diff --git a/classes/auth/base.php b/classes/auth/base.php
index 3044312139042750542159e470b2623528e3dfe5..652b66e6e2d139a64b356abdb6b052c87d081f23 100644
--- a/classes/auth/base.php
+++ b/classes/auth/base.php
@@ -1,9 +1,11 @@
<?php
class Auth_Base {
private $dbh;
+ private $pdo;
function __construct() {
$this->dbh = Db::get();
+ $this->pdo = Db::pdo();
}
/**
@@ -29,15 +31,13 @@ class Auth_Base {
if (!$password) $password = make_password();
if (!$user_id) {
- $login = $this->dbh->escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
- $query = "INSERT INTO ttrss_users
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_users
(login,access_level,last_login,created,pwd_hash,salt)
- VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
-
- $this->dbh->query($query);
+ VALUES (?, 0, null, NOW(), ?,?)");
+ $sth->execute([$login, $pwd_hash, $salt]);
return $this->find_user_by_login($login);
@@ -50,13 +50,12 @@ class Auth_Base {
}
function find_user_by_login($login) {
- $login = $this->dbh->escape_string($login);
-
- $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
- login = '$login'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
+ login = ?");
+ $sth->execute([$login]);
- if ($this->dbh->num_rows($result) > 0) {
- return $this->dbh->fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ return $row["id"];
} else {
return false;
}
diff --git a/include/functions.php b/include/functions.php
index 377d4964741ed2ed7015bc20df32a584843863dd..e7d74df04e23727b33c30c9e5d86f351ad38edec 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -266,8 +266,8 @@
marked = false AND
feed_id = ? AND
$query_limit
- ttrss_entries.date_updated < NOW() - INTERVAL ?");
- $sth->execute([$feed_id, "$purge_interval days"]);
+ ttrss_entries.date_updated < NOW() - INTERVAL ? days");
+ $sth->execute([$feed_id, $purge_interval]);
} else {
$sth = $pdo->prepare("DELETE FROM ttrss_user_entries