|
@@ -58,18 +58,33 @@ |
58 |
58 |
|
$hashedPwd = password_hash($password, PASSWORD_DEFAULT); |
59 |
59 |
|
$newToken = sha1($user->username.session_id().time()); |
60 |
60 |
|
|
61 |
|
- |
$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token) |
|
61 |
+ |
/*$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token) |
62 |
62 |
|
VALUES ('".$user->username."', |
63 |
63 |
|
'".$hashedPwd."', |
64 |
64 |
|
'".$user->nome."', |
65 |
65 |
|
'".$user->cognome."', |
66 |
66 |
|
'".$user->cell."', |
67 |
67 |
|
'".$user->email."', |
68 |
|
- |
'".$newToken."')"; |
|
68 |
+ |
'".$newToken."')";*/ |
69 |
69 |
|
|
70 |
|
- |
//echo "<br/>".$query."<br/>"; |
|
70 |
+ |
//echo "<br/>".$query."<br/>"; |
|
71 |
+ |
|
|
72 |
+ |
$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token) |
|
73 |
+ |
VALUES (:username, :password, :nome, :cognome, :cell, :email, :token)"; |
|
74 |
+ |
|
|
75 |
+ |
$stmt = $this->db->prepare($query); |
71 |
76 |
|
|
72 |
|
- |
$this->db->exec($query); |
|
77 |
+ |
$stmt->bindParam(':username', $user->username); |
|
78 |
+ |
$stmt->bindParam(':password', $hashedPwd); |
|
79 |
+ |
$stmt->bindParam(':nome', $user->nome); |
|
80 |
+ |
$stmt->bindParam(':cognome', $user->cognome); |
|
81 |
+ |
$stmt->bindParam(':cell', $user->cell); |
|
82 |
+ |
$stmt->bindParam(':email', $user->email); |
|
83 |
+ |
$stmt->bindParam(':token', $newToken); |
|
84 |
+ |
|
|
85 |
+ |
$result = $stmt->execute(); |
|
86 |
+ |
|
|
87 |
+ |
//$this->db->exec($query); |
73 |
88 |
|
$status["id"] = $this->db->lastInsertId(); |
74 |
89 |
|
$status["return"] = 0; |
75 |
90 |
|
$status["token"] = $newToken; |
|
@@ -318,9 +333,15 @@ |
318 |
333 |
|
public function getAvatar($user_id) { |
319 |
334 |
|
$status = array(); |
320 |
335 |
|
try { |
321 |
|
- |
$query = "SELECT avatar FROM utente WHERE id='".$user_id."'"; |
322 |
|
- |
$result = $this->db->query($query); |
323 |
|
- |
$row = ($result->rowCount()>0) ? $result->fetch() : null; |
|
336 |
+ |
//$query = "SELECT avatar FROM utente WHERE id='".$user_id."'"; |
|
337 |
+ |
$query = "SELECT avatar FROM utente WHERE id=:id"; |
|
338 |
+ |
|
|
339 |
+ |
$stmt = $this->db->prepare($query); |
|
340 |
+ |
$stmt->bindParam(':id', $user_id); |
|
341 |
+ |
$result = $stmt->execute(); |
|
342 |
+ |
|
|
343 |
+ |
//$result = $this->db->query($query); |
|
344 |
+ |
$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null; |
324 |
345 |
|
|
325 |
346 |
|
if (!is_null($row)) { |
326 |
347 |
|
$status["return"] = 0; |
|
@@ -349,13 +370,20 @@ |
349 |
370 |
|
$status = array(); |
350 |
371 |
|
|
351 |
372 |
|
try { |
352 |
|
- |
$query = "UPDATE utente |
|
373 |
+ |
/*$query = "UPDATE utente |
353 |
374 |
|
SET avatar='".$avatar_url."' |
354 |
|
- |
WHERE id=".$user_id; |
|
375 |
+ |
WHERE id=".$user_id;*/ |
|
376 |
+ |
|
|
377 |
+ |
//echo "<br/>".$query."<br/>"; |
355 |
378 |
|
|
356 |
|
- |
//echo "<br/>".$query."<br/>"; |
|
379 |
+ |
$query = "UPDATE utente SET avatar=:avatar WHERE id=:id"; |
|
380 |
+ |
|
|
381 |
+ |
$stmt = $this->db->prepare($query); |
|
382 |
+ |
$stmt->bindParam(':avatar', $avatar_url); |
|
383 |
+ |
$stmt->bindParam(':id', $user_id); |
|
384 |
+ |
$stmt->execute(); |
357 |
385 |
|
|
358 |
|
- |
$this->db->exec($query); |
|
386 |
+ |
//$this->db->exec($query); |
359 |
387 |
|
$status["return"] = 0; |
360 |
388 |
|
$status["avatar_name"] = $avatar_url; |
361 |
389 |
|
return $status; |
|
@@ -370,34 +398,53 @@ |
370 |
398 |
|
|
371 |
399 |
|
public function editUser($user) { //$user è l'oggetto Utente |
372 |
400 |
|
$status = array(); |
|
401 |
+ |
$array_params = array(); |
373 |
402 |
|
|
374 |
403 |
|
try { |
375 |
404 |
|
|
376 |
405 |
|
$setString = ""; |
377 |
406 |
|
|
378 |
407 |
|
if (isset($user->nome) && !is_null($user->nome)) { |
379 |
|
- |
$setString = ($setString == "") ? "nome='".$user->nome."'" : $setString.",nome='".$user->nome."'"; |
|
408 |
+ |
//$setString = ($setString == "") ? "nome='".$user->nome."'" : $setString.",nome='".$user->nome."'"; |
|
409 |
+ |
$setString = ($setString == "") ? "nome=:nome" : $setString.",nome=:nome"; |
|
410 |
+ |
$array_params[":nome"] = $user->nome; |
380 |
411 |
|
} |
381 |
412 |
|
|
382 |
413 |
|
if (isset($user->cognome) && !is_null($user->cognome)) { |
383 |
|
- |
$setString = ($setString == "") ? "cognome='".$user->cognome."'" : $setString.",cognome='".$user->cognome."'"; |
|
414 |
+ |
//$setString = ($setString == "") ? "cognome='".$user->cognome."'" : $setString.",cognome='".$user->cognome."'"; |
|
415 |
+ |
$setString = ($setString == "") ? "cognome=:cognome" : $setString.",cognome=:cognome"; |
|
416 |
+ |
$array_params[":cognome"] = $user->cognome; |
384 |
417 |
|
} |
385 |
418 |
|
|
386 |
419 |
|
if (isset($user->cell) && !is_null($user->cell)) { |
387 |
|
- |
$setString = ($setString == "") ? "cell='".$user->cell."'" : $setString.",cell='".$user->cell."'"; |
|
420 |
+ |
//$setString = ($setString == "") ? "cell='".$user->cell."'" : $setString.",cell='".$user->cell."'"; |
|
421 |
+ |
$setString = ($setString == "") ? "cell=:cell" : $setString.",cell=:cell"; |
|
422 |
+ |
$array_params[":cell"] = $user->cell; |
388 |
423 |
|
} |
389 |
424 |
|
|
390 |
425 |
|
if (isset($user->email) && !is_null($user->email)) { |
391 |
|
- |
$setString = ($setString == "") ? "email='".$user->email."'" : $setString.",email='".$user->email."'"; |
|
426 |
+ |
//$setString = ($setString == "") ? "email='".$user->email."'" : $setString.",email='".$user->email."'"; |
|
427 |
+ |
$setString = ($setString == "") ? "email=:email" : $setString.",email=:email"; |
|
428 |
+ |
$array_params[":email"] = $user->email; |
392 |
429 |
|
} |
393 |
430 |
|
|
394 |
|
- |
$query = "UPDATE utente |
|
431 |
+ |
/*$query = "UPDATE utente |
|
432 |
+ |
SET ".$setString." |
|
433 |
+ |
WHERE id=".$user->id;*/ |
|
434 |
+ |
|
|
435 |
+ |
//echo "<br/>".$query."<br/>"; |
|
436 |
+ |
|
|
437 |
+ |
//$this->db->exec($query); |
|
438 |
+ |
|
|
439 |
+ |
$query = "UPDATE utente |
395 |
440 |
|
SET ".$setString." |
396 |
|
- |
WHERE id=".$user->id; |
|
441 |
+ |
WHERE id=:id"; |
|
442 |
+ |
|
|
443 |
+ |
$array_params[":id"] = $user->id; |
397 |
444 |
|
|
398 |
|
- |
//echo "<br/>".$query."<br/>"; |
|
445 |
+ |
$stmt = $this->db->prepare($query); |
|
446 |
+ |
$stmt->execute($array_params); |
399 |
447 |
|
|
400 |
|
- |
$this->db->exec($query); |
401 |
448 |
|
$status["return"] = 0; |
402 |
449 |
|
|
403 |
450 |
|
} catch (PDOException $e) { |
|
@@ -413,12 +460,21 @@ |
413 |
460 |
|
|
414 |
461 |
|
public function deleteUser($user_id) { |
415 |
462 |
|
$status = array(); |
|
463 |
+ |
/*$query = "UPDATE utente,locale |
|
464 |
+ |
SET utente.is_active=0, utente.token='', locale.hidden=1 |
|
465 |
+ |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/ |
|
466 |
+ |
|
416 |
467 |
|
$query = "UPDATE utente,locale |
417 |
468 |
|
SET utente.is_active=0, utente.token='', locale.hidden=1 |
418 |
|
- |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id; |
|
469 |
+ |
WHERE utente.id=:id_utente AND locale.id_utente_owner=:id_utente_owner"; |
419 |
470 |
|
|
420 |
471 |
|
try { |
421 |
|
- |
$this->db->exec($query); |
|
472 |
+ |
$stmt = $this->db->prepare($query); |
|
473 |
+ |
$stmt->bindParam(':id_utente', $user_id); |
|
474 |
+ |
$stmt->bindParam(':id_utente_owner', $user_id); |
|
475 |
+ |
$stmt->execute(); |
|
476 |
+ |
|
|
477 |
+ |
//$this->db->exec($query); |
422 |
478 |
|
$status["return"] = 0; |
423 |
479 |
|
return $status; |
424 |
480 |
|
} catch (PDOException $e) { |
|
@@ -431,12 +487,21 @@ |
431 |
487 |
|
|
432 |
488 |
|
public function enableUser($user_id) { |
433 |
489 |
|
$status = array(); |
|
490 |
+ |
/*$query = "UPDATE utente,locale |
|
491 |
+ |
SET utente.is_active=1, locale.hidden=0 |
|
492 |
+ |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/ |
|
493 |
+ |
|
434 |
494 |
|
$query = "UPDATE utente,locale |
435 |
495 |
|
SET utente.is_active=1, locale.hidden=0 |
436 |
|
- |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id; |
|
496 |
+ |
WHERE utente.id=:id_utente AND locale.id_utente_owner=:id_utente_owner"; |
437 |
497 |
|
|
438 |
498 |
|
try { |
439 |
|
- |
$this->db->exec($query); |
|
499 |
+ |
$stmt = $this->db->prepare($query); |
|
500 |
+ |
$stmt->bindParam(':id_utente', $user_id); |
|
501 |
+ |
$stmt->bindParam(':id_utente_owner', $user_id); |
|
502 |
+ |
$stmt->execute(); |
|
503 |
+ |
|
|
504 |
+ |
//$this->db->exec($query); |
440 |
505 |
|
$status["return"] = 0; |
441 |
506 |
|
return $status; |
442 |
507 |
|
} catch (PDOException $e) { |