Browse Source

register.php: use PDO

Luc Didry 1 year ago
parent
commit
1012df7299
1 changed files with 26 additions and 18 deletions
  1. 26 18
      register.php

+ 26 - 18
register.php

@@ -32,8 +32,9 @@
 			<link rel=\"alternate\" href=\"".htmlspecialchars(SELF_URL_PATH)."\"/>";
 
 		if (ENABLE_REGISTRATION) {
-			$result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
-			$num_users = db_fetch_result($result, 0, "cu");
+			$sth = $this->pdo->prepare( "SELECT COUNT(*) AS cu FROM ttrss_users");
+			$sth->execute();
+			$num_users = $sth->fetchColumn(0);
 
 			$num_users = REG_MAX_USERS - $num_users;
 			if ($num_users < 0) $num_users = 0;
@@ -60,11 +61,13 @@
 	/* Remove users which didn't login after receiving their registration information */
 
 	if (DB_TYPE == "pgsql") {
-		db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
+		$sth = $this->pdo->prepare( "DELETE FROM ttrss_users WHERE last_login IS NULL
 				AND created < NOW() - INTERVAL '1 day' AND access_level = 0");
+		$sth->execute();
 	} else {
-		db_query( "DELETE FROM ttrss_users WHERE last_login IS NULL
+		$sth = $this->pdo->prepare( "DELETE FROM ttrss_users WHERE last_login IS NULL
 				AND created < DATE_SUB(NOW(), INTERVAL 1 DAY) AND access_level = 0");
+		$sth->execute();
 	}
 
 	if (file_exists("register_expire_do.php")) {
@@ -76,10 +79,11 @@
 
 		$login = trim(db_escape_string( $_REQUEST['login']));
 
-		$result = db_query( "SELECT id FROM ttrss_users WHERE
-			LOWER(login) = LOWER('$login')");
+		$sth = $this->pdo->prepare( "SELECT id FROM ttrss_users WHERE
+			LOWER(login) = LOWER(?)");
+		$sth->execute([$login]);
 
-		$is_registered = db_num_rows($result) > 0;
+		$is_registered = $sth->rowCount() > 0;
 
 		print "<result>";
 
@@ -200,8 +204,9 @@
 ?>
 
 <?php if (REG_MAX_USERS > 0) {
-		$result = db_query( "SELECT COUNT(*) AS cu FROM ttrss_users");
-		$num_users = db_fetch_result($result, 0, "cu");
+		$sth = $this->pdo->prepare( "SELECT COUNT(*) AS cu FROM ttrss_users");
+		$sth->execute();
+		$num_users = $sth->fetchColumn(0);
 } ?>
 
 <?php if (!REG_MAX_USERS || $num_users < REG_MAX_USERS) { ?>
@@ -258,10 +263,11 @@
 
 		if ($test == "four" || $test == "4") {
 
-			$result = db_query( "SELECT id FROM ttrss_users WHERE
-				login = '$login'");
+			$sth = $this->pdo->prepare( "SELECT id FROM ttrss_users WHERE
+				login = ?");
+			$sth->execute([$login]);
 
-			$is_registered = db_num_rows($result) > 0;
+			$is_registered =  $sth->rowCount()> 0;
 
 			if ($is_registered) {
 				print_error(__('Sorry, this username is already taken.'));
@@ -275,21 +281,23 @@
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 
-				db_query( "INSERT INTO ttrss_users
+				$sth = $this->pdo->prepare( "INSERT INTO ttrss_users
 					(login,pwd_hash,access_level,last_login, email, created, salt)
-					VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
+					VALUES (?, ?, 0, null, ?, NOW(), ?)");
+				$sth->execute([$login, $pwd_hash, $email, $salt]);
 
-				$result = db_query( "SELECT id FROM ttrss_users WHERE
-					login = '$login' AND pwd_hash = '$pwd_hash'");
+				$sth = $this->pdo->prepare( "SELECT id FROM ttrss_users WHERE
+					login = ? AND pwd_hash = ?");
+				$sth->execute([$login, $pwd_hash]);
 
-				if (db_num_rows($result) != 1) {
+				if ($sth->rowCount() != 1) {
 					print_error(__('Registration failed.'));
 					print "<p><form method=\"GET\" action=\"index.php\">
 					<input type=\"submit\" value=\"".__("Return to Tiny Tiny RSS")."\">
 					</form>";
 				} else {
 
-					$new_uid = db_fetch_result($result, 0, "id");
+					$new_uid = $sth->fetchColumn(0);
 
 					initialize_user( $new_uid);