6f10bb6c87d61d1e59e32fbb11c93b059d4e5d50 chinhli Wed Aug 8 13:11:02 2012 -0700 Upper case all mysql keywords in query statements. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 6829923..7defb53 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -441,31 +441,31 @@ safef(msg, sizeof(msg), "Someone (probably you, from IP address %s) has requested user name(s) associated with this email address at %s: \n\n %s\n\n%s\n%s", remoteAddr, brwName, users, signature, returnAddr); sendMailOut(email, subject, msg); } void sendUsername(struct sqlConnection *conn, char *email) /* email user username(s) */ { struct sqlResult *sr; char **row; char query[256]; /* find all the user names assocaited with this email address */ char userList[256]=""; -safef(query,sizeof(query),"select * from gbMembers where email='%s'", email); +safef(query,sizeof(query),"SELECT * FROM gbMembers WHERE email='%s'", email); sr = sqlGetResult(conn, query); int numUser = 0; while ((row = sqlNextRow(sr)) != NULL) { struct gbMembers *m = gbMembersLoad(row); if (numUser >= 1) safecat(userList, sizeof(userList), ", "); safecat(userList, sizeof(userList), m->userName); numUser += 1; } sqlFreeResult(&sr); mailUsername(email, userList); } void sendNewPwdMail(char *username, char *email, char *password) @@ -536,62 +536,62 @@ "<div class=\"formControls\">" " <input type=\"submit\" name=\"hgLogin.do.accountHelp\" value=\"Continue\" class=\"largeButton\">" " <a href=\"%s\">Cancel</a>" "</div>" "</form>" "</div><!-- END - accountHelpBox -->", username, email, getReturnToURL()); cartSaveSession(cart); } void sendNewPassword(struct sqlConnection *conn, char *username, char *password) /* email user new password */ { struct sqlResult *sr; char query[256]; /* find email address associated with this username */ -safef(query,sizeof(query),"select email from gbMembers where userName='%s'", username); +safef(query,sizeof(query),"SELECT email FROM gbMembers WHERE userName='%s'", username); char *email = sqlQuickString(conn, query); if (!email || sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email address not found."); displayAccHelpPage(conn); return; } sendNewPwdMail(username, email, password); sqlFreeResult(&sr); } void lostPassword(struct sqlConnection *conn, char *username) /* Generate and mail new password to user */ { char query[256]; char *password = generateRandomPassword(); char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); -safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),newPassword='%s', newPasswordExpire=DATE_ADD(NOW(), INTERVAL 7 DAY), passwordChangeRequired='Y' where userName='%s'", +safef(query,sizeof(query), "UPDATE gbMembers SET lastUse=NOW(),newPassword='%s', newPasswordExpire=DATE_ADD(NOW(), INTERVAL 7 DAY), passwordChangeRequired='Y' WHERE userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(username)); sqlUpdate(conn, query); sendNewPassword(conn, username, password); return; } void clearNewPasswordFields(struct sqlConnection *conn, char *username) /* clear the newPassword fields */ { char query[256]; -safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),newPassword='', newPasswordExpire='', passwordChangeRequired='N' where userName='%s'", +safef(query,sizeof(query), "UPDATE gbMembers SET lastUse=NOW(),newPassword='', newPasswordExpire='', passwordChangeRequired='N' WHERE userName='%s'", sqlEscapeString(username)); sqlUpdate(conn, query); cartRemove(cart, "hgLogin_changeRequired"); return; } void sendActivateMail(char *email, char *username, char *encToken) /* Send activation mail with token to user*/ { char subject[256]; char msg[4096]; char activateURL[256]; char *hgLoginHost = wikiLinkHost(); char *remoteAddr=getenv("REMOTE_ADDR"); char *urlEncodedUsername=replaceChars(username," ","%20"); @@ -602,31 +602,31 @@ sqlEscapeString(urlEncodedUsername), sqlEscapeString(encToken)); safef(subject, sizeof(subject),"%s account e-mail address confirmation", brwName); safef(msg, sizeof(msg), "Someone (probably you, from IP address %s) has requested an account %s with this e-mail address on the %s.\nTo confirm that this account really does belong to you on the %s, open this link in your browser:\n\n%s\n\nIf this is *not* you, do not follow the link. This confirmation code will expire in 7 days.\n\n%s\n%s", remoteAddr, username, brwName, brwName, activateURL, signature, returnAddr); sendActMailOut(email, subject, msg); } void setupNewAccount(struct sqlConnection *conn, char *email, char *username) /* Set up new user account and send activation mail to user */ { char query[256]; char *token = generateRandomPassword(); char *tokenMD5 = generateTokenMD5(token); -safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),emailToken='%s', emailTokenExpires=DATE_ADD(NOW(), INTERVAL 7 DAY), accountActivated='N' where userName='%s'", +safef(query,sizeof(query), "UPDATE gbMembers SET lastUse=NOW(),emailToken='%s', emailTokenExpires=DATE_ADD(NOW(), INTERVAL 7 DAY), accountActivated='N' WHERE userName='%s'", sqlEscapeString(tokenMD5), sqlEscapeString(username) ); sqlUpdate(conn, query); sendActivateMail(email, username, tokenMD5); return; } void displayLoginPage(struct sqlConnection *conn) /* draw the account login page */ { char *username = cartUsualString(cart, "hgLogin_userName", ""); hPrintf("<div id=\"loginBox\" class=\"centeredContainer formBox\">" "\n" "<h2>%s</h2>" @@ -664,35 +664,35 @@ "</div><!-- END - loginBox -->" "\n" "\n" "</body>" "</html>", username, getReturnToURL()); cartSaveSession(cart); } void activateAccount(struct sqlConnection *conn) /* activate account */ { char query[256]; char *token = cgiUsualString("token", ""); char *username = cgiUsualString("user",""); safef(query,sizeof(query), - "select emailToken from gbMembers where userName='%s'", username); + "SELECT emailToken FROM gbMembers WHERE userName='%s'", username); char *emailToken = sqlQuickString(conn, query); if (sameString(emailToken, token)) { - safef(query,sizeof(query), "update gbMembers set lastUse=NOW(), dateActivated=NOW(), emailToken='', emailTokenExpires='', accountActivated='Y' where userName='%s'", + safef(query,sizeof(query), "UPDATE gbMembers SET lastUse=NOW(), dateActivated=NOW(), emailToken='', emailTokenExpires='', accountActivated='Y' WHERE userName='%s'", username); sqlUpdate(conn, query); freez(&errMsg); errMsg = cloneString("Your account has been activated."); } else { freez(&errMsg); errMsg = cloneString("Token does not match."); } cartSetString(cart, "hgLogin_userName", username); displayLoginPage(conn); return; } @@ -783,55 +783,55 @@ errMsg = cloneString("Re-enter New Password field cannot be blank."); changePasswordPage(conn); return; } if (newPassword1 && newPassword2 && !sameString(newPassword1, newPassword2)) { freez(&errMsg); errMsg = cloneString("New passwords do not match."); changePasswordPage(conn); return; } /* check username existence and is user using a new password */ char *password; if (changeRequired && sameString(changeRequired, "YES")) { - safef(query,sizeof(query), "select newPassword from gbMembers where userName='%s'", user); + safef(query,sizeof(query), "SELECT newPassword FROM gbMembers WHERE userName='%s'", user); password = sqlQuickString(conn, query); } else { - safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); + safef(query,sizeof(query), "SELECT password FROM gbMembers WHERE userName='%s'", user); password = sqlQuickString(conn, query); } if (!password) { freez(&errMsg); errMsg = cloneString(incorrectUsername); changePasswordPage(conn); return; } if (!checkPwd(currentPassword, password)) { freez(&errMsg); errMsg = cloneString("Invalid current password."); changePasswordPage(conn); return; } char encPwd[45] = ""; encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); -safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); +safef(query,sizeof(query), "UPDATE gbMembers SET password='%s' WHERE userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); sqlUpdate(conn, query); clearNewPasswordFields(conn, user); hPrintf("<h2>%s</h2>", brwName); hPrintf( "<p align=\"left\">" "</p>" "<h3>Password has been changed.</h3>"); cartRemove(cart, "hgLogin_password"); cartRemove(cart, "hgLogin_newPassword1"); cartRemove(cart, "hgLogin_newPassword2"); returnToURL(150); } void signupPage(struct sqlConnection *conn) @@ -895,31 +895,31 @@ { freez(&errMsg); errMsg = cloneString("User name cannot be blank."); signupPage(conn); return; } /* Make sure the escaped usrename is less than 32 characters */ if (strlen(user) > 32) { freez(&errMsg); errMsg = cloneString("Encoded username longer than 32 characters."); signupPage(conn); return; } -safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); +safef(query,sizeof(query), "SELECT password FROM gbMembers WHERE userName='%s'", user); char *password = sqlQuickString(conn, query); if (password) { freez(&errMsg); errMsg = cloneString("A user with this name already exists."); signupPage(conn); freez(&user); return; } char *email = cartUsualString(cart, "hgLogin_email", ""); if (!email || sameString(email,"")) { freez(&errMsg); @@ -969,31 +969,31 @@ errMsg = cloneString("Password field cannot be blank."); signupPage(conn); return; } if (password && password2 && !sameString(password, password2)) { freez(&errMsg); errMsg = cloneString("Passwords do not match."); signupPage(conn); return; } /* pass all the checks, OK to create the account now */ char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); -safef(query,sizeof(query), "insert into gbMembers set " +safef(query,sizeof(query), "INSERT INTO gbMembers SET " "userName='%s',password='%s',email='%s', " "lastUse=NOW(),accountActivated='N'", sqlEscapeString(user),sqlEscapeString(encPwd),sqlEscapeString(email)); sqlUpdate(conn, query); setupNewAccount(conn, email, user); /* send out activate code mail, and display the mail confirmation box */ hPrintf("<h2>%s</h2>", brwName); hPrintf( "<p align=\"left\">\n" "</p>\n" "<h3>User %s successfully added.</h3>\n", user); cartRemove(cart, "hgLogin_email"); cartRemove(cart, "hgLogin_email2"); cartRemove(cart, "hgLogin_userName"); cartRemove(cart, "user"); @@ -1017,81 +1017,81 @@ freez(&errMsg); errMsg = cloneString("Email address cannot be blank."); displayAccHelpPage(conn); return; } else if (spc_email_isvalid(email) == 0) { freez(&errMsg); errMsg = cloneString("Invalid email address format."); displayAccHelpPage(conn); return; } else { safef(query,sizeof(query), - "select password from gbMembers where email='%s'", email); + "SELECT password FROM gbMembers WHERE email='%s'", email); char *password = sqlQuickString(conn, query); cartSetString(cart, "hgLogin_sendMailTo", email); cartSetString(cart, "hgLogin_sendMailContain", "username(s)"); if (!password) /* Email address not found */ { displayMailSuccess(); return; } sendUsername(conn, email); return; } } /* Forgot password */ if (sameString(helpWith,"password")) { /* validate username first */ if (sameString(username,"")) { freez(&errMsg); errMsg = cloneString("Username cannot be blank."); displayAccHelpPage(conn); return; } else { safef(query,sizeof(query), - "select password from gbMembers where userName='%s'", username); + "SELECT password FROM gbMembers WHERE userName='%s'", username); char *password = sqlQuickString(conn, query); if (!password) { freez(&errMsg); errMsg = cloneString(incorrectUsername); displayAccHelpPage(conn); return; } } lostPassword(conn, username); return; } displayAccHelpPage(conn); return; } boolean usingNewPassword(struct sqlConnection *conn, char *userName, char *password) /* The user is using requested new password */ { char query[256]; -safef(query,sizeof(query), "select passwordChangeRequired from gbMembers where userName='%s'", userName); +safef(query,sizeof(query), "SELECT passwordChangeRequired FROM gbMembers WHERE userName='%s'", userName); char *change = sqlQuickString(conn, query); -safef(query,sizeof(query), "select newPassword from gbMembers where userName='%s'", userName); +safef(query,sizeof(query), "SELECT newPassword FROM gbMembers WHERE userName='%s'", userName); char *newPassword = sqlQuickString(conn, query); if (change && sameString(change, "Y") && checkPwd(password, newPassword)) return TRUE; else return FALSE; } char *getCookieDomainName() /* Return domain name to be used by the cookies or NULL. Allocd here. */ /* Return central.domain if returnToURL is also in the same domain. */ /* else return the domain in returnTo URL generated by remote hgSession.*/ { char *centralDomain=cloneString(cfgOption(CFG_CENTRAL_DOMAIN)); char *returnURL = getReturnToURL(); char returnToDomain[256]; @@ -1142,31 +1142,31 @@ freez(&errMsg); errMsg = cloneString("User name cannot be blank."); displayLoginPage(conn); return; } /* for password security, use cgi hash instead of cart */ char *password = cgiUsualString("hgLogin_password", ""); if (sameString(password,"")) { freez(&errMsg); errMsg = cloneString("Password cannot be blank."); displayLoginPage(conn); return; } -safef(query,sizeof(query),"select * from gbMembers where userName='%s'", userName); +safef(query,sizeof(query),"SELECT * FROM gbMembers WHERE userName='%s'", userName); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) == NULL) { freez(&errMsg); errMsg = cloneString(incorrectUsernameOrPassword); displayLoginPage(conn); return; } struct gbMembers *m = gbMembersLoad(row); sqlFreeResult(&sr); /* Check user name exist and account activated */ if (!sameString(m->accountActivated,"Y")) { freez(&errMsg);