PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Prepare SQL statements

Browse source
This commit is contained in:
grandeljay 2023-01-28 14:25:53 +01:00
parent 11321542fe
commit d0f29d227c
16 changed files with 316 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
index.php
View file

@ -93,7 +93,10 @@ if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLog
->query(
'SELECT *
FROM `sessions`
WHERE `session` = "' . $_COOKIE[COOKIE_PERSISTENT] . '";'
WHERE `session` = :session;',
array(
'session' => $_COOKIE[COOKIE_PERSISTENT]
)
)
->fetchAll();

1
src/api/statistics.php
View file

@ -32,6 +32,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
$count = new Cache\Query(
'SELECT COUNT(`id`) AS "count"
FROM `' . $table . '`;',
array(),
Duration::DAY
);

110
src/api/wishes.php
View file

@ -45,16 +45,18 @@ switch ($_SERVER['REQUEST_METHOD']) {
/**
* Get wishes by priority
*/
$wishlist = new Wishlist($_GET['wishlist_id']);
$options = array(
$wishlist = new Wishlist($_GET['wishlist_id']);
$options = array(
'style' => $_GET['wishlist_style'],
);
$where = array(
'priority' => '`priority` = ' . $_GET['wish_priority'],
$where = array(
'priority' => '`priority` = :wish_priority',
);
$options['placeholders']['wish_priority'] = $_GET['wish_priority'];
if (-1 === intval($_GET['wish_priority'])) {
unset($where['priority']);
unset($options['placeholders']['wish_priority']);
}
if (empty($_GET['wish_priority'])) {
@ -129,7 +131,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
}
$response = array(
'info' => $info,
'info' => $info,
);
}
@ -142,14 +144,24 @@ switch ($_SERVER['REQUEST_METHOD']) {
$database
->query(
'UPDATE `wishes`
SET `wishlist` = ' . $wish->wishlist . ',
`title` = ' . $wish_title . ',
`description` = ' . $wish_description . ',
`image` = ' . $wish_image . ',
`url` = ' . $wish_url . ',
`priority` = ' . $wish_priority . ',
`is_purchasable` = ' . $wish_is_purchasable . '
WHERE `id` = ' . $wish->id . ';'
SET `wishlist` = :wishlist_id,
`title` = :wish_title,
`description` = :wish_description,
`image` = :wish_image,
`url` = :wish_url,
`priority` = :wish_priority,
`is_purchasable` = :wish_is_purchasable,
WHERE `id` = :wish_id',
array(
'wishlist_id' => $wish->wishlist,
'wish_title' => $wish_title,
'wish_description' => $wish_description,
'wish_image' => $wish_image,
'wish_url' => $wish_url,
'wish_priority' => $wish_priority,
'wish_is_purchasable' => $wish_is_purchasable,
'wish_id' => $wish->id,
)
);
/**
@ -166,9 +178,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
`wish`,
`price`
) VALUES (
' . $wish->id . ',
' . $wish_price . '
);'
:wish_id,
:wish_price
);',
array(
'wish_id' => $wish_id,
'wish_price' => $wish_price,
)
);
$response['lastInsertId'] = $wish->id;
@ -201,7 +217,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
}
$response = array(
'info' => $info,
'info' => $info,
);
}
@ -223,14 +239,23 @@ switch ($_SERVER['REQUEST_METHOD']) {
`priority`,
`is_purchasable`
) VALUES (
' . $wishlist_id . ',
' . $wish_title . ',
' . $wish_description . ',
' . $wish_image . ',
' . $wish_url . ',
' . $wish_priority . ',
' . $wish_is_purchasable . '
);'
:wishlist_id,
:wish_title,
:wish_description,
:wish_image,
:wish_url,
:wish_priority,
:wish_is_purchasable
);',
array(
'wishlist_id' => $wishlist_id,
'wish_title' => $wish_title,
'wish_description' => $wish_description,
'wish_image' => $wish_image,
'wish_url' => $wish_url,
'wish_priority' => $wish_priority,
'wish_is_purchasable' => $wish_is_purchasable,
)
);
/**
@ -247,9 +272,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
`wish`,
`price`
) VALUES (
' . $wish_id . ',
' . $wish_price . '
);'
:wish_id,
:wish_price
);',
array(
'wish_id' => $wish_id,
'wish_price' => $wish_price,
)
);
}
@ -265,8 +294,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
/**
* Update Wish Status
*/
$status = Sanitiser::getStatus($_PUT['wish_status']);
$wish_id = Sanitiser::getNumber($_PUT['wish_id']);
$wish_status = Sanitiser::getStatus($_PUT['wish_status']);
$wish_id = Sanitiser::getNumber($_PUT['wish_id']);
if (Wish::STATUS_TEMPORARY === $status) {
$status = time();
@ -274,8 +303,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
$database->query(
'UPDATE `wishes`
SET `status` = "' . $status . '"
WHERE `id` = ' . $wish_id . ';'
SET `status` = :wish_status,
WHERE `id` = :wish_id',
array(
'wish_status' => $wish_status,
'wish_id' => $wish_id,
)
);
$response['success'] = true;
@ -285,8 +318,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
*/
$database->query(
'UPDATE `wishes`
SET `url` = "' . Sanitiser::getURL($_PUT['wish_url_proposed']) . '"
WHERE `url` = "' . Sanitiser::getURL($_PUT['wish_url_current']) . '";'
SET `url` = :wish_url_proposed,
WHERE `url` = :wish_url_current',
array(
'wish_url_proposed' => Sanitiser::getURL($_PUT['wish_url_proposed']),
'wish_url_current' => Sanitiser::getURL($_PUT['wish_url_current']),
)
);
$response['success'] = true;
@ -299,7 +336,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
if (isset($_DELETE['wish_id'])) {
$database->query(
'DELETE FROM `wishes`
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wish_id']) . ';'
WHERE `id` = :wish_id',
array(
'wish_id' => Sanitiser::getNumber($_DELETE['wish_id']),
)
);
$response['success'] = true;

20
src/api/wishlists-saved.php
View file

@ -29,7 +29,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
->query(
'SELECT *
FROM `wishlists_saved`
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . ';'
WHERE `wishlist` = :wishlist_id',
array(
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist'])
)
)
->fetch();
@ -38,7 +41,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
$database
->query(
'DELETE FROM `wishlists_saved`
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . ';'
WHERE `wishlist` = :wishlist_id',
array(
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist'])
)
);
$response['action'] = 'deleted';
@ -50,9 +56,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
`user`,
`wishlist`
) VALUES (
' . $_SESSION['user']->id . ',
' . Sanitiser::getNumber($_POST['wishlist']) . '
);'
:user_id,
:wishlist_id
);',
array(
'user_id' => $_SESSION['user']->id,
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist']),
)
);
$response['action'] = 'created';

45
src/api/wishlists.php
View file

@ -16,8 +16,9 @@ switch ($_SERVER['REQUEST_METHOD']) {
/**
* Create
*/
$user_id = Sanitiser::getNumber($_SESSION['user']->id);
$wish_name = Sanitiser::getTitle($_POST['wishlist-name']);
$user_id = Sanitiser::getNumber($_SESSION['user']->id);
$wishlist_name = Sanitiser::getTitle($_POST['wishlist-name']);
$wishlist_hash = sha1(time() . $user_id . $wishlist_name);
$database->query(
'INSERT INTO `wishlists` (
@ -25,10 +26,15 @@ switch ($_SERVER['REQUEST_METHOD']) {
`name`,
`hash`
) VALUES (
' . $user_id . ',
"' . $wish_name . '",
"' . sha1(time() . $user_id . $wish_name) . '"
);'
:user_id,
:wishlist_name,
:wishlist_hash
);',
array(
'user_id' => $user_id,
'wishlist_name' => $wishlist_name,
'wishlist_hash' => $wishlist_hash,
)
);
$response['data'] = array(
@ -38,15 +44,18 @@ switch ($_SERVER['REQUEST_METHOD']) {
/**
* Request more wishes
*/
$wishlistID = Sanitiser::getNumber($_POST['wishlist-id']);
$wishlist_id = Sanitiser::getNumber($_POST['wishlist-id']);
/** Get last notification time */
$wishlistQuery = $database
->query(
'SELECT *
FROM `wishlists`
WHERE `id` = ' . $wishlistID . '
AND (`notification_sent` < (CURRENT_TIMESTAMP - INTERVAL 1 DAY) OR `notification_sent` IS NULL);'
WHERE `id` = :wishlist_id
AND (`notification_sent` < (CURRENT_TIMESTAMP - INTERVAL 1 DAY) OR `notification_sent` IS NULL);',
array(
'wishlist_id' => $wishlist_id,
)
);
$wishlist = $wishlistQuery->fetch();
@ -78,7 +87,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
->query(
'UPDATE `wishlists`
SET `notification_sent` = CURRENT_TIMESTAMP
WHERE `id` = ' . $wishlist['id'] . ';'
WHERE `id` = :wishlist_id;',
array(
'wishlist_id' = $wishlist['id'],
)
);
}
}
@ -164,8 +176,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
$database
->query(
'UPDATE `wishlists`
SET `name` = "' . Sanitiser::getTitle($_PUT['wishlist_title']) . '"
WHERE `id` = ' . Sanitiser::getNumber($_PUT['wishlist_id']) . ';'
SET `name` = :wishlist_name,
WHERE `id` = :wishlist_id'
array(
'wishlist_name' => Sanitiser::getTitle($_PUT['wishlist_title']),
'wishlist_id' => Sanitiser::getTitle($_PUT['wishlist_id']),
)
);
$response['success'] = true;
@ -176,7 +192,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
$database->query(
'DELETE FROM `wishlists`
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wishlist_id']) . ';'
WHERE `id` = :wishlist_id;',
array(
'wishlist_id' => Sanitiser::getNumber($_DELETE['wishlist_id']),
)
);
$response['success'] = true;

6
src/classes/cache/query.php vendored
View file

@ -12,11 +12,12 @@ class Query extends Cache
* Private
*/
private \wishthis\Database $database;
private array $placeholders = array();
/**
* Public
*/
public function __construct(string $url, int $maxAge = \wishthis\Duration::YEAR)
public function __construct(string $url, array $placeholders = array(), int $maxAge = \wishthis\Duration::YEAR)
{
global $database;
@ -33,7 +34,8 @@ class Query extends Cache
$response = $this->exists() ? json_decode(file_get_contents($filepath), true) : array();
if (true === $this->generateCache()) {
$pdoStatement = $this->database->query($this->url);
$pdoStatement = $this->database
->query($this->url, $this->placeholders);
if (false !== $pdoStatement) {
if (1 === $pdoStatement->rowCount()) {

16
src/classes/database.php
View file

@ -34,12 +34,10 @@ class Database
$this->pdo = new \PDO($dsn, $this->user, $this->password, $options);
}
public function query(string $query): \PDOStatement
public function query(string $query, array $placeholders = array()): \PDOStatement
{
$statement = $this->pdo->query(
$query,
\PDO::FETCH_ASSOC
);
$statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC));
$statement->execute($placeholders);
$this->lastInsertId = $this->pdo->lastInsertId();
@ -78,8 +76,12 @@ class Database
->query(
'SELECT *
FROM `INFORMATION_SCHEMA`.`COLUMNS`
WHERE TABLE_NAME = "' . $table_to_check . '"
AND COLUMN_NAME = "' . $column_to_check . '"'
WHERE `TABLE_NAME` = :table_name,
AND `COLUMN_NAME` = :column_name',
array(
'table_name' => $table_to_check,
'column_name' => $column_to_check,
)
)
->fetch();
$exists = false !== $result;

49
src/classes/options.php
View file

@ -27,9 +27,14 @@ class Options
try {
$option = $this->database->query(
'SELECT * FROM `options`
WHERE `key` = "' . Sanitiser::getOption($key) . '";'
)->fetch();
'SELECT *
FROM `options`
WHERE `key` = :option_key',
array(
'option_key' => Sanitiser::getOption($key),
)
)
->fetch();
$value = $option['value'] ?? '';
} catch (\Throwable $th) {
@ -42,21 +47,37 @@ class Options
public function setOption(string $key, string $value): void
{
$optionExists = 0 !== $this->database
->query('SELECT *
FROM `options`
WHERE `key` = "' . $key . '";')
->query(
'SELECT *
FROM `options`
WHERE `key` = :option_key;',
array(
'option_key' => $key,
)
)
->rowCount();
if ($optionExists) {
$this->database->query('UPDATE `options`
SET `value` = "' . $value . '"
WHERE `key` = "' . $key . '"
;');
$this->database->query(
'UPDATE `options`
SET `value` = :option_value,
WHERE `key` = :option_key;',
array(
'option_value' => $value,
'option_key' => $key,
)
);
} else {
$this->database->query('INSERT INTO `options`
(`key`, `value`) VALUES
("' . $key . '", "' . $value . '")
;');
$this->database->query(
'INSERT INTO `options`
(`key`, `value`)
VALUES
(:option_key, :option_value);',
array(
'option_key' => $key,
'option_value' => $value,
)
);
}
}
}

20
src/classes/user.php
View file

@ -23,7 +23,10 @@ class User
->query(
'SELECT *
FROM `users`
WHERE `id` = ' . $user_id
WHERE `id` = :user_id',
array(
'user_id' => $user_id,
)
);
if (false !== $userQuery) {
@ -139,7 +142,10 @@ class User
->query(
'SELECT *
FROM `wishlists`
WHERE `user` = ' . $this->id . ';'
WHERE `user` = :user_id;',
array(
'user_id' => $this->id,
)
)
->fetchAll();
@ -163,7 +169,10 @@ class User
`w`.`hash`
FROM `wishlists_saved` `ws`
JOIN `wishlists` `w` ON `w`.`id` = `ws`.`wishlist`
WHERE `ws`.`user` = ' . $this->id . ';'
WHERE `ws`.`user` = :user_id;',
array(
'user_id' => $this->id,
)
)
->fetchAll();
@ -190,7 +199,10 @@ class User
$persistent = $database
->query(
'DELETE FROM `sessions`
WHERE `session` = "' . $_COOKIE[COOKIE_PERSISTENT] . '";'
WHERE `session` = :session;',
array(
'session' => $_COOKIE[COOKIE_PERSISTENT],
)
);
}

13
src/classes/wish.php
View file

@ -16,7 +16,7 @@ class Wish
public const SELECT = '`wishes`.*, `products`.`price`';
public const FROM = '`wishes`';
public const LEFT_JOIN = '`products` ON `wishes`.`id` = `products`.`wish`';
public const WHERE = '`wishes`.`id` = %d;';
public const WHERE = '`wishes`.`id` = :wish_id;';
public const NO_IMAGE = '/src/assets/img/no-image.svg';
@ -80,10 +80,13 @@ class Wish
$id = $idOrColumns;
$columns = $database
->query(
'SELECT ' . self::SELECT . '
FROM ' . self::FROM . '
LEFT JOIN ' . self::LEFT_JOIN . '
WHERE ' . sprintf(self::WHERE, $id)
' SELECT ' . self::SELECT . '
FROM ' . self::FROM . '
LEFT JOIN ' . self::LEFT_JOIN . '
WHERE ' . self::WHERE,
array(
'wish_id' => $id,
)
)
->fetch();
} elseif (is_array($idOrColumns)) {

32
src/classes/wishlist.php
View file

@ -34,7 +34,10 @@ class Wishlist
->query(
'SELECT *
FROM `wishlists`
WHERE `' . $column . '` = ' . $id_or_hash . ';'
WHERE `' . $column . '` = :id_or_hash;',
array(
'id_or_hash' => $id_or_hash,
)
)
->fetch();
@ -54,15 +57,19 @@ class Wishlist
// $this->wishes = $this->getWishes();
}
public function getWishes($sql = array()): array
public function getWishes($options = array()): array
{
global $database;
$SELECT = isset($sql['SELECT']) ? $sql['SELECT'] : Wish::SELECT;
$FROM = isset($sql['FROM']) ? $sql['FROM'] : Wish::FROM;
$LEFT_JOIN = isset($sql['LEFT_JOIN']) ? $sql['LEFT_JOIN'] : Wish::LEFT_JOIN;
$WHERE = isset($sql['WHERE']) ? $sql['WHERE'] : '`wishlist` = ' . $this->id;
$ORDER_BY = isset($sql['ORDER_BY']) ? $sql['ORDER_BY'] : '`priority` DESC, `url` ASC, `title` ASC';
if (!isset($options['WHERE'])) {
$options['placeholders']['wishlist_id'] = $this->id;
}
$SELECT = isset($options['SELECT']) ? $options['SELECT'] : Wish::SELECT;
$FROM = isset($options['FROM']) ? $options['FROM'] : Wish::FROM;
$LEFT_JOIN = isset($options['LEFT_JOIN']) ? $options['LEFT_JOIN'] : Wish::LEFT_JOIN;
$WHERE = isset($options['WHERE']) ? $options['WHERE'] : '`wishlist` = :wishlist_id';
$ORDER_BY = isset($options['ORDER_BY']) ? $options['ORDER_BY'] : '`priority` DESC, `url` ASC, `title` ASC';
/** Default to showing available wishes */
$wish_status = ' AND (
@ -92,11 +99,12 @@ class Wishlist
$this->wishes = $database
->query(
'SELECT ' . $SELECT . '
FROM ' . $FROM . '
LEFT JOIN ' . $LEFT_JOIN . '
WHERE ' . $WHERE . '
ORDER BY ' . $ORDER_BY . ';'
' SELECT ' . $SELECT . '
FROM ' . $FROM . '
LEFT JOIN ' . $LEFT_JOIN . '
WHERE ' . $WHERE . '
ORDER BY ' . $ORDER_BY . ';',
$options['placeholders']
)
->fetchAll();

7
src/pages/home.php
View file

@ -43,9 +43,12 @@ $page->navigation();
FROM `wishes`
JOIN `wishlists` ON `wishes`.`wishlist` = `wishlists`.`id`
JOIN `users` ON `wishlists`.`user` = `users`.`id`
WHERE `users`.`id` = ' . $_SESSION['user']->id . '
WHERE `users`.`id` = :user_id
ORDER BY `wishes`.`edited` DESC
LIMIT 1;'
LIMIT 1;',
array(
'user_id' => $_SESSION['user']->id,
)
);
if (false !== $lastWishlistQuery && 1 === $lastWishlistQuery->rowCount()) {

5
src/pages/login-as.php
View file

@ -17,7 +17,10 @@ if (isset($_POST['email'])) {
->query(
'SELECT *
FROM `users`
WHERE `email` = "' . $email . '";'
WHERE `email` = :user_email;',
array(
'user_email' => $email,
)
);
$success = false !== $userQuery;

54
src/pages/login.php
View file

@ -21,16 +21,24 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
->query(
'UPDATE `users`
SET `last_login` = NOW()
WHERE `email` = "' . $email . '"
AND `password` = "' . $password . '";'
WHERE `email` = :user_email,
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
);
$fields = $database
->query(
'SELECT *
FROM `users`
WHERE `email` = "' . $email . '"
AND `password` = "' . $password . '";'
WHERE `email` = :user_email,
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
)
->fetch();
@ -67,10 +75,15 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
`session`,
`expires`
) VALUES (
' . $_SESSION['user']->id . ',
"' . session_id() . '",
"' . date('Y-m-d H:i:s', $sessionExpires) . '"
);'
:user_id,
:session_id,
:session_expires
);',
array(
'user_id' => $_SESSION['user']->id,
'session_id' => session_id(),
'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
)
);
} else {
$database->query(
@ -78,9 +91,13 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
`user`,
`session`
) VALUES (
' . $_SESSION['user']->id . ',
"' . session_id() . '"
);'
:user_id,
:session_id
);',
array(
'user_id' => $_SESSION['user']->id,
'session_id' => session_id(),
)
);
}
}
@ -108,7 +125,10 @@ if (isset($_POST['reset'], $_POST['email'])) {
->query(
'SELECT *
FROM `users`
WHERE `email` = "' . Sanitiser::getEmail($_POST['email']) . '";'
WHERE `email` = :user_email;',
array(
'user_email' => Sanitiser::getEmail($_POST['email']),
)
);
$user = false !== $userQuery ? new User($userQuery->fetch()) : new User();
@ -120,9 +140,13 @@ if (isset($_POST['reset'], $_POST['email'])) {
$database
->query(
'UPDATE `users`
SET `password_reset_token` = "' . $token . '",
`password_reset_valid_until` = "' . date('Y-m-d H:i:s', $validUntil) . '"
WHERE `id` = ' . $user->id . ';'
SET `password_reset_token` = :user_password_reset_token,
`password_reset_valid_until` = :user_reset_valid_until
WHERE `id` = ' . $user->id . ';',
array(
'user_password_reset_token' => $token,
'user_reset_valid_until' => date('Y-m-d H:i:s', $validUntil),
)
);
$emailReset = new Email($_POST['email'], __('Password reset link', null, $user), 'default', 'password-reset');

7
src/pages/profile.php
View file

@ -32,7 +32,7 @@ if (isset($_POST['user-id'], $_POST['section'])) {
'column' => 'email',
'key' => 'user-email',
'label' => __('Email'),
)
),
);
$loginRequired = false;
@ -150,7 +150,10 @@ if (isset($_POST['user-id'], $_POST['section'])) {
->query(
'UPDATE `users`
SET ' . implode(',', $set) . '
WHERE `id` = ' . Sanitiser::getNumber($_POST['user-id'])
WHERE `id` = :user_id',
array(
'user_id' => Sanitiser::getNumber($_POST['user-id']),
)
);
}

61
src/pages/register.php
View file

@ -16,7 +16,12 @@ $buttonSubmit = $passwordReset ? __('Reset') : __('Register');
$page = new Page(__FILE__, $pageTitle);
if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
$users = $database->query('SELECT * FROM `users`;')->fetchAll();
$users = $database
->query(
'SELECT *
FROM `users`;'
)
->fetchAll();
$emails = array_map(
function ($user) {
return $user['email'];
@ -67,8 +72,12 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
$userQuery = $database
->query(
'SELECT * FROM `users`
WHERE `email` = "' . $user_email . '"
AND `password_reset_token` = "' . $user_token . '";'
WHERE `email` = :user_email,
AND `password_reset_token` = :user_password_reset_token',
array(
'user_email' => $user_email,
'user_password_reset_token' => $user_token,
)
);
if (false !== $userQuery) {
@ -78,10 +87,14 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
$database
->query(
'UPDATE `users`
SET `password` = "' . User::generatePassword($_POST['password']) . '",
SET `password` = :user_password,
`password_reset_token` = NULL,
`password_reset_valid_until` = NULL
WHERE `id` = ' . $user->id . ';'
WHERE `id` = :user_id;',
array(
'user_password' => User::generatePassword($_POST['password']),
'user_id' => $user->id,
)
);
$page->messages[] = Page::success(
@ -105,10 +118,14 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
`password`,
`power`
) VALUES (
"' . $user_email . '",
"' . User::generatePassword($_POST['password']) . '",
:user_email,
:user_password,
100
);'
);',
array(
'user_email' => $user_email,
'user_password' => User::generatePassword($_POST['password']),
)
);
$userRegistered = true;
} else {
@ -123,9 +140,13 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
`email`,
`password`
) VALUES (
"' . $user_email . '",
"' . User::generatePassword($_POST['password']) . '"
);'
:user_email,
:user_password
);',
array(
'user_email' => $user_email,
'user_password' => User::generatePassword($_POST['password']),
)
);
$userRegistered = true;
@ -138,8 +159,9 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
* Insert default wishlist
*/
if ($userRegistered) {
$userID = $database->lastInsertID();
$wishlistName = Sanitiser::getTitle(__('My hopes and dreams'));
$user_id = $database->lastInsertID();
$wishlist_name = Sanitiser::getTitle(__('My hopes and dreams'));
$wishlist_hash = sha1(time() . $user_id . $wishlist_name);
$database
->query(
@ -148,10 +170,15 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
`name`,
`hash`
) VALUES (
' . $userID . ',
"' . $wishlistName . '",
"' . sha1(time() . $userID . $wishlistName) . '"
);'
:wishlist_user_id,
:wishlist_name,
:wishlist_hash
);',
array(
'wishlist_user_id' => $user_id,
'wishlist_name' => $wishlist_name,
'wishlist_hash' => $wishlist_hash,
)
);
}
} else {