Prepare SQL statements
This commit is contained in:
parent
11321542fe
commit
d0f29d227c
16 changed files with 316 additions and 135 deletions
|
@ -93,7 +93,10 @@ if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLog
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `sessions`
|
||||
WHERE `session` = "' . $_COOKIE[COOKIE_PERSISTENT] . '";'
|
||||
WHERE `session` = :session;',
|
||||
array(
|
||||
'session' => $_COOKIE[COOKIE_PERSISTENT]
|
||||
)
|
||||
)
|
||||
->fetchAll();
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
$count = new Cache\Query(
|
||||
'SELECT COUNT(`id`) AS "count"
|
||||
FROM `' . $table . '`;',
|
||||
array(),
|
||||
Duration::DAY
|
||||
);
|
||||
|
||||
|
|
|
@ -50,11 +50,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
'style' => $_GET['wishlist_style'],
|
||||
);
|
||||
$where = array(
|
||||
'priority' => '`priority` = ' . $_GET['wish_priority'],
|
||||
'priority' => '`priority` = :wish_priority',
|
||||
);
|
||||
$options['placeholders']['wish_priority'] = $_GET['wish_priority'];
|
||||
|
||||
if (-1 === intval($_GET['wish_priority'])) {
|
||||
unset($where['priority']);
|
||||
unset($options['placeholders']['wish_priority']);
|
||||
}
|
||||
|
||||
if (empty($_GET['wish_priority'])) {
|
||||
|
@ -142,14 +144,24 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
$database
|
||||
->query(
|
||||
'UPDATE `wishes`
|
||||
SET `wishlist` = ' . $wish->wishlist . ',
|
||||
`title` = ' . $wish_title . ',
|
||||
`description` = ' . $wish_description . ',
|
||||
`image` = ' . $wish_image . ',
|
||||
`url` = ' . $wish_url . ',
|
||||
`priority` = ' . $wish_priority . ',
|
||||
`is_purchasable` = ' . $wish_is_purchasable . '
|
||||
WHERE `id` = ' . $wish->id . ';'
|
||||
SET `wishlist` = :wishlist_id,
|
||||
`title` = :wish_title,
|
||||
`description` = :wish_description,
|
||||
`image` = :wish_image,
|
||||
`url` = :wish_url,
|
||||
`priority` = :wish_priority,
|
||||
`is_purchasable` = :wish_is_purchasable,
|
||||
WHERE `id` = :wish_id',
|
||||
array(
|
||||
'wishlist_id' => $wish->wishlist,
|
||||
'wish_title' => $wish_title,
|
||||
'wish_description' => $wish_description,
|
||||
'wish_image' => $wish_image,
|
||||
'wish_url' => $wish_url,
|
||||
'wish_priority' => $wish_priority,
|
||||
'wish_is_purchasable' => $wish_is_purchasable,
|
||||
'wish_id' => $wish->id,
|
||||
)
|
||||
);
|
||||
|
||||
/**
|
||||
|
@ -166,9 +178,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
`wish`,
|
||||
`price`
|
||||
) VALUES (
|
||||
' . $wish->id . ',
|
||||
' . $wish_price . '
|
||||
);'
|
||||
:wish_id,
|
||||
:wish_price
|
||||
);',
|
||||
array(
|
||||
'wish_id' => $wish_id,
|
||||
'wish_price' => $wish_price,
|
||||
)
|
||||
);
|
||||
|
||||
$response['lastInsertId'] = $wish->id;
|
||||
|
@ -223,14 +239,23 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
`priority`,
|
||||
`is_purchasable`
|
||||
) VALUES (
|
||||
' . $wishlist_id . ',
|
||||
' . $wish_title . ',
|
||||
' . $wish_description . ',
|
||||
' . $wish_image . ',
|
||||
' . $wish_url . ',
|
||||
' . $wish_priority . ',
|
||||
' . $wish_is_purchasable . '
|
||||
);'
|
||||
:wishlist_id,
|
||||
:wish_title,
|
||||
:wish_description,
|
||||
:wish_image,
|
||||
:wish_url,
|
||||
:wish_priority,
|
||||
:wish_is_purchasable
|
||||
);',
|
||||
array(
|
||||
'wishlist_id' => $wishlist_id,
|
||||
'wish_title' => $wish_title,
|
||||
'wish_description' => $wish_description,
|
||||
'wish_image' => $wish_image,
|
||||
'wish_url' => $wish_url,
|
||||
'wish_priority' => $wish_priority,
|
||||
'wish_is_purchasable' => $wish_is_purchasable,
|
||||
)
|
||||
);
|
||||
|
||||
/**
|
||||
|
@ -247,9 +272,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
`wish`,
|
||||
`price`
|
||||
) VALUES (
|
||||
' . $wish_id . ',
|
||||
' . $wish_price . '
|
||||
);'
|
||||
:wish_id,
|
||||
:wish_price
|
||||
);',
|
||||
array(
|
||||
'wish_id' => $wish_id,
|
||||
'wish_price' => $wish_price,
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -265,7 +294,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
/**
|
||||
* Update Wish Status
|
||||
*/
|
||||
$status = Sanitiser::getStatus($_PUT['wish_status']);
|
||||
$wish_status = Sanitiser::getStatus($_PUT['wish_status']);
|
||||
$wish_id = Sanitiser::getNumber($_PUT['wish_id']);
|
||||
|
||||
if (Wish::STATUS_TEMPORARY === $status) {
|
||||
|
@ -274,8 +303,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
|
||||
$database->query(
|
||||
'UPDATE `wishes`
|
||||
SET `status` = "' . $status . '"
|
||||
WHERE `id` = ' . $wish_id . ';'
|
||||
SET `status` = :wish_status,
|
||||
WHERE `id` = :wish_id',
|
||||
array(
|
||||
'wish_status' => $wish_status,
|
||||
'wish_id' => $wish_id,
|
||||
)
|
||||
);
|
||||
|
||||
$response['success'] = true;
|
||||
|
@ -285,8 +318,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
*/
|
||||
$database->query(
|
||||
'UPDATE `wishes`
|
||||
SET `url` = "' . Sanitiser::getURL($_PUT['wish_url_proposed']) . '"
|
||||
WHERE `url` = "' . Sanitiser::getURL($_PUT['wish_url_current']) . '";'
|
||||
SET `url` = :wish_url_proposed,
|
||||
WHERE `url` = :wish_url_current',
|
||||
array(
|
||||
'wish_url_proposed' => Sanitiser::getURL($_PUT['wish_url_proposed']),
|
||||
'wish_url_current' => Sanitiser::getURL($_PUT['wish_url_current']),
|
||||
)
|
||||
);
|
||||
|
||||
$response['success'] = true;
|
||||
|
@ -299,7 +336,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
if (isset($_DELETE['wish_id'])) {
|
||||
$database->query(
|
||||
'DELETE FROM `wishes`
|
||||
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wish_id']) . ';'
|
||||
WHERE `id` = :wish_id',
|
||||
array(
|
||||
'wish_id' => Sanitiser::getNumber($_DELETE['wish_id']),
|
||||
)
|
||||
);
|
||||
|
||||
$response['success'] = true;
|
||||
|
|
|
@ -29,7 +29,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `wishlists_saved`
|
||||
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . ';'
|
||||
WHERE `wishlist` = :wishlist_id',
|
||||
array(
|
||||
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist'])
|
||||
)
|
||||
)
|
||||
->fetch();
|
||||
|
||||
|
@ -38,7 +41,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
$database
|
||||
->query(
|
||||
'DELETE FROM `wishlists_saved`
|
||||
WHERE `wishlist` = ' . Sanitiser::getNumber($_POST['wishlist']) . ';'
|
||||
WHERE `wishlist` = :wishlist_id',
|
||||
array(
|
||||
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist'])
|
||||
)
|
||||
);
|
||||
|
||||
$response['action'] = 'deleted';
|
||||
|
@ -50,9 +56,13 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
`user`,
|
||||
`wishlist`
|
||||
) VALUES (
|
||||
' . $_SESSION['user']->id . ',
|
||||
' . Sanitiser::getNumber($_POST['wishlist']) . '
|
||||
);'
|
||||
:user_id,
|
||||
:wishlist_id
|
||||
);',
|
||||
array(
|
||||
'user_id' => $_SESSION['user']->id,
|
||||
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist']),
|
||||
)
|
||||
);
|
||||
|
||||
$response['action'] = 'created';
|
||||
|
|
|
@ -17,7 +17,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
* Create
|
||||
*/
|
||||
$user_id = Sanitiser::getNumber($_SESSION['user']->id);
|
||||
$wish_name = Sanitiser::getTitle($_POST['wishlist-name']);
|
||||
$wishlist_name = Sanitiser::getTitle($_POST['wishlist-name']);
|
||||
$wishlist_hash = sha1(time() . $user_id . $wishlist_name);
|
||||
|
||||
$database->query(
|
||||
'INSERT INTO `wishlists` (
|
||||
|
@ -25,10 +26,15 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
`name`,
|
||||
`hash`
|
||||
) VALUES (
|
||||
' . $user_id . ',
|
||||
"' . $wish_name . '",
|
||||
"' . sha1(time() . $user_id . $wish_name) . '"
|
||||
);'
|
||||
:user_id,
|
||||
:wishlist_name,
|
||||
:wishlist_hash
|
||||
);',
|
||||
array(
|
||||
'user_id' => $user_id,
|
||||
'wishlist_name' => $wishlist_name,
|
||||
'wishlist_hash' => $wishlist_hash,
|
||||
)
|
||||
);
|
||||
|
||||
$response['data'] = array(
|
||||
|
@ -38,15 +44,18 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
/**
|
||||
* Request more wishes
|
||||
*/
|
||||
$wishlistID = Sanitiser::getNumber($_POST['wishlist-id']);
|
||||
$wishlist_id = Sanitiser::getNumber($_POST['wishlist-id']);
|
||||
|
||||
/** Get last notification time */
|
||||
$wishlistQuery = $database
|
||||
->query(
|
||||
'SELECT *
|
||||
FROM `wishlists`
|
||||
WHERE `id` = ' . $wishlistID . '
|
||||
AND (`notification_sent` < (CURRENT_TIMESTAMP - INTERVAL 1 DAY) OR `notification_sent` IS NULL);'
|
||||
WHERE `id` = :wishlist_id
|
||||
AND (`notification_sent` < (CURRENT_TIMESTAMP - INTERVAL 1 DAY) OR `notification_sent` IS NULL);',
|
||||
array(
|
||||
'wishlist_id' => $wishlist_id,
|
||||
)
|
||||
);
|
||||
|
||||
$wishlist = $wishlistQuery->fetch();
|
||||
|
@ -78,7 +87,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
->query(
|
||||
'UPDATE `wishlists`
|
||||
SET `notification_sent` = CURRENT_TIMESTAMP
|
||||
WHERE `id` = ' . $wishlist['id'] . ';'
|
||||
WHERE `id` = :wishlist_id;',
|
||||
array(
|
||||
'wishlist_id' = $wishlist['id'],
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -164,8 +176,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
$database
|
||||
->query(
|
||||
'UPDATE `wishlists`
|
||||
SET `name` = "' . Sanitiser::getTitle($_PUT['wishlist_title']) . '"
|
||||
WHERE `id` = ' . Sanitiser::getNumber($_PUT['wishlist_id']) . ';'
|
||||
SET `name` = :wishlist_name,
|
||||
WHERE `id` = :wishlist_id'
|
||||
array(
|
||||
'wishlist_name' => Sanitiser::getTitle($_PUT['wishlist_title']),
|
||||
'wishlist_id' => Sanitiser::getTitle($_PUT['wishlist_id']),
|
||||
)
|
||||
);
|
||||
|
||||
$response['success'] = true;
|
||||
|
@ -176,7 +192,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
|
||||
$database->query(
|
||||
'DELETE FROM `wishlists`
|
||||
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wishlist_id']) . ';'
|
||||
WHERE `id` = :wishlist_id;',
|
||||
array(
|
||||
'wishlist_id' => Sanitiser::getNumber($_DELETE['wishlist_id']),
|
||||
)
|
||||
);
|
||||
|
||||
$response['success'] = true;
|
||||
|
|
6
src/classes/cache/query.php
vendored
6
src/classes/cache/query.php
vendored
|
@ -12,11 +12,12 @@ class Query extends Cache
|
|||
* Private
|
||||
*/
|
||||
private \wishthis\Database $database;
|
||||
private array $placeholders = array();
|
||||
|
||||
/**
|
||||
* Public
|
||||
*/
|
||||
public function __construct(string $url, int $maxAge = \wishthis\Duration::YEAR)
|
||||
public function __construct(string $url, array $placeholders = array(), int $maxAge = \wishthis\Duration::YEAR)
|
||||
{
|
||||
global $database;
|
||||
|
||||
|
@ -33,7 +34,8 @@ class Query extends Cache
|
|||
$response = $this->exists() ? json_decode(file_get_contents($filepath), true) : array();
|
||||
|
||||
if (true === $this->generateCache()) {
|
||||
$pdoStatement = $this->database->query($this->url);
|
||||
$pdoStatement = $this->database
|
||||
->query($this->url, $this->placeholders);
|
||||
|
||||
if (false !== $pdoStatement) {
|
||||
if (1 === $pdoStatement->rowCount()) {
|
||||
|
|
|
@ -34,12 +34,10 @@ class Database
|
|||
$this->pdo = new \PDO($dsn, $this->user, $this->password, $options);
|
||||
}
|
||||
|
||||
public function query(string $query): \PDOStatement
|
||||
public function query(string $query, array $placeholders = array()): \PDOStatement
|
||||
{
|
||||
$statement = $this->pdo->query(
|
||||
$query,
|
||||
\PDO::FETCH_ASSOC
|
||||
);
|
||||
$statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC));
|
||||
$statement->execute($placeholders);
|
||||
|
||||
$this->lastInsertId = $this->pdo->lastInsertId();
|
||||
|
||||
|
@ -78,8 +76,12 @@ class Database
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `INFORMATION_SCHEMA`.`COLUMNS`
|
||||
WHERE TABLE_NAME = "' . $table_to_check . '"
|
||||
AND COLUMN_NAME = "' . $column_to_check . '"'
|
||||
WHERE `TABLE_NAME` = :table_name,
|
||||
AND `COLUMN_NAME` = :column_name',
|
||||
array(
|
||||
'table_name' => $table_to_check,
|
||||
'column_name' => $column_to_check,
|
||||
)
|
||||
)
|
||||
->fetch();
|
||||
$exists = false !== $result;
|
||||
|
|
|
@ -27,9 +27,14 @@ class Options
|
|||
|
||||
try {
|
||||
$option = $this->database->query(
|
||||
'SELECT * FROM `options`
|
||||
WHERE `key` = "' . Sanitiser::getOption($key) . '";'
|
||||
)->fetch();
|
||||
'SELECT *
|
||||
FROM `options`
|
||||
WHERE `key` = :option_key',
|
||||
array(
|
||||
'option_key' => Sanitiser::getOption($key),
|
||||
)
|
||||
)
|
||||
->fetch();
|
||||
|
||||
$value = $option['value'] ?? '';
|
||||
} catch (\Throwable $th) {
|
||||
|
@ -42,21 +47,37 @@ class Options
|
|||
public function setOption(string $key, string $value): void
|
||||
{
|
||||
$optionExists = 0 !== $this->database
|
||||
->query('SELECT *
|
||||
->query(
|
||||
'SELECT *
|
||||
FROM `options`
|
||||
WHERE `key` = "' . $key . '";')
|
||||
WHERE `key` = :option_key;',
|
||||
array(
|
||||
'option_key' => $key,
|
||||
)
|
||||
)
|
||||
->rowCount();
|
||||
|
||||
if ($optionExists) {
|
||||
$this->database->query('UPDATE `options`
|
||||
SET `value` = "' . $value . '"
|
||||
WHERE `key` = "' . $key . '"
|
||||
;');
|
||||
$this->database->query(
|
||||
'UPDATE `options`
|
||||
SET `value` = :option_value,
|
||||
WHERE `key` = :option_key;',
|
||||
array(
|
||||
'option_value' => $value,
|
||||
'option_key' => $key,
|
||||
)
|
||||
);
|
||||
} else {
|
||||
$this->database->query('INSERT INTO `options`
|
||||
(`key`, `value`) VALUES
|
||||
("' . $key . '", "' . $value . '")
|
||||
;');
|
||||
$this->database->query(
|
||||
'INSERT INTO `options`
|
||||
(`key`, `value`)
|
||||
VALUES
|
||||
(:option_key, :option_value);',
|
||||
array(
|
||||
'option_key' => $key,
|
||||
'option_value' => $value,
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,10 @@ class User
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `users`
|
||||
WHERE `id` = ' . $user_id
|
||||
WHERE `id` = :user_id',
|
||||
array(
|
||||
'user_id' => $user_id,
|
||||
)
|
||||
);
|
||||
|
||||
if (false !== $userQuery) {
|
||||
|
@ -139,7 +142,10 @@ class User
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `wishlists`
|
||||
WHERE `user` = ' . $this->id . ';'
|
||||
WHERE `user` = :user_id;',
|
||||
array(
|
||||
'user_id' => $this->id,
|
||||
)
|
||||
)
|
||||
->fetchAll();
|
||||
|
||||
|
@ -163,7 +169,10 @@ class User
|
|||
`w`.`hash`
|
||||
FROM `wishlists_saved` `ws`
|
||||
JOIN `wishlists` `w` ON `w`.`id` = `ws`.`wishlist`
|
||||
WHERE `ws`.`user` = ' . $this->id . ';'
|
||||
WHERE `ws`.`user` = :user_id;',
|
||||
array(
|
||||
'user_id' => $this->id,
|
||||
)
|
||||
)
|
||||
->fetchAll();
|
||||
|
||||
|
@ -190,7 +199,10 @@ class User
|
|||
$persistent = $database
|
||||
->query(
|
||||
'DELETE FROM `sessions`
|
||||
WHERE `session` = "' . $_COOKIE[COOKIE_PERSISTENT] . '";'
|
||||
WHERE `session` = :session;',
|
||||
array(
|
||||
'session' => $_COOKIE[COOKIE_PERSISTENT],
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ class Wish
|
|||
public const SELECT = '`wishes`.*, `products`.`price`';
|
||||
public const FROM = '`wishes`';
|
||||
public const LEFT_JOIN = '`products` ON `wishes`.`id` = `products`.`wish`';
|
||||
public const WHERE = '`wishes`.`id` = %d;';
|
||||
public const WHERE = '`wishes`.`id` = :wish_id;';
|
||||
|
||||
public const NO_IMAGE = '/src/assets/img/no-image.svg';
|
||||
|
||||
|
@ -83,7 +83,10 @@ class Wish
|
|||
' SELECT ' . self::SELECT . '
|
||||
FROM ' . self::FROM . '
|
||||
LEFT JOIN ' . self::LEFT_JOIN . '
|
||||
WHERE ' . sprintf(self::WHERE, $id)
|
||||
WHERE ' . self::WHERE,
|
||||
array(
|
||||
'wish_id' => $id,
|
||||
)
|
||||
)
|
||||
->fetch();
|
||||
} elseif (is_array($idOrColumns)) {
|
||||
|
|
|
@ -34,7 +34,10 @@ class Wishlist
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `wishlists`
|
||||
WHERE `' . $column . '` = ' . $id_or_hash . ';'
|
||||
WHERE `' . $column . '` = :id_or_hash;',
|
||||
array(
|
||||
'id_or_hash' => $id_or_hash,
|
||||
)
|
||||
)
|
||||
->fetch();
|
||||
|
||||
|
@ -54,15 +57,19 @@ class Wishlist
|
|||
// $this->wishes = $this->getWishes();
|
||||
}
|
||||
|
||||
public function getWishes($sql = array()): array
|
||||
public function getWishes($options = array()): array
|
||||
{
|
||||
global $database;
|
||||
|
||||
$SELECT = isset($sql['SELECT']) ? $sql['SELECT'] : Wish::SELECT;
|
||||
$FROM = isset($sql['FROM']) ? $sql['FROM'] : Wish::FROM;
|
||||
$LEFT_JOIN = isset($sql['LEFT_JOIN']) ? $sql['LEFT_JOIN'] : Wish::LEFT_JOIN;
|
||||
$WHERE = isset($sql['WHERE']) ? $sql['WHERE'] : '`wishlist` = ' . $this->id;
|
||||
$ORDER_BY = isset($sql['ORDER_BY']) ? $sql['ORDER_BY'] : '`priority` DESC, `url` ASC, `title` ASC';
|
||||
if (!isset($options['WHERE'])) {
|
||||
$options['placeholders']['wishlist_id'] = $this->id;
|
||||
}
|
||||
|
||||
$SELECT = isset($options['SELECT']) ? $options['SELECT'] : Wish::SELECT;
|
||||
$FROM = isset($options['FROM']) ? $options['FROM'] : Wish::FROM;
|
||||
$LEFT_JOIN = isset($options['LEFT_JOIN']) ? $options['LEFT_JOIN'] : Wish::LEFT_JOIN;
|
||||
$WHERE = isset($options['WHERE']) ? $options['WHERE'] : '`wishlist` = :wishlist_id';
|
||||
$ORDER_BY = isset($options['ORDER_BY']) ? $options['ORDER_BY'] : '`priority` DESC, `url` ASC, `title` ASC';
|
||||
|
||||
/** Default to showing available wishes */
|
||||
$wish_status = ' AND (
|
||||
|
@ -96,7 +103,8 @@ class Wishlist
|
|||
FROM ' . $FROM . '
|
||||
LEFT JOIN ' . $LEFT_JOIN . '
|
||||
WHERE ' . $WHERE . '
|
||||
ORDER BY ' . $ORDER_BY . ';'
|
||||
ORDER BY ' . $ORDER_BY . ';',
|
||||
$options['placeholders']
|
||||
)
|
||||
->fetchAll();
|
||||
|
||||
|
|
|
@ -43,9 +43,12 @@ $page->navigation();
|
|||
FROM `wishes`
|
||||
JOIN `wishlists` ON `wishes`.`wishlist` = `wishlists`.`id`
|
||||
JOIN `users` ON `wishlists`.`user` = `users`.`id`
|
||||
WHERE `users`.`id` = ' . $_SESSION['user']->id . '
|
||||
WHERE `users`.`id` = :user_id
|
||||
ORDER BY `wishes`.`edited` DESC
|
||||
LIMIT 1;'
|
||||
LIMIT 1;',
|
||||
array(
|
||||
'user_id' => $_SESSION['user']->id,
|
||||
)
|
||||
);
|
||||
|
||||
if (false !== $lastWishlistQuery && 1 === $lastWishlistQuery->rowCount()) {
|
||||
|
|
|
@ -17,7 +17,10 @@ if (isset($_POST['email'])) {
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `users`
|
||||
WHERE `email` = "' . $email . '";'
|
||||
WHERE `email` = :user_email;',
|
||||
array(
|
||||
'user_email' => $email,
|
||||
)
|
||||
);
|
||||
|
||||
$success = false !== $userQuery;
|
||||
|
|
|
@ -21,16 +21,24 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
|||
->query(
|
||||
'UPDATE `users`
|
||||
SET `last_login` = NOW()
|
||||
WHERE `email` = "' . $email . '"
|
||||
AND `password` = "' . $password . '";'
|
||||
WHERE `email` = :user_email,
|
||||
AND `password` = :user_password;',
|
||||
array(
|
||||
'user_email' => $email,
|
||||
'user_password' => $password,
|
||||
)
|
||||
);
|
||||
|
||||
$fields = $database
|
||||
->query(
|
||||
'SELECT *
|
||||
FROM `users`
|
||||
WHERE `email` = "' . $email . '"
|
||||
AND `password` = "' . $password . '";'
|
||||
WHERE `email` = :user_email,
|
||||
AND `password` = :user_password;',
|
||||
array(
|
||||
'user_email' => $email,
|
||||
'user_password' => $password,
|
||||
)
|
||||
)
|
||||
->fetch();
|
||||
|
||||
|
@ -67,10 +75,15 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
|||
`session`,
|
||||
`expires`
|
||||
) VALUES (
|
||||
' . $_SESSION['user']->id . ',
|
||||
"' . session_id() . '",
|
||||
"' . date('Y-m-d H:i:s', $sessionExpires) . '"
|
||||
);'
|
||||
:user_id,
|
||||
:session_id,
|
||||
:session_expires
|
||||
);',
|
||||
array(
|
||||
'user_id' => $_SESSION['user']->id,
|
||||
'session_id' => session_id(),
|
||||
'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
|
||||
)
|
||||
);
|
||||
} else {
|
||||
$database->query(
|
||||
|
@ -78,9 +91,13 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
|
|||
`user`,
|
||||
`session`
|
||||
) VALUES (
|
||||
' . $_SESSION['user']->id . ',
|
||||
"' . session_id() . '"
|
||||
);'
|
||||
:user_id,
|
||||
:session_id
|
||||
);',
|
||||
array(
|
||||
'user_id' => $_SESSION['user']->id,
|
||||
'session_id' => session_id(),
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -108,7 +125,10 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
|||
->query(
|
||||
'SELECT *
|
||||
FROM `users`
|
||||
WHERE `email` = "' . Sanitiser::getEmail($_POST['email']) . '";'
|
||||
WHERE `email` = :user_email;',
|
||||
array(
|
||||
'user_email' => Sanitiser::getEmail($_POST['email']),
|
||||
)
|
||||
);
|
||||
|
||||
$user = false !== $userQuery ? new User($userQuery->fetch()) : new User();
|
||||
|
@ -120,9 +140,13 @@ if (isset($_POST['reset'], $_POST['email'])) {
|
|||
$database
|
||||
->query(
|
||||
'UPDATE `users`
|
||||
SET `password_reset_token` = "' . $token . '",
|
||||
`password_reset_valid_until` = "' . date('Y-m-d H:i:s', $validUntil) . '"
|
||||
WHERE `id` = ' . $user->id . ';'
|
||||
SET `password_reset_token` = :user_password_reset_token,
|
||||
`password_reset_valid_until` = :user_reset_valid_until
|
||||
WHERE `id` = ' . $user->id . ';',
|
||||
array(
|
||||
'user_password_reset_token' => $token,
|
||||
'user_reset_valid_until' => date('Y-m-d H:i:s', $validUntil),
|
||||
)
|
||||
);
|
||||
|
||||
$emailReset = new Email($_POST['email'], __('Password reset link', null, $user), 'default', 'password-reset');
|
||||
|
|
|
@ -32,7 +32,7 @@ if (isset($_POST['user-id'], $_POST['section'])) {
|
|||
'column' => 'email',
|
||||
'key' => 'user-email',
|
||||
'label' => __('Email'),
|
||||
)
|
||||
),
|
||||
);
|
||||
$loginRequired = false;
|
||||
|
||||
|
@ -150,7 +150,10 @@ if (isset($_POST['user-id'], $_POST['section'])) {
|
|||
->query(
|
||||
'UPDATE `users`
|
||||
SET ' . implode(',', $set) . '
|
||||
WHERE `id` = ' . Sanitiser::getNumber($_POST['user-id'])
|
||||
WHERE `id` = :user_id',
|
||||
array(
|
||||
'user_id' => Sanitiser::getNumber($_POST['user-id']),
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
@ -16,7 +16,12 @@ $buttonSubmit = $passwordReset ? __('Reset') : __('Register');
|
|||
$page = new Page(__FILE__, $pageTitle);
|
||||
|
||||
if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
||||
$users = $database->query('SELECT * FROM `users`;')->fetchAll();
|
||||
$users = $database
|
||||
->query(
|
||||
'SELECT *
|
||||
FROM `users`;'
|
||||
)
|
||||
->fetchAll();
|
||||
$emails = array_map(
|
||||
function ($user) {
|
||||
return $user['email'];
|
||||
|
@ -67,8 +72,12 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
|||
$userQuery = $database
|
||||
->query(
|
||||
'SELECT * FROM `users`
|
||||
WHERE `email` = "' . $user_email . '"
|
||||
AND `password_reset_token` = "' . $user_token . '";'
|
||||
WHERE `email` = :user_email,
|
||||
AND `password_reset_token` = :user_password_reset_token',
|
||||
array(
|
||||
'user_email' => $user_email,
|
||||
'user_password_reset_token' => $user_token,
|
||||
)
|
||||
);
|
||||
|
||||
if (false !== $userQuery) {
|
||||
|
@ -78,10 +87,14 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
|||
$database
|
||||
->query(
|
||||
'UPDATE `users`
|
||||
SET `password` = "' . User::generatePassword($_POST['password']) . '",
|
||||
SET `password` = :user_password,
|
||||
`password_reset_token` = NULL,
|
||||
`password_reset_valid_until` = NULL
|
||||
WHERE `id` = ' . $user->id . ';'
|
||||
WHERE `id` = :user_id;',
|
||||
array(
|
||||
'user_password' => User::generatePassword($_POST['password']),
|
||||
'user_id' => $user->id,
|
||||
)
|
||||
);
|
||||
|
||||
$page->messages[] = Page::success(
|
||||
|
@ -105,10 +118,14 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
|||
`password`,
|
||||
`power`
|
||||
) VALUES (
|
||||
"' . $user_email . '",
|
||||
"' . User::generatePassword($_POST['password']) . '",
|
||||
:user_email,
|
||||
:user_password,
|
||||
100
|
||||
);'
|
||||
);',
|
||||
array(
|
||||
'user_email' => $user_email,
|
||||
'user_password' => User::generatePassword($_POST['password']),
|
||||
)
|
||||
);
|
||||
$userRegistered = true;
|
||||
} else {
|
||||
|
@ -123,9 +140,13 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
|||
`email`,
|
||||
`password`
|
||||
) VALUES (
|
||||
"' . $user_email . '",
|
||||
"' . User::generatePassword($_POST['password']) . '"
|
||||
);'
|
||||
:user_email,
|
||||
:user_password
|
||||
);',
|
||||
array(
|
||||
'user_email' => $user_email,
|
||||
'user_password' => User::generatePassword($_POST['password']),
|
||||
)
|
||||
);
|
||||
$userRegistered = true;
|
||||
|
||||
|
@ -138,8 +159,9 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
|||
* Insert default wishlist
|
||||
*/
|
||||
if ($userRegistered) {
|
||||
$userID = $database->lastInsertID();
|
||||
$wishlistName = Sanitiser::getTitle(__('My hopes and dreams'));
|
||||
$user_id = $database->lastInsertID();
|
||||
$wishlist_name = Sanitiser::getTitle(__('My hopes and dreams'));
|
||||
$wishlist_hash = sha1(time() . $user_id . $wishlist_name);
|
||||
|
||||
$database
|
||||
->query(
|
||||
|
@ -148,10 +170,15 @@ if (isset($_POST['email'], $_POST['password']) && !empty($_POST['planet'])) {
|
|||
`name`,
|
||||
`hash`
|
||||
) VALUES (
|
||||
' . $userID . ',
|
||||
"' . $wishlistName . '",
|
||||
"' . sha1(time() . $userID . $wishlistName) . '"
|
||||
);'
|
||||
:wishlist_user_id,
|
||||
:wishlist_name,
|
||||
:wishlist_hash
|
||||
);',
|
||||
array(
|
||||
'wishlist_user_id' => $user_id,
|
||||
'wishlist_name' => $wishlist_name,
|
||||
'wishlist_hash' => $wishlist_hash,
|
||||
)
|
||||
);
|
||||
}
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue