@@ -8,6 +8,7 @@ class User extends DB | |||
{ | |||
public function checkUserPass($user, $pass) | |||
{ | |||
// TODO : SQL injection attack! | |||
$sql = "SELECT count(*) as count FROM users WHERE username = '" . $user . "' AND password = '" . $pass . "';"; | |||
$ret = $this->query($sql); | |||
$rows = $ret->fetchArray(SQLITE3_ASSOC); |