Dotclear


Ignore:
Timestamp:
06/15/18 18:31:29 (7 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
sql-statement
Message:

Apply SQL Statement in DC code, work in progress

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/core/class.dc.auth.php

    r3731 r3761  
    9393    { 
    9494        # Check user and password 
    95         $strReq = 'SELECT user_id, user_super, user_pwd, user_change_pwd, ' . 
    96         'user_name, user_firstname, user_displayname, user_email, ' . 
    97         'user_url, user_default_blog, user_options, ' . 
    98         'user_lang, user_tz, user_post_status, user_creadt, user_upddt ' . 
    99         'FROM ' . $this->con->escapeSystem($this->user_table) . ' ' . 
    100         "WHERE user_id = '" . $this->con->escape($user_id) . "' "; 
     95        $sql = new dcSelectStatement($this->core, 'coreAuthCheckUser'); 
     96        $sql 
     97            ->columns(array('user_id', 'user_super', 'user_pwd', 'user_change_pwd', 'user_name', 'user_firstname', 
     98                'user_displayname', 'user_email', 'user_url', 'user_default_blog', 'user_options', 'user_lang', 
     99                'user_tz', 'user_post_status', 'user_creadt', 'user_upddt')) 
     100            ->from($this->user_table) 
     101            ->where('user_id = ' . $sql->quote($user_id)); 
    101102 
    102103        try { 
    103             $rs = $this->con->select($strReq); 
     104            $rs = $this->con->select($sql->statement()); 
    104105        } catch (Exception $e) { 
    105106            $err = $e->getMessage(); 
     
    146147                $cur           = $this->con->openCursor($this->user_table); 
    147148                $cur->user_pwd = (string) $rs->user_pwd; 
    148                 $cur->update("WHERE user_id = '" . $rs->user_id . "'"); 
     149 
     150                $sql = new dcUpdateStatement($this->core, 'coreAuthCheckUser'); 
     151                $sql->where('user_id = ' . $sql->quote($rs->user_id)); 
     152                $cur->update($sql->whereStatement()); 
    149153            } 
    150154        } elseif ($user_key != '') { 
     
    618622    public function recoverUserPassword($recover_key) 
    619623    { 
    620         $strReq = 'SELECT user_id, user_email ' . 
    621         'FROM ' . $this->user_table . ' ' . 
    622         "WHERE user_recover_key = '" . $this->con->escape($recover_key) . "' "; 
     624        $sql = new dcSelectStatement($this->core, 'coreAuthRecoverUserPwd'); 
     625        $sql 
     626            ->columns(array('user_id', 'user_email')) 
     627            ->from($this->user_table) 
     628            ->where('user_recover_key = ' . $sql->quote($recover_key)); 
    623629 
    624630        $rs = $this->con->select($strReq); 
     
    635641        $cur->user_change_pwd  = 1; // User will have to change this temporary password at next login 
    636642 
    637         $cur->update("WHERE user_recover_key = '" . $this->con->escape($recover_key) . "'"); 
     643        $sql = new dcUpdateStatement($this->core, 'coreAuthRecoverUserPwd'); 
     644        $sql->where('user_recover_key = ' . $sql->quote($recover_key)); 
     645        $cur->update($sql->whereStatement()); 
    638646 
    639647        return array('user_email' => $rs->user_email, 'user_id' => $rs->user_id, 'new_pass' => $new_pass); 
Note: See TracChangeset for help on using the changeset viewer.

Sites map