diff options
| author | Andrew Dolgov <[email protected]> | 2017-12-01 17:40:53 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-12-01 17:40:53 +0300 |
| commit | c9d5c26041087cc3cf23ee4deda74055d5013ba4 (patch) | |
| tree | f6a839a997db73cf74805a891f5c6f44eb8510e2 | |
| parent | 2c57df75ff04d6b170de6b6fc0509e5ddc05208e (diff) | |
auth/base: PDO
functions: fix small pdo-related bug
| -rw-r--r-- | classes/auth/base.php | 21 | ||||
| -rw-r--r-- | include/functions.php | 4 |
2 files changed, 12 insertions, 13 deletions
diff --git a/classes/auth/base.php b/classes/auth/base.php index 304431213..652b66e6e 100644 --- a/classes/auth/base.php +++ b/classes/auth/base.php @@ -1,9 +1,11 @@ <?php class Auth_Base { private $dbh; + private $pdo; function __construct() { $this->dbh = Db::get(); + $this->pdo = Db::pdo(); } /** @@ -29,15 +31,13 @@ class Auth_Base { if (!$password) $password = make_password(); if (!$user_id) { - $login = $this->dbh->escape_string($login); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); - $query = "INSERT INTO ttrss_users + $sth = $this->pdo->prepare("INSERT INTO ttrss_users (login,access_level,last_login,created,pwd_hash,salt) - VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')"; - - $this->dbh->query($query); + VALUES (?, 0, null, NOW(), ?,?)"); + $sth->execute([$login, $pwd_hash, $salt]); return $this->find_user_by_login($login); @@ -50,13 +50,12 @@ class Auth_Base { } function find_user_by_login($login) { - $login = $this->dbh->escape_string($login); - - $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE - login = '$login'"); + $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE + login = ?"); + $sth->execute([$login]); - if ($this->dbh->num_rows($result) > 0) { - return $this->dbh->fetch_result($result, 0, "id"); + if ($row = $sth->fetch()) { + return $row["id"]; } else { return false; } diff --git a/include/functions.php b/include/functions.php index 377d49647..e7d74df04 100644 --- a/include/functions.php +++ b/include/functions.php @@ -266,8 +266,8 @@ marked = false AND feed_id = ? AND $query_limit - ttrss_entries.date_updated < NOW() - INTERVAL ?"); - $sth->execute([$feed_id, "$purge_interval days"]); + ttrss_entries.date_updated < NOW() - INTERVAL ? days"); + $sth->execute([$feed_id, $purge_interval]); } else { $sth = $pdo->prepare("DELETE FROM ttrss_user_entries |