diff options
Diffstat (limited to 'login.php')
-rw-r--r-- | login.php | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -4,16 +4,17 @@ @$op = $_REQUEST["op"]; if ($op == "perform-login") { - $user = SQLite3::escapeString(trim(mb_strtolower($_REQUEST["user"]))); - $password = SQLite3::escapeString('SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"]))); + $user = trim(mb_strtolower($_REQUEST["user"])); + $password = 'SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"])); require_once "db.php"; $dbh = Db::get(); - $res = $dbh->query("SELECT id FROM epube_users WHERE user = '$user' AND pass = '$password'"); + $sth = $dbh->prepare("SELECT id FROM epube_users WHERE user = ? AND pass = ?"); + $sth->execute([$user, $password]); - if ($line = $res->fetchArray(SQLITE3_ASSOC)) { + if ($line = $sth->fetch()) { require_once "sessions.php"; $_SESSION["owner"] = $user; |