|
@@ -27,7 +27,6 @@ |
27 |
27 |
|
$stmt = $conn->prepare($queryToken); |
28 |
28 |
|
$stmt->bindParam(':token', $token); |
29 |
29 |
|
$result = $stmt->execute(); |
30 |
|
- |
|
31 |
30 |
|
return ($stmt->rowCount()>0); |
32 |
31 |
|
} catch (PDOException $e) { |
33 |
32 |
|
echo $e->getMessage(); |
|
@@ -91,14 +90,22 @@ |
91 |
90 |
|
$status = array(); |
92 |
91 |
|
|
93 |
92 |
|
try { |
94 |
|
- |
$query = "SELECT id, password, email, is_owner FROM utente WHERE username='".$username."' AND is_active=1"; |
|
93 |
+ |
//$query = "SELECT id, password, email, is_owner FROM utente WHERE username='".$username."' AND is_active=1"; |
|
94 |
+ |
|
|
95 |
+ |
$query = "SELECT id, password, email, is_owner FROM utente WHERE username=:username AND is_active=1"; |
95 |
96 |
|
|
96 |
97 |
|
if ($is_admin) { |
97 |
98 |
|
$query = $query." AND is_admin=1"; |
98 |
99 |
|
} |
99 |
100 |
|
|
100 |
|
- |
$result = $this->db->query($query); |
101 |
|
- |
$row = ($result->rowCount()>0) ? $result->fetch() : null; |
|
101 |
+ |
$stmt = $this->db->prepare($query); |
|
102 |
+ |
$stmt->bindParam(':username', $username); |
|
103 |
+ |
$result = $stmt->execute(); |
|
104 |
+ |
|
|
105 |
+ |
/*$result = $this->db->query($query); |
|
106 |
+ |
$row = ($result->rowCount()>0) ? $result->fetch() : null;*/ |
|
107 |
+ |
|
|
108 |
+ |
$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null; |
102 |
109 |
|
|
103 |
110 |
|
if (is_null($row)) { |
104 |
111 |
|
$status = createErrorMessage(1, "Username non valido"); |
|
@@ -114,13 +121,20 @@ |
114 |
121 |
|
//$newToken = sha1($row["email"].session_id().time()); |
115 |
122 |
|
$newToken = sha1($username.session_id().time()); |
116 |
123 |
|
|
117 |
|
- |
$queryToken = "UPDATE utente |
|
124 |
+ |
/*$queryToken = "UPDATE utente |
118 |
125 |
|
SET token='".$newToken."' |
119 |
|
- |
WHERE id=".$row["id"]; |
|
126 |
+ |
WHERE id=".$row["id"];*/ |
120 |
127 |
|
|
121 |
128 |
|
//echo "<br/>".$queryToken."<br/>"; |
122 |
129 |
|
|
123 |
|
- |
$this->db->exec($queryToken); |
|
130 |
+ |
$queryToken = "UPDATE utente SET token=:token WHERE id=:id"; |
|
131 |
+ |
|
|
132 |
+ |
//$this->db->exec($queryToken); |
|
133 |
+ |
|
|
134 |
+ |
$stmt = $this->db->prepare($queryToken); |
|
135 |
+ |
$stmt->bindParam(':token', $newToken); |
|
136 |
+ |
$stmt->bindParam(':id', $row["id"]); |
|
137 |
+ |
$stmt->execute(); |
124 |
138 |
|
|
125 |
139 |
|
$status["return"] = 0; |
126 |
140 |
|
$status["is_owner"] = $row["is_owner"]; |
|
@@ -143,13 +157,19 @@ |
143 |
157 |
|
public function logoutUser($user_id) { |
144 |
158 |
|
$status = array(); |
145 |
159 |
|
try { |
146 |
|
- |
$queryToken = "UPDATE utente |
|
160 |
+ |
/*$queryToken = "UPDATE utente |
147 |
161 |
|
SET token = '' |
148 |
|
- |
WHERE id=".$user_id; |
|
162 |
+ |
WHERE id=".$user_id;*/ |
149 |
163 |
|
|
150 |
164 |
|
//echo "<br/>".$queryToken."<br/>"; |
151 |
165 |
|
|
152 |
|
- |
$this->db->exec($queryToken); |
|
166 |
+ |
$queryToken = "UPDATE utente SET token='' WHERE id=:id"; |
|
167 |
+ |
|
|
168 |
+ |
//$this->db->exec($queryToken); |
|
169 |
+ |
|
|
170 |
+ |
$stmt = $this->db->prepare($queryToken); |
|
171 |
+ |
$stmt->bindParam(':id', $user_id); |
|
172 |
+ |
$stmt->execute(); |
153 |
173 |
|
|
154 |
174 |
|
$status["return"] = 0; |
155 |
175 |
|
return $status; |
|
@@ -198,18 +218,36 @@ |
198 |
218 |
|
$u_last_name = $graphObject->getProperty('last_name'); |
199 |
219 |
|
$u_email = $graphObject->getProperty('email'); |
200 |
220 |
|
|
201 |
|
- |
$sql = "SELECT id, username FROM utente WHERE email='".$user_email."'"; |
|
221 |
+ |
//$sql = "SELECT id, username FROM utente WHERE email='".$user_email."'"; |
|
222 |
+ |
$sql = "SELECT id, username FROM utente WHERE email=:email"; |
|
223 |
+ |
|
|
224 |
+ |
//$result = $this->db->query($sql); |
202 |
225 |
|
|
203 |
|
- |
$result = $this->db->query($sql); |
204 |
|
- |
$row = ($result->rowCount()>0) ? $result->fetch() : null; |
|
226 |
+ |
$stmt = $this->db->prepare($sql); |
|
227 |
+ |
$stmt->bindParam(':email', $user_email); |
|
228 |
+ |
$stmt->execute(); |
|
229 |
+ |
|
|
230 |
+ |
$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null; |
205 |
231 |
|
|
206 |
232 |
|
if (!is_null($row)) { //utente già esistente |
207 |
233 |
|
|
208 |
|
- |
$sql = "UPDATE utente |
|
234 |
+ |
/*$sql = "UPDATE utente |
209 |
235 |
|
SET nome='".$u_first_name."', cognome='".$u_last_name."', email='".$u_email."', token='".$fb_token."' |
210 |
|
- |
WHERE id=".$row["id"]; |
|
236 |
+ |
WHERE id=".$row["id"];*/ |
|
237 |
+ |
|
|
238 |
+ |
$sql = "UPDATE utente |
|
239 |
+ |
SET nome=:nome, cognome=:cognome, email=:email, token=:token |
|
240 |
+ |
WHERE id=:id"; |
|
241 |
+ |
|
|
242 |
+ |
$stmt = $this->db->prepare($sql); |
|
243 |
+ |
$stmt->bindParam(':nome', $u_first_name); |
|
244 |
+ |
$stmt->bindParam(':cognome', $u_last_name); |
|
245 |
+ |
$stmt->bindParam(':email', $u_email); |
|
246 |
+ |
$stmt->bindParam(':token', $fb_token); |
|
247 |
+ |
$stmt->bindParam(':id', $row["id"]); |
|
248 |
+ |
$stmt->execute(); |
211 |
249 |
|
|
212 |
|
- |
$this->db->exec($sql); |
|
250 |
+ |
//$this->db->exec($sql); |
213 |
251 |
|
$status["id"] = $row["id"]; |
214 |
252 |
|
$status["username"] = $row["username"]; |
215 |
253 |
|
|
|
@@ -225,12 +263,24 @@ |
225 |
263 |
|
fputs($file, $fb_avatar_data); |
226 |
264 |
|
fclose($file); |
227 |
265 |
|
|
228 |
|
- |
$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar) |
229 |
|
- |
VALUES ('".$u_first_name."','".$u_last_name."','".$u_email."','".$fb_token."','".$username."','".$image_filename."')"; |
|
266 |
+ |
/*$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar) |
|
267 |
+ |
VALUES ('".$u_first_name."','".$u_last_name."','".$u_email."','".$fb_token."','".$username."','".$image_filename."')";*/ |
230 |
268 |
|
|
231 |
269 |
|
//echo "<br/>".$sql."<br/>"; |
232 |
270 |
|
|
233 |
|
- |
$this->db->exec($sql); |
|
271 |
+ |
$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar) |
|
272 |
+ |
VALUES (:nome,:cognome,:email,:token,:username,:avatar)"; |
|
273 |
+ |
|
|
274 |
+ |
$stmt = $this->db->prepare($sql); |
|
275 |
+ |
$stmt->bindParam(':nome', $u_first_name); |
|
276 |
+ |
$stmt->bindParam(':cognome', $u_last_name); |
|
277 |
+ |
$stmt->bindParam(':email', $u_email); |
|
278 |
+ |
$stmt->bindParam(':token', $fb_token); |
|
279 |
+ |
$stmt->bindParam(':username', $username); |
|
280 |
+ |
$stmt->bindParam(':avatar', $image_filename); |
|
281 |
+ |
$stmt->execute(); |
|
282 |
+ |
|
|
283 |
+ |
//$this->db->exec($sql); |
234 |
284 |
|
$status["id"] = $this->db->lastInsertId(); |
235 |
285 |
|
$status["username"] = $username; |
236 |
286 |
|
|