|
@@ -4,16 +4,16 @@
|
|
|
require_once(PATH_PHP.'security.php');
|
|
|
$mysqli = $GLOBALS['mysqli'];
|
|
|
function addUser($username,$password,$email){
|
|
|
- $mysqli = $GLOBALS['mysqli'];
|
|
|
+ global $mysqli;
|
|
|
$salt = $mysqli->escape_string(salt());
|
|
|
$email = $mysqli->escape_string($email);
|
|
|
$username = $mysqli->escape_string($username);
|
|
|
$hash = $mysqli->escape_string(saltedHash($password,$salt));
|
|
|
- return $mysqli->query("INSERT INTO `".get("database")."`.`users` (email,name,password,salt) VALUES ('{$email}','{$username}','{$hash}','{$salt}')");
|
|
|
+ return query("INSERT INTO `users` (email,name,password,salt) VALUES ('%s','%s','%s','%s')",Array($email,$username,$hash,$salt));
|
|
|
}
|
|
|
function login($username,$password){
|
|
|
- $mysqli = $GLOBALS['mysqli'];
|
|
|
- if($res = $mysqli->query("SELECT name,password,salt FROM `".get("database")."`.`users` WHERE name = '{$username}'")){
|
|
|
+ global $mysqli;
|
|
|
+ if($res = query("SELECT name,password,salt FROM `users` WHERE name = '%s'",Array($username))){
|
|
|
if($res->num_rows == 1){
|
|
|
$row = $res->fetch_assoc();
|
|
|
if(compareSaltedHash($password,$row['salt'],$row['password'])){
|
|
@@ -24,7 +24,7 @@
|
|
|
return false;
|
|
|
}
|
|
|
function isUser($name){
|
|
|
- if(query("SELECT id FROM `".get('database')."`.`users` WHERE name='%s'",Array($name))){
|
|
|
+ if(query("SELECT id FROM `users` WHERE name='%s'",Array($name))){
|
|
|
return true;
|
|
|
}else{
|
|
|
return false;
|