webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more qq, security, locale

Browse Source
This commit is contained in:
Ulf Gebhardt 2014-01-20 19:48:49 +01:00
parent 4aeddba43f
commit b5e0bfe59a
10 changed files with 174 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
dbd/qq/SYS_LOCALE_SET_LOCALE.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace SYSTEM\DBD;
class SYS_LOCALE_SET_LOCALE extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = $1'.
' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
//mys
'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.
' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = ? '.
'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;'
);}}

13
dbd/qq/SYS_SECURITY_AVAILABLE.php Normal file
View File

@ -0,0 +1,13 @@
<?php
namespace SYSTEM\DBD;
class SYS_SECURITY_AVAILABLE extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower($1) ;',
//mys
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower(?) ;'
);}}

15
dbd/qq/SYS_SECURITY_CHECK.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace SYSTEM\DBD;
class SYS_SECURITY_CHECK extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_PG.
' WHERE "'.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.'" = $1'.
' AND "'.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.'" = $2;',
//mys
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_MYS.
' WHERE '.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.' = ?'.
' AND '.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.' = ?;'
);}}

17
dbd/qq/SYS_SECURITY_CREATE.php Normal file
View File

@ -0,0 +1,17 @@
<?php
namespace SYSTEM\DBD;
class SYS_SECURITY_CREATE extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'INSERT INTO '.\SYSTEM\DBD\system_user::NAME_PG.
' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
.\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
' VALUES ($1, $2, $3, $4, $5);',
//mys
'INSERT INTO '.\SYSTEM\DBD\system_user::NAME_MYS.
' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
.\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
' VALUES (?, ?, ?, ?, ?);'
);}}

15
dbd/qq/SYS_SECURITY_LOGIN_MD5.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace SYSTEM\DBD;
class SYS_SECURITY_LOGIN_MD5 extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = $3 );',
//mys
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = ? );'
);}}

15
dbd/qq/SYS_SECURITY_LOGIN_SHA1.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace SYSTEM\DBD;
class SYS_SECURITY_LOGIN_SHA1 extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2;',
//mys
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?;'
);}}

15
dbd/qq/SYS_SECURITY_TRACK_LOGINS.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace SYSTEM\DBD;
class SYS_SECURITY_TRACK_LOGINS extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= to_timestamp($1)'.
' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
//mys
'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.
' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= ?'.
' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;'
);}}

15
dbd/qq/SYS_SECURITY_UPDATE_PW.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace SYSTEM\DBD;
class SYS_SECURITY_UPDATE_PW extends \SYSTEM\DB\QP {
protected static function query(){
return new \SYSTEM\DB\QQuery(get_class(),
//pg
'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $1'.
' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
//mys
'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.
' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?'.
' WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;'
);}}

234
security/Security.php
View File

@ -1,138 +1,55 @@
<?php
namespace SYSTEM\SECURITY;
class Security {
const LOGIN_FAIL = false;
const LOGIN_OK = true;
const REGISTER_FAIL = false;
const REGISTER_OK = true;
const LOGOUT_OK = true;
const AVAILABLE_FAIL = false;
const AVAILABLE_OK = true;
const FAIL = false;
const OK = true;
public static function create($username, $password, $email, $locale, $advancedResult=false, $checkAvailable = true){
self::startSession();
// check availability of username (in non-compatibility mode, otherwise it is already checked in DasenseAccount)
if($checkAvailable && !self::available($username)){
return self::REGISTER_FAIL;}
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\system_user::NAME_PG.
' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
.\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
' VALUES ($1, $2, $3, $4, $5) RETURNING *;',
array( $username , $password, $email, $locale, 1 ));
} else {
$result = $con->prepare('createAccountStmt','INSERT INTO '.\SYSTEM\DBD\system_user::NAME_MYS.
' ('.\SYSTEM\DBD\system_user::FIELD_USERNAME.','.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.','
.\SYSTEM\DBD\system_user::FIELD_EMAIL.','.\SYSTEM\DBD\system_user::FIELD_LOCALE.','.\SYSTEM\DBD\system_user::FIELD_ACCOUNT_FLAG.')'.
' VALUES (?, ?, ?, ?, ?);',
array( $username , $password, $email, $locale, 1 ));
}
return self::FAIL;}
$result = \SYSTEM\DBD\SYS_SECURITY_CREATE::Q1(array( $username , $password, $email, $locale, 1 ));
if( !$result || !self::login($username, $password, $locale)){
return self::REGISTER_FAIL;}
return ($advancedResult ? $result->next() : self::REGISTER_OK);
return self::FAIL;}
return ($advancedResult ? \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password)) : self::OK);
}
public static function changePassword($username, $password_sha_old, $password_sha_new){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('',
'SELECT id FROM '.\SYSTEM\DBD\system_user::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2;',
array($username, $password_sha_old) );
}else{
return 'MySQL Query not implemented!';
}
$row = $result->next();
$row = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::Q1(array($username, $password_sha_old));
if(!$row){
return 0; // old password wrong
}
return self::FAIL;} // old password wrong
$userID = $row['id'];
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('',
'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.
' SET "password_sha" = $1 WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
array($password_sha_new, $userID) );
}else{
return 'MySQL Query not implemented!';
}
return 1;
\SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($password_sha_new, $userID));
return self::OK;
}
public static function login($username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
self::startSession();
if(!isset($password_sha)){
self::trackLogins(NULL, self::LOGIN_FAIL);
//self::trackLogins(NULL, self::FAIL);
$_SESSION['user'] = NULL;
return self::LOGIN_FAIL;}
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(isset($password_md5)){
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('loginAccountStmt',
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR
'.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $3 OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = $4 );',
array($username, $password_sha, $password_sha_new, $password_md5) );
} else {
$result = $con->prepare('loginAccountStmt',
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
' AND ('.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? OR '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_MD5.' = ? );',
array($username, $password_sha, $password_md5) );
}
}else{
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('loginAccountStmtSHA',
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower($1)'.
' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $2 OR
'.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $3 ;',
array($username, $password_sha, $password_sha_new) );
} else {
$result = $con->prepare('loginAccountStmtSHA',
'SELECT * FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') LIKE lower(?)'.
' AND '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ?;',
array($username, $password_sha) );
}
}
return self::FAIL;}
//Database check
if(isset($password_md5)){
$result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_MD5::QQ(array($username, $password_sha, $password_md5));
}else{
$result = \SYSTEM\DBD\SYS_SECURITY_LOGIN_SHA1::QQ(array($username, $password_sha));}
if(!$result){
new \SYSTEM\LOG\WARNING("Login Failed, Db result was not valid");
$_SESSION['user'] = NULL;
return self::LOGIN_FAIL;}
return self::FAIL;}
$row = $result->next();
if(!$row){
new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");
$_SESSION['user'] = NULL;
return self::LOGIN_FAIL;}
return self::FAIL;}
// set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
if(!$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] || strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){
if( !$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] ||
strlen($row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA]) < 40){
if($password_sha_new != NULL){
$pw = $password_sha_new;
@ -140,19 +57,9 @@ class Security {
$pw = $password_sha;
}
unset($result);
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'updatePasswordSHAStmt',
'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.';',
array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
}else{
$res = $con->prepare( 'updatePasswordSHAStmt',
'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.' SET '.\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA.' = ? WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?'.';',
array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
}
$res = $res->next();
\SYSTEM\DBD\SYS_SECURITY_UPDATE_PW::Q1(array($pw,$row[\SYSTEM\DBD\system_user::FIELD_ID]));
$row[\SYSTEM\DBD\system_user::FIELD_PASSWORD_SHA] = $pw;
}
// set session variables
$_SESSION['user'] = new User( $row[\SYSTEM\DBD\system_user::FIELD_ID],
$row[\SYSTEM\DBD\system_user::FIELD_USERNAME],
@ -163,59 +70,29 @@ class Security {
0,
NULL,
$row[\SYSTEM\DBD\system_user::FIELD_LOCALE]);
if(isset($locale)){
\SYSTEM\locale::set($locale);}
// track succesful user login
self::trackLogins($row[\SYSTEM\DBD\system_user::FIELD_ID]);
return ($advancedResult ? $row : self::LOGIN_OK);
//self::trackLogins($row[\SYSTEM\DBD\system_user::FIELD_ID]);
return ($advancedResult ? $row : self::OK);
}
private static function trackLogins($userID){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$con->prepare( 'trackLoginAccountStmt',
'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= to_timestamp($1) '.
'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2;',
array(microtime(true), $userID));
} else {
$con->prepare( 'trackLoginAccountStmt',
'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.' SET '.\SYSTEM\DBD\system_user::FIELD_LAST_ACTIVE.'= ? '.
'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;',
array(microtime(true), $userID));
}
}
\SYSTEM\DBD\SYS_SECURITY_TRACK_LOGINS::Q1(array(microtime(true), $userID));}
public static function getUser(){
if(!self::isLoggedIn()){
return NULL;}
return $_SESSION['user'];}
/**
* Determine if username exists
*
* @param String $username
*/
// Determine if username exists
public static function available($username){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'availableStmt',
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower($1) ;',
array($username));
} else {
$res = $con->prepare( 'availableStmt',
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\system_user::NAME_MYS.
' WHERE lower('.\SYSTEM\DBD\system_user::FIELD_USERNAME.') like lower(?) ;',
array($username));
}
if(!($res = $res->next())){
$res = \SYSTEM\DBD\SYS_SECURITY_AVAILABLE::Q1(array($username));
if(!$res){
throw new \SYSTEM\LOG\ERRROR("Cannot determine the availability of username!");}
if($res['count'] != 0){
return self::AVAILABLE_FAIL;}
return self::AVAILABLE_OK;
return self::FAIL;}
return self::OK;
}
//checks for a right for a logged in user
@ -225,25 +102,9 @@ class Security {
$user = null;
if(!($user = self::getUser())){
return false;}
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'security_check',
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_PG.
' WHERE "'.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.'" = $1'.
' AND "'.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.'" = $2;',
array($user->id, $rightid));
} else {
$res = $con->prepare( 'security_check',
'SELECT COUNT(*) as count FROM '.\SYSTEM\DBD\UserRightsTable::NAME_MYS.
' WHERE '.\SYSTEM\DBD\UserRightsTable::FIELD_USERID.' = ?'.
' AND '.\SYSTEM\DBD\UserRightsTable::FIELD_RIGHTID.' = ?;',
array($user->id, $rightid));
}
if(!($res = $res->next())){
$res = \SYSTEM\DBD\SYS_SECURITY_CHECK::Q1(array($user->id, $rightid));
if(!$res){
throw new \SYSTEM\LOG\ERROR("Cannot determine if you have the required rights!");}
if($res['count'] == 0){
return false;}
return true;
@ -253,44 +114,23 @@ class Security {
public static function logout(){
self::startSession();
session_destroy();
return self::OK;}
return self::LOGOUT_OK;
}
public static function save($key,$value){
self::startSession();
$_SESSION['values'][$key] = $value;}
public static function load($key){
self::startSession();
if(!isset($_SESSION['values'][$key])){
return NULL;}
return $_SESSION['values'][$key];}
return $_SESSION['values'][$key];
}
public static function isLoggedIn(){
self::startSession();
return (isset($_SESSION['user']) && $_SESSION['user'] instanceof User);}
private static function startSession(){
if(!isset($_SESSION) && !headers_sent()){
\session_start();}
}
//This functions is called from \SYSTEM\locale::set()
public static function _db_setLocale($lang){
$user = self::getUser();
if(!$user){
throw new \SYSTEM\LOG\ERROR("You need to be logged in");}
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
if(\SYSTEM\system::isSystemDbInfoPG()){
$res = $con->prepare( 'updateUserLocaleStmt',
'UPDATE '.\SYSTEM\DBD\system_user::NAME_PG.' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = $1 '.
'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\system_user::FIELD_LOCALE.';',
array($lang, $user->id));
}else{
$res = $con->prepare( 'updateUserLocaleStmt',
'UPDATE '.\SYSTEM\DBD\system_user::NAME_MYS.' SET '.\SYSTEM\DBD\system_user::FIELD_LOCALE.' = ? '.
'WHERE '.\SYSTEM\DBD\system_user::FIELD_ID.' = ?;',
array($lang, $user->id));
}
return true;
}
\session_start();}}
}

8
system/locale.php
View File

@ -10,7 +10,9 @@ class locale {
\SYSTEM\SECURITY\Security::save(self::SESSION_KEY, $lang);
if(\SYSTEM\SECURITY\Security::isLoggedIn()){
\SYSTEM\SECURITY\Security::_db_setLocale($lang);}
$user = \SYSTEM\SECURITY\Security::getUser();
\SYSTEM\DBD\SYS_LOCALE_SET_LOCALE::Q1(array($lang, $user->id));
}
return true;
}
@ -52,7 +54,9 @@ class locale {
$where .= 'OR '.$q.\SYSTEM\DBD\system_locale_string::FIELD_ID.$q.' = $1 ';
}
$where = substr($where,2);
//those querys cant be done with qq, since they are dynamic
//they sql string is generated and prepare does not cover all the required parameterization
//hence qq cant be used on this purpose!
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
$res = $con->prepare( 'localeArrStmt', 'SELECT '.$q.$lang.$q.','.$q.\SYSTEM\DBD\system_locale_string::FIELD_ID.$q.' FROM '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\system_locale_string::NAME_PG : \SYSTEM\DBD\sytem_locale_string::NAME_MYS).' WHERE '.$where,
$request);