := c.db.Get(&email, q, username)
|
err := c.db.Get(&email, q, username)
|
||||||
if err != sql.ErrNoRows {
|
if err != sql.ErrNoRows {
|
||||||
recoverycode := randBytes(16)
|
recoverycode := randBytes(16)
|
||||||
qq := fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username = $2", c.TablePrefix)
|
qq := fmt.Sprintf("update %s_auth set recoverycode=?, recoverytime=NOW() where username = ?", c.TablePrefix)
|
||||||
_, err := c.db.Exec(qq, recoverycode, username)
|
_, err := c.db.Exec(qq, recoverycode, username)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
SendRecoveryEmail(email, username, string(recoverycode))
|
SendRecoveryEmail(email, username, string(recoverycode))
|
||||||
|
@ -330,11 +319,11 @@ func RecoverByUsername(username string) {
|
||||||
|
|
||||||
func RecoverByEmail(e string) {
|
func RecoverByEmail(e string) {
|
||||||
var username, email string
|
var username, email string
|
||||||
q := fmt.Sprintf("select username from %s_auth where email ILIKE $1", c.TablePrefix)
|
q := fmt.Sprintf("select username from %s_auth where email ILIKE ?", c.TablePrefix)
|
||||||
err := c.db.Get(&username, q, e)
|
err := c.db.Get(&username, q, e)
|
||||||
if err != sql.ErrNoRows {
|
if err != sql.ErrNoRows {
|
||||||
recoverycode := randBytes(16)
|
recoverycode := randBytes(16)
|
||||||
qq := fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username = $2", c.TablePrefix)
|
qq := fmt.Sprintf("update %s_auth set recoverycode=?, recoverytime=NOW() where username = ?", c.TablePrefix)
|
||||||
_, err := c.db.Exec(qq, recoverycode, username)
|
_, err := c.db.Exec(qq, recoverycode, username)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
SendRecoveryEmail(email, username, string(recoverycode))
|
SendRecoveryEmail(email, username, string(recoverycode))
|
||||||
|
|
Loading…
Reference in New Issue