Column names escaping64

README.md

@@ -54,6 +54,18 @@ Set up your Silex application something like this:
     $app->register(new Provider\UrlGeneratorServiceProvider());
     $app->register(new Provider\TwigServiceProvider());
     $app->register(new Provider\SwiftmailerServiceProvider());
+    $app->register(new Provider\TranslationServiceProvider(), array(
+        'locale_fallbacks' => array('en-EN', 'pl-PL'),
+    ));
+
+    // locale session storage
+    $currentLocale = 'en-EN';
+    if ($app['session']->get('current_language')) {
+        $currentLocale = $app['session']->get('current_language');
+    }
+    //
+    /* sets current language */
+    $app['translator']->setLocale($currentLocale);
 
     // Register the SimpleUser service provider.
     $simpleUserProvider = new SimpleUser\UserServiceProvider();
@@ -68,11 +80,22 @@ Set up your Silex application something like this:
     // Mount the user controller routes:
     $app->mount('/user', $simpleUserProvider);
 
-    /*
-    // Other routes and controllers...
+
+
+
+    /* Other routes and controllers...
+
+    // main page
     $app->get('/', function () use ($app) {
         return $app['twig']->render('index.twig', array());
     });
+
+    // switch language
+    $app->match('/{lang}/', function ($lang) use ($app) {
+
+                $app['session']->set('current_language', $lang);
+                return $app->redirect($_SERVER['HTTP_REFERER']);
+    })->assert('lang','[\w-]{2,5}');
     */
 
     // ...

composer.json

@@ -18,7 +18,8 @@
         "doctrine/dbal": "~2.4",
         "symfony/twig-bridge": "~2.3",
         "jasongrimes/paginator": "~1.0",
-        "swiftmailer/swiftmailer": "~5.3"
+        "swiftmailer/swiftmailer": "~5.3",
+        "symfony/translation": "^2.7"
     },
     "require-dev": {
         "phpunit/phpunit": "~4.2",

src/SimpleUser/UserManager.php

@@ -456,9 +456,9 @@ protected function createCommonFindSql(array $criteria = array())
                 $i++;
                 $alias = 'custom' . $i;
                 $sql .= 'JOIN ' . $this->conn->quoteIdentifier($this->userCustomFieldsTableName). ' ' . $alias . ' ';
-                $sql .= 'ON ' . $this->conn->quoteIdentifier($this->userTableName). '.' . $this->getUserColumns('id') . ' = ' . $alias . '.'. $this->getUserColumns('user_id').' ';
-                $sql .= 'AND ' . $alias . '.'.$this->getUserColumns('attribute').' = :attribute' . $i . ' ';
-                $sql .= 'AND ' . $alias . '.'.$this->getUserColumns('value').' = :value' . $i . ' ';
+                $sql .= 'ON ' . $this->conn->quoteIdentifier($this->userTableName). '.' . $this->getUserColumnsEscaped('id') . ' = ' . $alias . '.'. $this->getUserColumnsEscaped('user_id').' ';
+                $sql .= 'AND ' . $alias . '.'.$this->getUserColumnsEscaped('attribute').' = :attribute' . $i . ' ';
+                $sql .= 'AND ' . $alias . '.'.$this->getUserColumnsEscaped('value').' = :value' . $i . ' ';
                 $params['attribute' . $i] = $attribute;
                 $params['value' . $i] = $value;
             }
@@ -469,8 +469,9 @@ protected function createCommonFindSql(array $criteria = array())
             if ($key == 'customFields') {
                 continue;
             } else {
-                $sql .= ($first_crit ? 'WHERE' : 'AND') . ' ' . $key . ' = :' . $key . ' ';
-                $params[$key] = $val;
+                $param_key = preg_replace('/[^\w]/', '', $key);
+                $sql .= ($first_crit ? 'WHERE' : 'AND') . ' ' . $this->conn->quoteIdentifier($key) . ' = :' . $param_key . ' ';
+                $params[$param_key] = $val;
             }
             $first_crit = false;
         }
@@ -503,9 +504,9 @@ public function insert(User $user)
         $this->dispatcher->dispatch(UserEvents::BEFORE_INSERT, new UserEvent($user));
 
         $sql = 'INSERT INTO ' . $this->conn->quoteIdentifier($this->userTableName) . '
-            ('.$this->getUserColumns('email').', '.$this->getUserColumns('password').', '.$this->getUserColumns('salt').', '.$this->getUserColumns('name').
-                ', '.$this->getUserColumns('roles').', '.$this->getUserColumns('time_created').', '.$this->getUserColumns('username').', '.$this->getUserColumns('isEnabled').
-                ', '.$this->getUserColumns('confirmationToken').', '.$this->getUserColumns('timePasswordResetRequested').')
+            ('.$this->getUserColumnsEscaped('email').', '.$this->getUserColumnsEscaped('password').', '.$this->getUserColumnsEscaped('salt').', '.$this->getUserColumnsEscaped('name').
+                ', '.$this->getUserColumnsEscaped('roles').', '.$this->getUserColumnsEscaped('time_created').', '.$this->getUserColumnsEscaped('username').', '.$this->getUserColumnsEscaped('isEnabled').
+                ', '.$this->getUserColumnsEscaped('confirmationToken').', '.$this->getUserColumnsEscaped('timePasswordResetRequested').')
             VALUES (:email, :password, :salt, :name, :roles, :timeCreated, :username, :isEnabled, :confirmationToken, :timePasswordResetRequested) ';
 
         $params = array(
@@ -542,17 +543,17 @@ public function update(User $user)
         $this->dispatcher->dispatch(UserEvents::BEFORE_UPDATE, new UserEvent($user));
 
         $sql = 'UPDATE ' . $this->conn->quoteIdentifier($this->userTableName). '
-            SET '.$this->getUserColumns('email').' = :email
-            , '.$this->getUserColumns('password').' = :password
-            , '.$this->getUserColumns('salt').' = :salt
-            , '.$this->getUserColumns('name').' = :name
-            , '.$this->getUserColumns('roles').' = :roles
-            , '.$this->getUserColumns('time_created').' = :timeCreated
-            , '.$this->getUserColumns('username').' = :username
-            , '.$this->getUserColumns('isEnabled').' = :isEnabled
-            , '.$this->getUserColumns('confirmationToken').' = :confirmationToken
-            , '.$this->getUserColumns('timePasswordResetRequested').' = :timePasswordResetRequested
-            WHERE '.$this->getUserColumns('id').' = :id';
+            SET '.$this->getUserColumnsEscaped('email').' = :email
+            , '.$this->getUserColumnsEscaped('password').' = :password
+            , '.$this->getUserColumnsEscaped('salt').' = :salt
+            , '.$this->getUserColumnsEscaped('name').' = :name
+            , '.$this->getUserColumnsEscaped('roles').' = :roles
+            , '.$this->getUserColumnsEscaped('time_created').' = :timeCreated
+            , '.$this->getUserColumnsEscaped('username').' = :username
+            , '.$this->getUserColumnsEscaped('isEnabled').' = :isEnabled
+            , '.$this->getUserColumnsEscaped('confirmationToken').' = :confirmationToken
+            , '.$this->getUserColumnsEscaped('timePasswordResetRequested').' = :timePasswordResetRequested
+            WHERE '.$this->getUserColumnsEscaped('id').' = :id';
 
         $params = array(
             'email' => $user->getEmail(),
@@ -581,11 +582,11 @@ public function update(User $user)
     protected function saveUserCustomFields(User $user)
     {
         $this->conn->executeUpdate('DELETE FROM ' . $this->conn->quoteIdentifier($this->userCustomFieldsTableName). ' 
-            WHERE '.$this->getUserColumns('user_id').' = ?', array($user->getId()));
+            WHERE '.$this->getUserColumnsEscaped('user_id').' = ?', array($user->getId()));
 
         foreach ($user->getCustomFields() as $attribute => $value) {
             $this->conn->executeUpdate('INSERT INTO ' . $this->conn->quoteIdentifier($this->userCustomFieldsTableName). 
-                    ' ('.$this->getUserColumns('user_id').', '.$this->getUserColumns('attribute').', '.$this->getUserColumns('value').') VALUES (?, ?, ?) ',
+                    ' ('.$this->getUserColumnsEscaped('user_id').', '.$this->getUserColumnsEscaped('attribute').', '.$this->getUserColumnsEscaped('value').') VALUES (?, ?, ?) ',
                 array($user->getId(), $attribute, $value));
         }
     }
@@ -706,22 +707,33 @@ public function getUserTableName()
     }
 
     public function setUserColumns(array $userColumns){
-        $conn = $this->conn;
-        //Escape the column names
-
-        $escapedUserColumns = array_map(function($column) use ($conn){
-            return $conn->quoteIdentifier($column,\PDO::PARAM_STR);
-        }, $userColumns);
-
         //Merge the existing column names
-        $this->userColumns = array_merge($this->userColumns, $escapedUserColumns);
+        $this->userColumns = array_merge($this->userColumns, $userColumns);
     }
 
-    public function getUserColumns($column = ""){
-        if ($column == "") return $this->userColumns;
+    public function getUserColumns($column = null){
+        if ($column === null) return $this->userColumns;
         else return $this->userColumns[$column];
     }
 
+    public function getUserColumnsEscaped($column = null)
+    {
+        $userColumns = $this->getUserColumns();
+
+        $conn = $this->conn;
+
+        if ($column === null){
+            $columns = $userColumns;
+            $escapedColumns = array_map(function($column) use ($conn){
+                return $conn->quoteIdentifier($column,\PDO::PARAM_STR);
+            }, $columns);
+
+            return $escapedColumns;
+        }
+        else 
+            return $conn->quoteIdentifier($userColumns[$column],\PDO::PARAM_STR);
+    }
+
     public function setUserCustomFieldsTableName($userCustomFieldsTableName)
     {
         $this->userCustomFieldsTableName = $userCustomFieldsTableName;

src/SimpleUser/UserServiceProvider.php

@@ -92,6 +92,9 @@ public function register(Application $app)
                 'attribute' => 'attribute',
                 'value' => 'value',
             ),
+
+            'availableLocales' => array('en_EN', 'pl_PL'),
+
         );
 
         // Initialize $app['user.options'].
@@ -184,6 +187,33 @@ public function register(Application $app)
             return $mailer;
         });
 
+        $app['translator'] = $app->extend('translator', function($translator) {
+
+            $appCurrentlocale = $translator->getLocale();
+
+            // if app locale is in a short form (e.g. en, de, pl) transform it to valid culture code (en_EN)
+            $localeCodeLen = strlen($appCurrentlocale);
+            if($localeCodeLen===2)
+                $cultureCode = strtolower($appCurrentlocale) . '_' . strtoupper($appCurrentlocale);
+            elseif($localeCodeLen===5) 
+                $cultureCode = $appCurrentlocale;
+            else
+                $cultureCode = 'en-EN';
+
+            // if there is no translation for determined lang, switch to en_EN as default
+            if(!is_dir(__DIR__."/translations/$cultureCode"))
+                $cultureCode = 'en-EN';
+
+            // load User Service Provider translations
+            $translator->addLoader('yaml', new \Symfony\Component\Translation\Loader\YamlFileLoader());
+
+            foreach (glob(__DIR__.'/translations/'. $cultureCode . '/*.yml') as $translationFile) {
+                $translator->addResource('yaml', $translationFile, $cultureCode);
+            }
+
+            return $translator;
+        });
+
         // Add a custom security voter to support testing user attributes.
         $app['security.voters'] = $app->extend('security.voters', function($voters) use ($app) {
             foreach ($voters as $voter) {

src/SimpleUser/translations/en-EN/labels.yml

@@ -0,0 +1,103 @@
+user:
+    List users: Users
+    Toggle navigation: Toggle Navigation
+    Create account: Create account
+    Sign in: Sign in
+    View your profile: View your profile
+    Edit your profile: Edit your profile
+    Sign out: Sign out
+    username: username
+    email: email
+    password: password
+    remember: remember me on this computer
+    not_registerd_question: don't have an account?
+    forgot_password_question: forgot password?
+    create_now: register now
+    hello: hello
+
+    #register
+    alreadyRegistered: Hello, %displayName%. You are already registered and signed in.
+    create_account: create an account
+    already_have_account_question: already have an account?
+    public_name: Name
+    public_name_note: Shown publicly
+    never_shared_note: Never shared
+    retype_password_label: re-type password
+    confirm_password_label: confirm password
+    register: register
+    sign_in_now: Sign in now
+
+    #forgot password
+    enter_password_note: Enter your email address below and we'll send you password reset instructions.
+    your_email_address: Your email address
+    send_me_instructions: Send me reset instructions
+    backToLogin: Back to login
+    spamboxNote: If you don't get an email within a few minutes, make sure to check your spam or junk folder. The sender is 
+
+    #login-confirmation
+    accountNotYetActiveTitle: Your account is not yet active
+    emailSentToAddressNoteWhenRegistered: An email should have been sent to you at <strong>%email%</strong> when you registered.
+    clickLinkInMessageNote: Please click the link in that message to confirm your email address and activate your account.
+    resendTheMessage: Resend the message
+    checkJunkEmailBox: Make sure to check your junk or spam folder. The sender is <strong>%fromAddress%</strong>.
+    emailConfirmationNeeded: Email confirmation needed
+
+    #registerConfirmation
+    thankYou: Thank you!
+    emailSentToAddress: An email has been sent to you at <strong>%email%</strong>.
+
+    #resetPassword
+    chooseNewPassword: Choose a new password
+    newPassword: New password
+    retypePassword: Re-type password
+    savePassword: Save password
+
+    #view
+    edit: edit
+    registered: registered
+    pendingEmailConfirmation: Pending email confirmation
+    visibleToAdminsOnly: visible to admins only
+
+    #email - confirm-email
+    welcomePleaseConfirmEmail: Welcome! Please confirm your email.
+    thanksForJoiningSite: Thanks for joining our site!
+    pleaseClickLinkBelow: Please click the link below to confirm your email
+    pleaseClickLinkHtml: Please <a href="%confirmationUrl%">click here to confirm your email</a>.
+
+    #edit
+    editUser: Edit User
+    gravatarImage: Gravatar image
+    change: Change
+    name: Name
+    shownPublicly: Shown publicly
+    neverShared: Never shared
+    leavBlankExceptToChange: Leave blank except to change
+    adminOnly: Admin-only
+    backToProfile: Back to profile
+    save: Save
+    resetYourPassword: Reset your password
+    clickTheLinkToResetYourPassword: Click the link below to reset your password
+    pleaseClickHereToResetPassword: Please <a href="%resetUrl%">click here to reset your password</a>.
+    didntAskToReset: Didn't ask to reset your password?
+    didntAskToResetNote: > 
+        If you didn't ask to reset your password, it's likely that
+        another user entered your username or email address by mistake
+        while trying to reset their password. If that's the case, you
+        don't need to take any further action and you can safely
+        disregard this email.
+
+    #list
+    listUsers: List users
+    oneUserFound: <strong>1</strong> user found.
+    numberOfUsersFound: <strong>%totalItems%</strong> users found.
+    showing: Showing
+    pendingConfirmation: Pending email confirmation
+
+langs:
+    en-EN: EN
+    pl-PL: PL
+    de-DE: DE
+
+    en: EN
+    pl: PL
+    de: DE