function insert_new_sequencia($dbh) { $query = 'SELECT contador_sequencia, userid FROM sequencia ORDER BY contador_sequencia DESC LIMIT 1;'; $sth = $dbh->prepare($query); $sth->execute(); if ($sth->rowCount()) { $row = $sth->fetch(PDO::FETCH_ASSOC); $new_contador_sequencia = $row['contador_sequencia'] + 1; $query = 'INSERT INTO sequencia (contador_sequencia, moment, userid) VALUES (?, ?, ?);'; $sth = $dbh->prepare($query); $sth->execute(array($new_contador_sequencia, get_curr_timestamp(), $row['userid'])); return $new_contador_sequencia; } return null; }
require_once 'appfunctions.php'; if (!is_logged_in()) { if (!isset($username)) { $username = ''; } if (isset($_POST['submit'])) { if ($_POST['username'] != '' && user_exists($_POST['username'])) { // User is not logged in and tried to login $dbh = get_database_handler(); $query = 'SELECT userid, email FROM utilizador WHERE email=? AND BINARY password=? LIMIT 1;'; $sth = $dbh->prepare($query); $userid = null; try { // not our fault, the provided database stores passwords in plain text $sth->execute(array($_POST['username'], $_POST['password'])); $login_timestamp = get_curr_timestamp(); if ($sth->rowCount()) { // Login success $row = $sth->fetch(PDO::FETCH_ASSOC); // NOTE: what if userid changes in between queries? Make a TRANSACTION? $userid = $row['userid']; $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['email']; setcookie('userid', $row['userid'], time() + 60 * 60 * 24 * 30); // expires in 30 days setcookie('username', $row['email'], time() + 60 * 60 * 24 * 30); // expires in 30 days if ($userid != null) { // this should always be executed, in this block, just a sanity check log_login_attempt($userid, 1, $login_timestamp); }
function update_sequencia_table($dbh) { $query = "SELECT contador_sequencia FROM sequencia ORDER BY contador_sequencia DESC LIMIT 1"; $sth = $dbh->prepare($query); $sth->execute(); if ($sth->rowCount()) { $row = $sth->fetch(PDO::FETCH_ASSOC); $cnt_seq = $row['contador_sequencia'] + 1; } else { // Table empty, use id 1 $cnt_seq = 1; } $query = "INSERT INTO sequencia(contador_sequencia, moment, userid) VALUES(?, ?, ?);"; $timestamp = get_curr_timestamp(); $userid = get_logged_in_userid(); // TODO: null check $sth = $dbh->prepare($query); $sth->execute(array($cnt_seq, $timestamp, $userid)); return $cnt_seq; }