|
@@ -20,18 +20,63 @@ |
20 |
20 |
|
$this->db = $db; |
21 |
21 |
|
} |
22 |
22 |
|
|
23 |
|
- |
public static function checkToken($token, $conn) { |
|
23 |
+ |
public static function checkToken($token, $conn) { //utile per il control panel |
24 |
24 |
|
try { |
25 |
|
- |
$queryToken = "SELECT id FROM utente WHERE token='".$token."'"; |
26 |
|
- |
//echo "<br/>".$queryToken."<br/>"; |
27 |
|
- |
$result = $conn->query($queryToken); |
28 |
|
- |
return ($result->rowCount()>0); |
|
25 |
+ |
//$queryToken = "SELECT id FROM utente WHERE token='".$token."'"; |
|
26 |
+ |
$queryToken = "SELECT id FROM utente WHERE token=:token"; |
|
27 |
+ |
$stmt = $conn->prepare($queryToken); |
|
28 |
+ |
$stmt->bindParam(':token', $token); |
|
29 |
+ |
$result = $stmt->execute(); |
|
30 |
+ |
return ($stmt->rowCount()>0); |
|
31 |
+ |
} catch (PDOException $e) { |
|
32 |
+ |
echo $e->getMessage(); |
|
33 |
+ |
return false; |
|
34 |
+ |
} |
|
35 |
+ |
} |
|
36 |
+ |
|
|
37 |
+ |
public static function checkUserByToken($user_id, $token, $conn) { |
|
38 |
+ |
try { |
|
39 |
+ |
//$queryToken = "SELECT id FROM utente WHERE token='".$token."'"; |
|
40 |
+ |
$queryToken = "SELECT id FROM utente WHERE token=:token AND id=:id"; |
|
41 |
+ |
$stmt = $conn->prepare($queryToken); |
|
42 |
+ |
$stmt->bindParam(':token', $token); |
|
43 |
+ |
$stmt->bindParam(':id', $user_id); |
|
44 |
+ |
$result = $stmt->execute(); |
|
45 |
+ |
return ($stmt->rowCount()>0); |
29 |
46 |
|
} catch (PDOException $e) { |
30 |
47 |
|
echo $e->getMessage(); |
31 |
48 |
|
return false; |
32 |
49 |
|
} |
33 |
50 |
|
} |
34 |
51 |
|
|
|
52 |
+ |
public static function checkAdminByToken($token, $conn) { |
|
53 |
+ |
try { |
|
54 |
+ |
//$queryToken = "SELECT id FROM utente WHERE token='".$token."'"; |
|
55 |
+ |
$queryToken = "SELECT id FROM utente WHERE token=:token AND is_admin=1"; |
|
56 |
+ |
$stmt = $conn->prepare($queryToken); |
|
57 |
+ |
$stmt->bindParam(':token', $token); |
|
58 |
+ |
$result = $stmt->execute(); |
|
59 |
+ |
return ($stmt->rowCount()>0); |
|
60 |
+ |
} catch (PDOException $e) { |
|
61 |
+ |
echo $e->getMessage(); |
|
62 |
+ |
return false; |
|
63 |
+ |
} |
|
64 |
+ |
} |
|
65 |
+ |
|
|
66 |
+ |
public static function getUserByToken($token, $conn) { |
|
67 |
+ |
try { |
|
68 |
+ |
//$queryToken = "SELECT id FROM utente WHERE token='".$token."'"; |
|
69 |
+ |
$queryToken = "SELECT id FROM utente WHERE token=:token"; |
|
70 |
+ |
$stmt = $conn->prepare($queryToken); |
|
71 |
+ |
$stmt->bindParam(':token', $token); |
|
72 |
+ |
$result = $stmt->execute(); |
|
73 |
+ |
return ($stmt->rowCount()>0) ? $stmt->fetchColumn() : -1; |
|
74 |
+ |
} catch (PDOException $e) { |
|
75 |
+ |
echo $e->getMessage(); |
|
76 |
+ |
return -1; |
|
77 |
+ |
} |
|
78 |
+ |
} |
|
79 |
+ |
|
35 |
80 |
|
public function registerUser($user, $password) { |
36 |
81 |
|
$status = array(); |
37 |
82 |
|
|
|
@@ -56,18 +101,33 @@ |
56 |
101 |
|
$hashedPwd = password_hash($password, PASSWORD_DEFAULT); |
57 |
102 |
|
$newToken = sha1($user->username.session_id().time()); |
58 |
103 |
|
|
59 |
|
- |
$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token) |
|
104 |
+ |
/*$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token) |
60 |
105 |
|
VALUES ('".$user->username."', |
61 |
106 |
|
'".$hashedPwd."', |
62 |
107 |
|
'".$user->nome."', |
63 |
108 |
|
'".$user->cognome."', |
64 |
109 |
|
'".$user->cell."', |
65 |
110 |
|
'".$user->email."', |
66 |
|
- |
'".$newToken."')"; |
|
111 |
+ |
'".$newToken."')";*/ |
67 |
112 |
|
|
68 |
|
- |
//echo "<br/>".$query."<br/>"; |
|
113 |
+ |
//echo "<br/>".$query."<br/>"; |
|
114 |
+ |
|
|
115 |
+ |
$query = "INSERT INTO utente(username, password, nome, cognome, cell, email, token) |
|
116 |
+ |
VALUES (:username, :password, :nome, :cognome, :cell, :email, :token)"; |
69 |
117 |
|
|
70 |
|
- |
$this->db->exec($query); |
|
118 |
+ |
$stmt = $this->db->prepare($query); |
|
119 |
+ |
|
|
120 |
+ |
$stmt->bindParam(':username', $user->username); |
|
121 |
+ |
$stmt->bindParam(':password', $hashedPwd); |
|
122 |
+ |
$stmt->bindParam(':nome', $user->nome); |
|
123 |
+ |
$stmt->bindParam(':cognome', $user->cognome); |
|
124 |
+ |
$stmt->bindParam(':cell', $user->cell); |
|
125 |
+ |
$stmt->bindParam(':email', $user->email); |
|
126 |
+ |
$stmt->bindParam(':token', $newToken); |
|
127 |
+ |
|
|
128 |
+ |
$result = $stmt->execute(); |
|
129 |
+ |
|
|
130 |
+ |
//$this->db->exec($query); |
71 |
131 |
|
$status["id"] = $this->db->lastInsertId(); |
72 |
132 |
|
$status["return"] = 0; |
73 |
133 |
|
$status["token"] = $newToken; |
|
@@ -88,14 +148,22 @@ |
88 |
148 |
|
$status = array(); |
89 |
149 |
|
|
90 |
150 |
|
try { |
91 |
|
- |
$query = "SELECT id, password, email, is_owner FROM utente WHERE username='".$username."' AND is_active=1"; |
|
151 |
+ |
//$query = "SELECT id, password, email, is_owner FROM utente WHERE username='".$username."' AND is_active=1"; |
|
152 |
+ |
|
|
153 |
+ |
$query = "SELECT id, password, email, is_owner FROM utente WHERE username=:username AND is_active=1"; |
92 |
154 |
|
|
93 |
155 |
|
if ($is_admin) { |
94 |
156 |
|
$query = $query." AND is_admin=1"; |
95 |
157 |
|
} |
96 |
158 |
|
|
97 |
|
- |
$result = $this->db->query($query); |
98 |
|
- |
$row = ($result->rowCount()>0) ? $result->fetch() : null; |
|
159 |
+ |
$stmt = $this->db->prepare($query); |
|
160 |
+ |
$stmt->bindParam(':username', $username); |
|
161 |
+ |
$result = $stmt->execute(); |
|
162 |
+ |
|
|
163 |
+ |
/*$result = $this->db->query($query); |
|
164 |
+ |
$row = ($result->rowCount()>0) ? $result->fetch() : null;*/ |
|
165 |
+ |
|
|
166 |
+ |
$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null; |
99 |
167 |
|
|
100 |
168 |
|
if (is_null($row)) { |
101 |
169 |
|
$status = createErrorMessage(1, "Username non valido"); |
|
@@ -111,13 +179,20 @@ |
111 |
179 |
|
//$newToken = sha1($row["email"].session_id().time()); |
112 |
180 |
|
$newToken = sha1($username.session_id().time()); |
113 |
181 |
|
|
114 |
|
- |
$queryToken = "UPDATE utente |
|
182 |
+ |
/*$queryToken = "UPDATE utente |
115 |
183 |
|
SET token='".$newToken."' |
116 |
|
- |
WHERE id=".$row["id"]; |
|
184 |
+ |
WHERE id=".$row["id"];*/ |
117 |
185 |
|
|
118 |
186 |
|
//echo "<br/>".$queryToken."<br/>"; |
119 |
187 |
|
|
120 |
|
- |
$this->db->exec($queryToken); |
|
188 |
+ |
$queryToken = "UPDATE utente SET token=:token WHERE id=:id"; |
|
189 |
+ |
|
|
190 |
+ |
//$this->db->exec($queryToken); |
|
191 |
+ |
|
|
192 |
+ |
$stmt = $this->db->prepare($queryToken); |
|
193 |
+ |
$stmt->bindParam(':token', $newToken); |
|
194 |
+ |
$stmt->bindParam(':id', $row["id"]); |
|
195 |
+ |
$stmt->execute(); |
121 |
196 |
|
|
122 |
197 |
|
$status["return"] = 0; |
123 |
198 |
|
$status["is_owner"] = $row["is_owner"]; |
|
@@ -140,13 +215,19 @@ |
140 |
215 |
|
public function logoutUser($user_id) { |
141 |
216 |
|
$status = array(); |
142 |
217 |
|
try { |
143 |
|
- |
$queryToken = "UPDATE utente |
|
218 |
+ |
/*$queryToken = "UPDATE utente |
144 |
219 |
|
SET token = '' |
145 |
|
- |
WHERE id=".$user_id; |
|
220 |
+ |
WHERE id=".$user_id;*/ |
146 |
221 |
|
|
147 |
222 |
|
//echo "<br/>".$queryToken."<br/>"; |
148 |
223 |
|
|
149 |
|
- |
$this->db->exec($queryToken); |
|
224 |
+ |
$queryToken = "UPDATE utente SET token='' WHERE id=:id"; |
|
225 |
+ |
|
|
226 |
+ |
//$this->db->exec($queryToken); |
|
227 |
+ |
|
|
228 |
+ |
$stmt = $this->db->prepare($queryToken); |
|
229 |
+ |
$stmt->bindParam(':id', $user_id); |
|
230 |
+ |
$stmt->execute(); |
150 |
231 |
|
|
151 |
232 |
|
$status["return"] = 0; |
152 |
233 |
|
return $status; |
|
@@ -195,18 +276,36 @@ |
195 |
276 |
|
$u_last_name = $graphObject->getProperty('last_name'); |
196 |
277 |
|
$u_email = $graphObject->getProperty('email'); |
197 |
278 |
|
|
198 |
|
- |
$sql = "SELECT id, username FROM utente WHERE email='".$user_email."'"; |
|
279 |
+ |
//$sql = "SELECT id, username FROM utente WHERE email='".$user_email."'"; |
|
280 |
+ |
$sql = "SELECT id, username FROM utente WHERE email=:email"; |
|
281 |
+ |
|
|
282 |
+ |
//$result = $this->db->query($sql); |
199 |
283 |
|
|
200 |
|
- |
$result = $this->db->query($sql); |
201 |
|
- |
$row = ($result->rowCount()>0) ? $result->fetch() : null; |
|
284 |
+ |
$stmt = $this->db->prepare($sql); |
|
285 |
+ |
$stmt->bindParam(':email', $user_email); |
|
286 |
+ |
$stmt->execute(); |
|
287 |
+ |
|
|
288 |
+ |
$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null; |
202 |
289 |
|
|
203 |
290 |
|
if (!is_null($row)) { //utente già esistente |
204 |
291 |
|
|
205 |
|
- |
$sql = "UPDATE utente |
|
292 |
+ |
/*$sql = "UPDATE utente |
206 |
293 |
|
SET nome='".$u_first_name."', cognome='".$u_last_name."', email='".$u_email."', token='".$fb_token."' |
207 |
|
- |
WHERE id=".$row["id"]; |
|
294 |
+ |
WHERE id=".$row["id"];*/ |
|
295 |
+ |
|
|
296 |
+ |
$sql = "UPDATE utente |
|
297 |
+ |
SET nome=:nome, cognome=:cognome, email=:email, token=:token |
|
298 |
+ |
WHERE id=:id"; |
208 |
299 |
|
|
209 |
|
- |
$this->db->exec($sql); |
|
300 |
+ |
$stmt = $this->db->prepare($sql); |
|
301 |
+ |
$stmt->bindParam(':nome', $u_first_name); |
|
302 |
+ |
$stmt->bindParam(':cognome', $u_last_name); |
|
303 |
+ |
$stmt->bindParam(':email', $u_email); |
|
304 |
+ |
$stmt->bindParam(':token', $fb_token); |
|
305 |
+ |
$stmt->bindParam(':id', $row["id"]); |
|
306 |
+ |
$stmt->execute(); |
|
307 |
+ |
|
|
308 |
+ |
//$this->db->exec($sql); |
210 |
309 |
|
$status["id"] = $row["id"]; |
211 |
310 |
|
$status["username"] = $row["username"]; |
212 |
311 |
|
|
|
@@ -222,12 +321,24 @@ |
222 |
321 |
|
fputs($file, $fb_avatar_data); |
223 |
322 |
|
fclose($file); |
224 |
323 |
|
|
225 |
|
- |
$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar) |
226 |
|
- |
VALUES ('".$u_first_name."','".$u_last_name."','".$u_email."','".$fb_token."','".$username."','".$image_filename."')"; |
|
324 |
+ |
/*$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar) |
|
325 |
+ |
VALUES ('".$u_first_name."','".$u_last_name."','".$u_email."','".$fb_token."','".$username."','".$image_filename."')";*/ |
227 |
326 |
|
|
228 |
327 |
|
//echo "<br/>".$sql."<br/>"; |
229 |
328 |
|
|
230 |
|
- |
$this->db->exec($sql); |
|
329 |
+ |
$sql = "INSERT INTO utente (nome,cognome,email,token,username,avatar) |
|
330 |
+ |
VALUES (:nome,:cognome,:email,:token,:username,:avatar)"; |
|
331 |
+ |
|
|
332 |
+ |
$stmt = $this->db->prepare($sql); |
|
333 |
+ |
$stmt->bindParam(':nome', $u_first_name); |
|
334 |
+ |
$stmt->bindParam(':cognome', $u_last_name); |
|
335 |
+ |
$stmt->bindParam(':email', $u_email); |
|
336 |
+ |
$stmt->bindParam(':token', $fb_token); |
|
337 |
+ |
$stmt->bindParam(':username', $username); |
|
338 |
+ |
$stmt->bindParam(':avatar', $image_filename); |
|
339 |
+ |
$stmt->execute(); |
|
340 |
+ |
|
|
341 |
+ |
//$this->db->exec($sql); |
231 |
342 |
|
$status["id"] = $this->db->lastInsertId(); |
232 |
343 |
|
$status["username"] = $username; |
233 |
344 |
|
|
|
@@ -265,14 +376,20 @@ |
265 |
376 |
|
public function getAvatar($user_id) { |
266 |
377 |
|
$status = array(); |
267 |
378 |
|
try { |
268 |
|
- |
$query = "SELECT avatar FROM utente WHERE id='".$user_id."'"; |
269 |
|
- |
$result = $this->db->query($query); |
270 |
|
- |
$row = ($result->rowCount()>0) ? $result->fetch() : null; |
|
379 |
+ |
//$query = "SELECT avatar FROM utente WHERE id='".$user_id."'"; |
|
380 |
+ |
$query = "SELECT avatar FROM utente WHERE id=:id"; |
|
381 |
+ |
|
|
382 |
+ |
$stmt = $this->db->prepare($query); |
|
383 |
+ |
$stmt->bindParam(':id', $user_id); |
|
384 |
+ |
$result = $stmt->execute(); |
|
385 |
+ |
|
|
386 |
+ |
//$result = $this->db->query($query); |
|
387 |
+ |
$row = ($stmt->rowCount()>0) ? $stmt->fetch() : null; |
271 |
388 |
|
|
272 |
389 |
|
if (!is_null($row)) { |
273 |
390 |
|
$status["return"] = 0; |
274 |
391 |
|
$status["id"] = $user_id; |
275 |
|
- |
$status["avatar"] = IMAGE_SERVER.AVATAR_PATH.$row["avatar"]; |
|
392 |
+ |
$status["avatar"] = ($row["avatar"] != "") ? IMAGE_SERVER.AVATAR_PATH.$row["avatar"] : ""; |
276 |
393 |
|
} else { |
277 |
394 |
|
$status = createErrorMessage(1, "User ID non disponibile"); |
278 |
395 |
|
//$status["return"] = 1; |
|
@@ -296,13 +413,20 @@ |
296 |
413 |
|
$status = array(); |
297 |
414 |
|
|
298 |
415 |
|
try { |
299 |
|
- |
$query = "UPDATE utente |
|
416 |
+ |
/*$query = "UPDATE utente |
300 |
417 |
|
SET avatar='".$avatar_url."' |
301 |
|
- |
WHERE id=".$user_id; |
|
418 |
+ |
WHERE id=".$user_id;*/ |
|
419 |
+ |
|
|
420 |
+ |
//echo "<br/>".$query."<br/>"; |
302 |
421 |
|
|
303 |
|
- |
//echo "<br/>".$query."<br/>"; |
|
422 |
+ |
$query = "UPDATE utente SET avatar=:avatar WHERE id=:id"; |
304 |
423 |
|
|
305 |
|
- |
$this->db->exec($query); |
|
424 |
+ |
$stmt = $this->db->prepare($query); |
|
425 |
+ |
$stmt->bindParam(':avatar', $avatar_url); |
|
426 |
+ |
$stmt->bindParam(':id', $user_id); |
|
427 |
+ |
$stmt->execute(); |
|
428 |
+ |
|
|
429 |
+ |
//$this->db->exec($query); |
306 |
430 |
|
$status["return"] = 0; |
307 |
431 |
|
$status["avatar_name"] = $avatar_url; |
308 |
432 |
|
return $status; |
|
@@ -317,34 +441,53 @@ |
317 |
441 |
|
|
318 |
442 |
|
public function editUser($user) { //$user è l'oggetto Utente |
319 |
443 |
|
$status = array(); |
|
444 |
+ |
$array_params = array(); |
320 |
445 |
|
|
321 |
446 |
|
try { |
322 |
447 |
|
|
323 |
448 |
|
$setString = ""; |
324 |
449 |
|
|
325 |
450 |
|
if (isset($user->nome) && !is_null($user->nome)) { |
326 |
|
- |
$setString = ($setString == "") ? "nome='".$user->nome."'" : $setString.",nome='".$user->nome."'"; |
|
451 |
+ |
//$setString = ($setString == "") ? "nome='".$user->nome."'" : $setString.",nome='".$user->nome."'"; |
|
452 |
+ |
$setString = ($setString == "") ? "nome=:nome" : $setString.",nome=:nome"; |
|
453 |
+ |
$array_params[":nome"] = $user->nome; |
327 |
454 |
|
} |
328 |
455 |
|
|
329 |
456 |
|
if (isset($user->cognome) && !is_null($user->cognome)) { |
330 |
|
- |
$setString = ($setString == "") ? "cognome='".$user->cognome."'" : $setString.",cognome='".$user->cognome."'"; |
|
457 |
+ |
//$setString = ($setString == "") ? "cognome='".$user->cognome."'" : $setString.",cognome='".$user->cognome."'"; |
|
458 |
+ |
$setString = ($setString == "") ? "cognome=:cognome" : $setString.",cognome=:cognome"; |
|
459 |
+ |
$array_params[":cognome"] = $user->cognome; |
331 |
460 |
|
} |
332 |
461 |
|
|
333 |
462 |
|
if (isset($user->cell) && !is_null($user->cell)) { |
334 |
|
- |
$setString = ($setString == "") ? "cell='".$user->cell."'" : $setString.",cell='".$user->cell."'"; |
|
463 |
+ |
//$setString = ($setString == "") ? "cell='".$user->cell."'" : $setString.",cell='".$user->cell."'"; |
|
464 |
+ |
$setString = ($setString == "") ? "cell=:cell" : $setString.",cell=:cell"; |
|
465 |
+ |
$array_params[":cell"] = $user->cell; |
335 |
466 |
|
} |
336 |
467 |
|
|
337 |
468 |
|
if (isset($user->email) && !is_null($user->email)) { |
338 |
|
- |
$setString = ($setString == "") ? "email='".$user->email."'" : $setString.",email='".$user->email."'"; |
|
469 |
+ |
//$setString = ($setString == "") ? "email='".$user->email."'" : $setString.",email='".$user->email."'"; |
|
470 |
+ |
$setString = ($setString == "") ? "email=:email" : $setString.",email=:email"; |
|
471 |
+ |
$array_params[":email"] = $user->email; |
339 |
472 |
|
} |
340 |
473 |
|
|
341 |
|
- |
$query = "UPDATE utente |
|
474 |
+ |
/*$query = "UPDATE utente |
|
475 |
+ |
SET ".$setString." |
|
476 |
+ |
WHERE id=".$user->id;*/ |
|
477 |
+ |
|
|
478 |
+ |
//echo "<br/>".$query."<br/>"; |
|
479 |
+ |
|
|
480 |
+ |
//$this->db->exec($query); |
|
481 |
+ |
|
|
482 |
+ |
$query = "UPDATE utente |
342 |
483 |
|
SET ".$setString." |
343 |
|
- |
WHERE id=".$user->id; |
|
484 |
+ |
WHERE id=:id"; |
|
485 |
+ |
|
|
486 |
+ |
$array_params[":id"] = $user->id; |
344 |
487 |
|
|
345 |
|
- |
//echo "<br/>".$query."<br/>"; |
|
488 |
+ |
$stmt = $this->db->prepare($query); |
|
489 |
+ |
$stmt->execute($array_params); |
346 |
490 |
|
|
347 |
|
- |
$this->db->exec($query); |
348 |
491 |
|
$status["return"] = 0; |
349 |
492 |
|
|
350 |
493 |
|
} catch (PDOException $e) { |
|
@@ -360,12 +503,32 @@ |
360 |
503 |
|
|
361 |
504 |
|
public function deleteUser($user_id) { |
362 |
505 |
|
$status = array(); |
363 |
|
- |
$query = "UPDATE utente,locale |
|
506 |
+ |
/*$query = "UPDATE utente,locale |
364 |
507 |
|
SET utente.is_active=0, utente.token='', locale.hidden=1 |
365 |
|
- |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id; |
|
508 |
+ |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/ |
|
509 |
+ |
|
|
510 |
+ |
$queryUtente = "UPDATE utente |
|
511 |
+ |
SET is_active=0, token='' |
|
512 |
+ |
WHERE id=:id_utente"; |
366 |
513 |
|
|
367 |
514 |
|
try { |
368 |
|
- |
$this->db->exec($query); |
|
515 |
+ |
$stmt = $this->db->prepare($queryUtente); |
|
516 |
+ |
$stmt->bindParam(':id_utente', $user_id); |
|
517 |
+ |
$resultUtente = $stmt->execute(); |
|
518 |
+ |
|
|
519 |
+ |
if ($resultUtente) { |
|
520 |
+ |
$queryLocale = "UPDATE locale |
|
521 |
+ |
SET hidden=1 |
|
522 |
+ |
WHERE id_utente_owner=:id_utente_owner"; |
|
523 |
+ |
|
|
524 |
+ |
$stmt = $this->db->prepare($queryLocale); |
|
525 |
+ |
$stmt->bindParam(':id_utente_owner', $user_id); |
|
526 |
+ |
$stmt->execute(); |
|
527 |
+ |
} else { |
|
528 |
+ |
$status = createErrorMessage(1, "Errore DB"); |
|
529 |
+ |
return $status; |
|
530 |
+ |
} |
|
531 |
+ |
//$this->db->exec($query); |
369 |
532 |
|
$status["return"] = 0; |
370 |
533 |
|
return $status; |
371 |
534 |
|
} catch (PDOException $e) { |
|
@@ -378,12 +541,33 @@ |
378 |
541 |
|
|
379 |
542 |
|
public function enableUser($user_id) { |
380 |
543 |
|
$status = array(); |
381 |
|
- |
$query = "UPDATE utente,locale |
|
544 |
+ |
/*$query = "UPDATE utente,locale |
382 |
545 |
|
SET utente.is_active=1, locale.hidden=0 |
383 |
|
- |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id; |
|
546 |
+ |
WHERE utente.id=".$user_id." AND locale.id_utente_owner=".$user_id;*/ |
|
547 |
+ |
|
|
548 |
+ |
$queryUtente = "UPDATE utente |
|
549 |
+ |
SET is_active=1 |
|
550 |
+ |
WHERE id=:id_utente"; |
384 |
551 |
|
|
385 |
552 |
|
try { |
386 |
|
- |
$this->db->exec($query); |
|
553 |
+ |
$stmt = $this->db->prepare($queryUtente); |
|
554 |
+ |
$stmt->bindParam(':id_utente', $user_id); |
|
555 |
+ |
$resultUtente = $stmt->execute(); |
|
556 |
+ |
|
|
557 |
+ |
if ($resultUtente) { |
|
558 |
+ |
$queryLocale = "UPDATE locale |
|
559 |
+ |
SET hidden=0 |
|
560 |
+ |
WHERE id_utente_owner=:id_utente_owner"; |
|
561 |
+ |
|
|
562 |
+ |
$stmt = $this->db->prepare($queryLocale); |
|
563 |
+ |
$stmt->bindParam(':id_utente_owner', $user_id); |
|
564 |
+ |
$stmt->execute(); |
|
565 |
+ |
} else { |
|
566 |
+ |
$status = createErrorMessage(1, "Errore DB"); |
|
567 |
+ |
return $status; |
|
568 |
+ |
} |
|
569 |
+ |
|
|
570 |
+ |
//$this->db->exec($query); |
387 |
571 |
|
$status["return"] = 0; |
388 |
572 |
|
return $status; |
389 |
573 |
|
} catch (PDOException $e) { |