41 |
if (post_username.size() > 0 || post_password.size() > 0) |
if (post_username.size() > 0 || post_password.size() > 0) |
42 |
{ |
{ |
43 |
|
|
44 |
std::stringstream sql; |
std::string sql; |
45 |
sql << "SELECT realname,useradmin FROM users WHERE username = '" << post_username << "' AND "; |
sql += "SELECT realname,useradmin FROM users WHERE username = :username AND "; |
46 |
sql << "password = '" << post_password << "' AND enabled=true"; |
sql += "password = :password AND enabled=true"; |
47 |
|
|
48 |
|
tntdb::Statement st = conn.prepare(sql); |
49 |
|
st.setString("username", post_username).setString("password", post_password); |
50 |
|
|
51 |
|
tntdb::Result res = st.select(); |
52 |
|
|
|
tntdb::Result res = conn.select(sql.str()); |
|
53 |
if (res.size() >0) |
if (res.size() >0) |
54 |
{ |
{ |
55 |
tntdb::Row row = res[0]; |
tntdb::Row row = res[0]; |