yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-03 01:39:28 +02:00
Code Issues Releases Wiki Activity

Parameterise query in Api

Browse source
This commit is contained in:
Paul Arthur 2013-02-04 17:55:43 -05:00
parent f3df0465c1
commit 860b7d3ed3
1 changed files with 6 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
lib/class/api.class.php
View file

@ -143,7 +143,6 @@ class Api {
$client = User::get_from_username($username);
$user_id = $client->id;
}
$user_id = Dba::escape($user_id);
// Log this attempt
debug_event('API', "Login Attempt, IP:$ip Time: $timestamp User:$username ($user_id) Auth:$passphrase", 1);
@ -152,8 +151,8 @@ class Api {
// Now we're sure that there is an ACL line that matches
// this user or ALL USERS, pull the user's password and
// then see what we come out with
$sql = "SELECT * FROM `user` WHERE `id`='$user_id'";
$db_results = Dba::read($sql);
$sql = 'SELECT * FROM `user` WHERE `id`=?';
$db_results = Dba::read($sql, array($user_id));
$row = Dba::fetch_assoc($db_results);
@ -167,17 +166,16 @@ class Api {
if ($sha1pass === $passphrase) {
// Create the session
// FIXME: needs to be moved to the correct class
$data['username'] = $client->username;
$data['type'] = 'api';
$data['value'] = $timestamp;
$data['username'] = $client->username;
$data['type'] = 'api';
$data['value'] = $timestamp;
$token = Session::create($data);
debug_event('API', 'Login Success, passphrase matched', 1);
// We need to also get the 'last update' of the
// catalog information in an RFC 2822 Format
$sql = "SELECT MAX(`last_update`) AS `update`,MAX(`last_add`) AS `add`, MAX(`last_clean`) AS `clean` FROM `catalog`";
$sql = 'SELECT MAX(`last_update`) AS `update`, MAX(`last_add`) AS `add`, MAX(`last_clean`) AS `clean` FROM `catalog`';
$db_results = Dba::read($sql);
$row = Dba::fetch_assoc($db_results);