auth/base: PDO

functions: fix small pdo-related bug

1 files changed, 10 insertions, 11 deletions

diff --git a/classes/auth/base.php b/classes/auth/base.php
index 304431213..652b66e6e 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -1,9 +1,11 @@
 <?php
 class Auth_Base {
 	private $dbh;
+	private $pdo;
 
 	function __construct() {
 		$this->dbh = Db::get();
+		$this->pdo = Db::pdo();
 	}
 
 	/**
@@ -29,15 +31,13 @@ class Auth_Base {
 			if (!$password) $password = make_password();
 
 			if (!$user_id) {
-				$login = $this->dbh->escape_string($login);
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 
-				$query = "INSERT INTO ttrss_users
+				$sth = $this->pdo->prepare("INSERT INTO ttrss_users
 						(login,access_level,last_login,created,pwd_hash,salt)
-						VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
-
-				$this->dbh->query($query);
+						VALUES (?, 0, null, NOW(), ?,?)");
+				$sth->execute([$login, $pwd_hash, $salt]);
 
 				return $this->find_user_by_login($login);
 
@@ -50,13 +50,12 @@ class Auth_Base {
 	}
 
 	function find_user_by_login($login) {
-		$login = $this->dbh->escape_string($login);
-
-		$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
-			login = '$login'");
+		$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
+			login = ?");
+		$sth->execute([$login]);
 
-		if ($this->dbh->num_rows($result) > 0) {
-			return $this->dbh->fetch_result($result, 0, "id");
+		if ($row = $sth->fetch()) {
+			return $row["id"];
 		} else {
 			return false;
 		}