From ca6c953818e8d34f3c703a0e1083236478f70446 Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Fri, 4 Jul 2014 11:52:11 +0200
Subject: [PATCH] Fix the other queries too

---
 includes/misc.inc.php    | 21 +++++++++++++++++----
 includes/session.inc.php |  5 ++++-
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/includes/misc.inc.php b/includes/misc.inc.php
index d1a7542..9e9e517 100644
--- a/includes/misc.inc.php
+++ b/includes/misc.inc.php
@@ -30,9 +30,16 @@ function get_all_users() {
 
 function get_pw($username) {
     $db = get_db();
-    $pw = $db->querySingle("SELECT password FROM users WHERE emailaddress = '".$username."'");
+    $q = $db->prepare('SELECT password FROM users WHERE emailaddress = ? LIMIT 1');
+    $q->bindValue(1, $username, SQLITE_TEXT);
+    $result = $q->execute();
+    $pw = $result->fetchArray(SQLITE3_ASSOC);
     $db->close();
-    return $pw;
+    if (isset($pw['password'])) {
+        return $pw['password'];
+    }
+
+    return FALSE;
 }
 
 function add_user($username, $isadmin = '0', $password = FALSE) {
@@ -44,7 +51,11 @@ function add_user($username, $isadmin = '0', $password = FALSE) {
     }
 
     $db = get_db();
-    $ret = $db->exec("INSERT OR REPLACE INTO users (emailaddress, password, isadmin) VALUES ('".$username."', '".$password."', $isadmin)");
+    $q = $db->prepare('INSERT OR REPLACE INTO users (emailaddress, password, isadmin) VALUES (?, ?, ?)');
+    $q->bindValue(1, $username, SQLITE3_TEXT);
+    $q->bindValue(2, $password, SQLITE3_TEXT);
+    $q->bindValue(3, $isadmin, SQLITE3_INTEGER);
+    $ret = $q->execute();
     $db->close();
 
     return $ret;
@@ -52,7 +63,9 @@ function add_user($username, $isadmin = '0', $password = FALSE) {
 
 function delete_user($id) {
     $db = get_db();
-    $ret = $db->exec("DELETE FROM users WHERE id = $id");
+    $q = $db->prepare('DELETE FROM users WHERE id = ?');
+    $q->bindValue(1, $id, SQLITE3_INTEGER);
+    $ret = $q->execute();
     $db->close();
 
     return $ret;
diff --git a/includes/session.inc.php b/includes/session.inc.php
index d28f8a8..8357e6a 100644
--- a/includes/session.inc.php
+++ b/includes/session.inc.php
@@ -44,7 +44,10 @@ function try_login() {
             return FALSE;
         }
         $db = get_db();
-        $userinfo = $db->querySingle("SELECT * FROM users WHERE emailaddress = '".$_POST['username']."'", 1);
+        $q = $db->prepare('SELECT * FROM users WHERE emailaddress = ?');
+        $q->bindValue(1, $_POST['username']);
+        $result = $q->execute();
+        $userinfo = $result->fetchArray(SQLITE3_ASSOC);
         if (isset($userinfo['password']) and (crypt($_POST['password'], $userinfo['password']) == $userinfo['password'])) {
             set_logged_in($_POST['username']);
             if (isset($userinfo['isadmin']) && $userinfo['isadmin'] == 1) {