diff options
| author | Andrew Dolgov <[email protected]> | 2017-11-19 13:03:36 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-11-19 13:03:36 +0300 |
| commit | dfee22901d7c5defc61ef16e831d7c4a8f05ffd1 (patch) | |
| tree | 19c70fcf048284decccfa9388e374047b04b14d4 /login.php | |
| parent | 41e97ceb2c0e7b36ebb273707f12d2d940c87085 (diff) | |
* use PDO::sqlite
* remove database-backed sessions (too slow for sqlite)
Diffstat (limited to 'login.php')
| -rw-r--r-- | login.php | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -4,16 +4,17 @@ @$op = $_REQUEST["op"]; if ($op == "perform-login") { - $user = SQLite3::escapeString(trim(mb_strtolower($_REQUEST["user"]))); - $password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"]))); + $user = trim(mb_strtolower($_REQUEST["user"])); + $password = 'SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"])); require_once "db.php"; $dbh = Db::get(); - $res = $dbh->query("SELECT id FROM epube_users WHERE user = '$user' AND pass = '$password'"); + $sth = $dbh->prepare("SELECT id FROM epube_users WHERE user = ? AND pass = ?"); + $sth->execute([$user, $password]); - if ($line = $res->fetchArray(SQLITE3_ASSOC)) { + if ($line = $sth->fetch()) { require_once "sessions.php"; $_SESSION["owner"] = $user; |