auth/base: PDO

functions: fix small pdo-related bug
master
Andrew Dolgov 7 years ago
parent 2c57df75ff
commit c9d5c26041

@ -1,9 +1,11 @@
<?php <?php
class Auth_Base { class Auth_Base {
private $dbh; private $dbh;
private $pdo;
function __construct() { function __construct() {
$this->dbh = Db::get(); $this->dbh = Db::get();
$this->pdo = Db::pdo();
} }
/** /**
@ -29,15 +31,13 @@ class Auth_Base {
if (!$password) $password = make_password(); if (!$password) $password = make_password();
if (!$user_id) { if (!$user_id) {
$login = $this->dbh->escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true); $pwd_hash = encrypt_password($password, $salt, true);
$query = "INSERT INTO ttrss_users $sth = $this->pdo->prepare("INSERT INTO ttrss_users
(login,access_level,last_login,created,pwd_hash,salt) (login,access_level,last_login,created,pwd_hash,salt)
VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')"; VALUES (?, 0, null, NOW(), ?,?)");
$sth->execute([$login, $pwd_hash, $salt]);
$this->dbh->query($query);
return $this->find_user_by_login($login); return $this->find_user_by_login($login);
@ -50,13 +50,12 @@ class Auth_Base {
} }
function find_user_by_login($login) { function find_user_by_login($login) {
$login = $this->dbh->escape_string($login); $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
login = ?");
$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE $sth->execute([$login]);
login = '$login'");
if ($this->dbh->num_rows($result) > 0) { if ($row = $sth->fetch()) {
return $this->dbh->fetch_result($result, 0, "id"); return $row["id"];
} else { } else {
return false; return false;
} }

@ -266,8 +266,8 @@
marked = false AND marked = false AND
feed_id = ? AND feed_id = ? AND
$query_limit $query_limit
ttrss_entries.date_updated < NOW() - INTERVAL ?"); ttrss_entries.date_updated < NOW() - INTERVAL ? days");
$sth->execute([$feed_id, "$purge_interval days"]); $sth->execute([$feed_id, $purge_interval]);
} else { } else {
$sth = $pdo->prepare("DELETE FROM ttrss_user_entries $sth = $pdo->prepare("DELETE FROM ttrss_user_entries

Loading…
Cancel
Save