microblogED/src/DB/User.php

<?php

namespace Blog\DB;

use Blog\DB\DB;

class User extends DB
{
    public function checkUserPass($user, $pass)
    {
        // TODO : SQL injection attack!
        $sql = "SELECT count(*) as count FROM users WHERE username = '" . $user . "' AND password = '" . $pass . "';";
        $ret = $this->query($sql);
        $rows = $ret->fetchArray(SQLITE3_ASSOC);
        $rowcount = $rows['count'];
        if ($rowcount == 1) {
            return true;
        } else {
            return false;
        }
    }
}