]> git.wh0rd.org Git - tt-rss.git/commitdiff
auth/base: PDO
authorAndrew Dolgov <noreply@fakecake.org>
Fri, 1 Dec 2017 14:40:53 +0000 (17:40 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Fri, 1 Dec 2017 14:40:53 +0000 (17:40 +0300)
functions: fix small pdo-related bug

classes/auth/base.php
include/functions.php

index 3044312139042750542159e470b2623528e3dfe5..652b66e6e2d139a64b356abdb6b052c87d081f23 100644 (file)
@@ -1,9 +1,11 @@
 <?php
 class Auth_Base {
        private $dbh;
+       private $pdo;
 
        function __construct() {
                $this->dbh = Db::get();
+               $this->pdo = Db::pdo();
        }
 
        /**
@@ -29,15 +31,13 @@ class Auth_Base {
                        if (!$password) $password = make_password();
 
                        if (!$user_id) {
-                               $login = $this->dbh->escape_string($login);
                                $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                                $pwd_hash = encrypt_password($password, $salt, true);
 
-                               $query = "INSERT INTO ttrss_users
+                               $sth = $this->pdo->prepare("INSERT INTO ttrss_users
                                                (login,access_level,last_login,created,pwd_hash,salt)
-                                               VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
-
-                               $this->dbh->query($query);
+                                               VALUES (?, 0, null, NOW(), ?,?)");
+                               $sth->execute([$login, $pwd_hash, $salt]);
 
                                return $this->find_user_by_login($login);
 
@@ -50,13 +50,12 @@ class Auth_Base {
        }
 
        function find_user_by_login($login) {
-               $login = $this->dbh->escape_string($login);
-
-               $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
-                       login = '$login'");
+               $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
+                       login = ?");
+               $sth->execute([$login]);
 
-               if ($this->dbh->num_rows($result) > 0) {
-                       return $this->dbh->fetch_result($result, 0, "id");
+               if ($row = $sth->fetch()) {
+                       return $row["id"];
                } else {
                        return false;
                }
index 377d4964741ed2ed7015bc20df32a584843863dd..e7d74df04e23727b33c30c9e5d86f351ad38edec 100644 (file)
                                marked = false AND
                                feed_id = ? AND
                                $query_limit
-                               ttrss_entries.date_updated < NOW() - INTERVAL ?");
-                       $sth->execute([$feed_id, "$purge_interval days"]);
+                               ttrss_entries.date_updated < NOW() - INTERVAL ? days");
+                       $sth->execute([$feed_id, $purge_interval]);
 
                } else {
             $sth  = $pdo->prepare("DELETE FROM ttrss_user_entries