summaryrefslogtreecommitdiff
path: root/login.php
diff options
context:
space:
mode:
Diffstat (limited to 'login.php')
-rw-r--r--login.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/login.php b/login.php
index 6aa258a..9deae75 100644
--- a/login.php
+++ b/login.php
@@ -4,16 +4,17 @@
@$op = $_REQUEST["op"];
if ($op == "perform-login") {
- $user = SQLite3::escapeString(trim(mb_strtolower($_REQUEST["user"])));
- $password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"])));
+ $user = trim(mb_strtolower($_REQUEST["user"]));
+ $password = 'SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"]));
require_once "db.php";
$dbh = Db::get();
- $res = $dbh->query("SELECT id FROM epube_users WHERE user = '$user' AND pass = '$password'");
+ $sth = $dbh->prepare("SELECT id FROM epube_users WHERE user = ? AND pass = ?");
+ $sth->execute([$user, $password]);
- if ($line = $res->fetchArray(SQLITE3_ASSOC)) {
+ if ($line = $sth->fetch()) {
require_once "sessions.php";
$_SESSION["owner"] = $user;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 13:05:49 +0000