Question: Using the “user” field during login as an example, where does the user-submitted data flow in tiki?
Answer: Here is a draft, unofficial answer:
./tiki-login.php:
$requestedUser = isset($_REQUEST'user') ? $_REQUEST['user'] : false;
$ret = $userlib->validate_user($requestedUser, $pass, $challenge, $response);
./lib/userslib.php:
class UsersLib extends TikiLib
function validate_user($user, $pass, $challenge = , $response = , $validate_phase=false)
list($result, $user) = $this->validate_user_tiki($user, $pass, $challenge, $response, $validate_phase);
function validate_user_tiki($user, $pass, $challenge, $response, $validate_phase = false)
$query = 'select * from `users_users` where binary `login` = ?';
$result = $this->query($query, array($user));
./lib/tikilib.php:
class TikiLib extends TikiDb_Bridge
./lib/core/TikiDb/Bridge.php:
class TikiDb_Bridge extends TikiDb
function query($query = null, $values = null, $numrows = -1, $offset = -1, $reporterrors = true ) // {{{
return self::get()->query($query, $values, $numrows, $offset, $reporterrors); //get()=db connection instance
./lib/core/TikiDb.php:
abstract class TikiDb
public static function get() // {{{
return self::$instance;
private static $instance;
public static function set(TikiDb $instance) // {{{
return self::$instance = $instance;
abstract function query($query = null, $values = null, $numrows = -1, $offset = -1, $reporterrors = true);
./lib/core/TikiDb/Pdo.php:
class TikiDb_Pdo extends TikiDb
function query($query = null, $values = null, $numrows = -1, $offset = -1, $reporterrors = true ) // {{{
$result = $this->_query($query, $values, $numrows, $offset);
private function _query($query, $values = null, $numrows = -1, $offset = -1) // {{{
if ($values) {
if ( @ $pq = $this->db->prepare($query) ) {
$result = $pq->execute($values);
See also: Login documentation