Skip to content
This repository was archived by the owner on Sep 19, 2022. It is now read-only.

Commit 10c3344

Browse files
vyskocilpavelvyskocilpavel
authored
Merge pull request #3 from BaranekD/prepared_statements
Prepared statements, saving SourceIdPName, order of rows in tables
2 parents 599209c + babd6f2 commit 10c3344

File tree

2 files changed

+47
-29
lines changed

2 files changed

+47
-29
lines changed

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,10 @@ All notable changes to this project will be documented in this file.
77
- Dictionary
88
- Czech translation
99

10+
[Changed]
11+
- Database commands use prepared statements
12+
- Saving SourceIdPName instead of EntityId
13+
1014
## [v1.1.0]
1115
[Added]
1216
- Added average and maximal count of logins per day into summary table

lib/Auth/Process/DatabaseCommand.php

Lines changed: 43 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -14,18 +14,21 @@ public static function insertLogin(&$request, &$date)
1414
assert($conn != NULL);
1515
$identityProvidersTableName = $databaseConnector->getIdentityProvidersTableName();
1616
$serviceProvidersTableName = $databaseConnector->getServiceProvidersTableName();
17-
$sourceIdp = $request['saml:sp:IdP'];
17+
$sourceIdp = $request['Attributes']['sourceIdPName'][0];
1818
$service = $request['Destination']['name']['en'];
19+
$year = $date->format('Y');
20+
$month = $date->format('m');
21+
$day = $date->format('d');
1922

20-
$sql = "INSERT INTO ".$identityProvidersTableName."(year, month, day, sourceIdp, count) VALUES ('".$date->format('Y')."','".$date->format('m') ."','".$date->format('d')."','".$sourceIdp."','1') ON DUPLICATE KEY UPDATE count = count + 1";
21-
SimpleSAML\Logger::info($sql);
22-
if ($conn->query($sql) === FALSE) {
23+
$stmt = $conn->prepare("INSERT INTO ".$identityProvidersTableName."(year, month, day, sourceIdp, count) VALUES (?, ?, ?, ?, '1') ON DUPLICATE KEY UPDATE count = count + 1");
24+
$stmt->bind_param("iiis", $year, $month, $day, $sourceIdp);
25+
if ($stmt->execute() === FALSE) {
2326
SimpleSAML\Logger::error("The login log wasn't inserted into the database.");
2427
}
2528

26-
$sql = "INSERT INTO ".$serviceProvidersTableName."(year, month, day, service, count) VALUES ('".$date->format('Y')."','".$date->format('m') ."','".$date->format('d')."','".$service."','1') ON DUPLICATE KEY UPDATE count = count + 1";
27-
SimpleSAML\Logger::info($sql);
28-
if ($conn->query($sql) === FALSE) {
29+
$stmt = $conn->prepare("INSERT INTO ".$serviceProvidersTableName."(year, month, day, service, count) VALUES (?, ?, ?, ?, '1') ON DUPLICATE KEY UPDATE count = count + 1");
30+
$stmt->bind_param("iiis", $year, $month, $day, $service);
31+
if ($stmt->execute() === FALSE) {
2932
SimpleSAML\Logger::error("The login log wasn't inserted into the database.");
3033
}
3134

@@ -38,8 +41,9 @@ public static function getLoginCountPerDay()
3841
$conn = $databaseConnector->getConnection();
3942
assert($conn != NULL);
4043
$table_name = $databaseConnector->getIdentityProvidersTableName();
41-
$sql = "SELECT year, month, day, SUM(count) AS count FROM ".$table_name." GROUP BY year,month,day";
42-
$result = $conn->query($sql);
44+
$stmt = $conn->prepare("SELECT year, month, day, SUM(count) AS count FROM ".$table_name." GROUP BY year DESC,month DESC,day DESC");
45+
$stmt->execute();
46+
$result = $stmt->get_result();
4347
while($row = $result->fetch_assoc()) {
4448
echo "[new Date(".$row["year"].",". ($row["month"] - 1 ). ", ".$row["day"]."), {v:".$row["count"]."}],";
4549
}
@@ -53,8 +57,9 @@ public static function getLoginCountPerDeyPerService()
5357
$conn = $databaseConnector->getConnection();
5458
assert($conn != NULL);
5559
$table_name = $databaseConnector->getIdentityProvidersTableName();
56-
$sql = "SELECT year, month, sourceIdp, SUM(count) AS count FROM ".$table_name. " GROUP BY year, month, sourceIdp HAVING sourceIdp != ''";
57-
$result = $conn->query($sql);
60+
$stmt = $conn->prepare("SELECT year, month, sourceIdp, SUM(count) AS count FROM ".$table_name. " GROUP BY year, month, sourceIdp HAVING sourceIdp != '' ORDER BY year DESC, month DESC, count DESC");
61+
$stmt->execute();
62+
$result = $stmt->get_result();
5863
while($row = $result->fetch_assoc()) {
5964
echo "[new Date(".$row["year"].",".($row["month"] - 1 )."),'".$row["sourceIdp"]."', {v:".$row["count"]."}],";
6065
}
@@ -67,8 +72,9 @@ public static function getAccessToServicesPerMonth()
6772
$conn = $databaseConnector->getConnection();
6873
assert($conn != NULL);
6974
$table_name = $databaseConnector->getServiceProvidersTableName();
70-
$sql = "SELECT year, month, service, SUM(count) AS count FROM ".$table_name." GROUP BY year, month, service HAVING service != ''";
71-
$result = $conn->query($sql);
75+
$stmt = $conn->prepare("SELECT year, month, service, SUM(count) AS count FROM ".$table_name." GROUP BY year DESC, month DESC, service HAVING service != '' ORDER BY year DESC, month DESC, count DESC");
76+
$stmt->execute();
77+
$result = $stmt->get_result();
7278
while($row = $result->fetch_assoc()) {
7379
echo "[new Date(".$row["year"].",".($row["month"] - 1 )."),'".$row["service"]."', {v:".$row["count"]."}],"; }
7480
$conn->close();
@@ -80,8 +86,9 @@ public static function getCountOfAllLogins()
8086
$conn = $databaseConnector->getConnection();
8187
assert($conn != NULL);
8288
$table_name = $databaseConnector->getIdentityProvidersTableName();
83-
$sql = "SELECT SUM(count) AS count FROM " . $table_name;
84-
$result = $conn->query($sql);
89+
$stmt = $conn->prepare("SELECT SUM(count) AS count FROM " . $table_name);
90+
$stmt->execute();
91+
$result = $stmt->get_result();
8592
while ($row = $result->fetch_assoc()) {
8693
$count = $row["count"];
8794
}
@@ -101,8 +108,9 @@ public static function getCountOfAllLoginsForToday()
101108
$conn = $databaseConnector->getConnection();
102109
assert($conn != NULL);
103110
$table_name = $databaseConnector->getIdentityProvidersTableName();
104-
$sql = "SELECT SUM(count) AS count FROM " . $table_name." WHERE year = ".$dateTime->format('Y')." AND month=".$dateTime->format('m')." AND day = ".$dateTime->format('d');
105-
$result = $conn->query($sql);
111+
$stmt = $conn->prepare("SELECT SUM(count) AS count FROM " . $table_name." WHERE year = ".$dateTime->format('Y')." AND month=".$dateTime->format('m')." AND day = ".$dateTime->format('d'));
112+
$stmt->execute();
113+
$result = $stmt->get_result();
106114
while ($row = $result->fetch_assoc()) {
107115
$count = $row["count"];
108116
}
@@ -121,8 +129,9 @@ public static function getAccessCountPerService()
121129
$conn = $databaseConnector->getConnection();
122130
assert($conn != NULL);
123131
$table_name = $databaseConnector->getServiceProvidersTableName();
124-
$sql = "SELECT service, SUM(count) AS count FROM ".$table_name." GROUP BY service HAVING service != ''";
125-
$result = $conn->query($sql);
132+
$stmt = $conn->prepare("SELECT service, SUM(count) AS count FROM ".$table_name." GROUP BY service HAVING service != ''");
133+
$stmt->execute();
134+
$result = $stmt->get_result();
126135
while($row = $result->fetch_assoc()) {
127136
echo "['".$row["service"]."', ".$row["count"]."],";
128137
}
@@ -135,8 +144,9 @@ public static function getLoginCountPerIdp()
135144
$conn = $databaseConnector->getConnection();
136145
assert($conn != NULL);
137146
$table_name = $databaseConnector->getIdentityProvidersTableName();
138-
$sql = "SELECT sourceIdp, SUM(count) AS count FROM ".$table_name." GROUP BY sourceIdp HAVING sourceIdp != ''";
139-
$result = $conn->query($sql);
147+
$stmt = $conn->prepare("SELECT sourceIdp, SUM(count) AS count FROM ".$table_name." GROUP BY sourceIdp HAVING sourceIdp != ''");
148+
$stmt->execute();
149+
$result = $stmt->get_result();
140150
while($row = $result->fetch_assoc()) {
141151
echo "['".$row["sourceIdp"]."', ".$row["count"]."],";
142152
}
@@ -149,8 +159,9 @@ public static function getCountOfUsedIdp()
149159
$conn = $databaseConnector->getConnection();
150160
assert($conn != NULL);
151161
$table_name = $databaseConnector->getIdentityProvidersTableName();
152-
$sql = "SELECT COUNT(*) AS count FROM (SELECT DISTINCT sourceIdp FROM ".$table_name." ) AS idps WHERE sourceIdp != ''";
153-
$result = $conn->query($sql);
162+
$stmt = $conn->prepare("SELECT COUNT(*) AS count FROM (SELECT DISTINCT sourceIdp FROM ".$table_name." ) AS idps WHERE sourceIdp != ''");
163+
$stmt->execute();
164+
$result = $stmt->get_result();
154165
while($row = $result->fetch_assoc()) {
155166
$count = $row["count"];
156167
}
@@ -168,8 +179,9 @@ public static function getCountOfAccesedServices()
168179
$conn = $databaseConnector->getConnection();
169180
assert($conn != NULL);
170181
$table_name = $databaseConnector->getServiceProvidersTableName();
171-
$sql = "SELECT COUNT(*) AS count FROM (SELECT DISTINCT service FROM ".$table_name." ) AS services WHERE service != ''";
172-
$result = $conn->query($sql);
182+
$stmt = $conn->prepare("SELECT COUNT(*) AS count FROM (SELECT DISTINCT service FROM ".$table_name." ) AS services WHERE service != ''");
183+
$stmt->execute();
184+
$result = $stmt->get_result();
173185
while($row = $result->fetch_assoc()) {
174186
$count = $row["count"];
175187
}
@@ -187,8 +199,9 @@ public static function getAverageLoginCountPerDay()
187199
$conn = $databaseConnector->getConnection();
188200
assert($conn != NULL);
189201
$table_name = $databaseConnector->getServiceProvidersTableName();
190-
$sql = "SELECT AVG(count) as avg_count FROM (SELECT year, month, day, SUM(count) AS count FROM " . $table_name . " GROUP BY year,month,day ) AS average_count;";
191-
$result = $conn->query($sql);
202+
$stmt = $conn->prepare("SELECT AVG(count) as avg_count FROM (SELECT year, month, day, SUM(count) AS count FROM " . $table_name . " GROUP BY year,month,day ) AS average_count;");
203+
$stmt->execute();
204+
$result = $stmt->get_result();
192205
while($row = $result->fetch_assoc()) {
193206
$avg_count = $row["avg_count"];
194207
}
@@ -206,8 +219,9 @@ public static function getMaxLoginCountPerDay()
206219
$conn = $databaseConnector->getConnection();
207220
assert($conn != NULL);
208221
$table_name = $databaseConnector->getServiceProvidersTableName();
209-
$sql = "SELECT MAX(count) as max_count FROM (SELECT year, month, day, SUM(count) AS count FROM " . $table_name . " GROUP BY year,month,day ) AS maximal_count;";
210-
$result = $conn->query($sql);
222+
$stmt = $conn->prepare("SELECT MAX(count) as max_count FROM (SELECT year, month, day, SUM(count) AS count FROM " . $table_name . " GROUP BY year,month,day ) AS maximal_count;");
223+
$stmt->execute();
224+
$result = $stmt->get_result();
211225
while($row = $result->fetch_assoc()) {
212226
$max_count = $row["max_count"];
213227
}

0 commit comments

Comments
 (0)