Changeset 38 for trunk/Application/UUser.pas
- Timestamp:
- Nov 13, 2010, 4:32:15 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Application/UUser.pas
r37 r38 52 52 begin 53 53 try 54 DbRows := Database.Query('SELECT * FROM `UserOnline` WHERE `SessionId`="' + 54 DbRows := TDbRows.Create; 55 Database.Query(DbRows, 'SELECT * FROM `UserOnline` WHERE `SessionId`="' + 55 56 HandlerData.Request.Cookies.Values['SessionId'] + '"'); 56 57 if DbRows.Count > 0 then begin … … 58 59 Id := StrToInt(DbRows[0].Values['Id']); 59 60 User := StrToInt(DbRows[0].Values['User']); 60 DbRows.Free; 61 DbRows := Database.Query('UPDATE `UserOnline` SET `ActivityTime` = NOW() WHERE `Id`=' + IntToStr(Id)); 61 Database.Query(DbRows, 'UPDATE `UserOnline` SET `ActivityTime` = NOW() WHERE `Id`=' + IntToStr(Id)); 62 62 end else begin 63 63 // Create new record 64 DbRows.Free; 65 DbRows := Database.Query('INSERT INTO `UserOnline` (`User`, `ActivityTime`, `SessionId`) ' + 64 Database.Query(DbRows, 'INSERT INTO `UserOnline` (`User`, `ActivityTime`, `SessionId`) ' + 66 65 'VALUES (1, NOW(), "' + HandlerData.Request.Cookies.Values['SessionId'] + '")'); 67 66 Id := Database.LastInsertId; … … 79 78 Logout; 80 79 try 81 DbRows := Database.Query('UPDATE `UserOnline` SET `User` = ' + IntToStr(User) + ', `LoginTime` = NOW() WHERE `SessionId`="' + 80 DbRows := TDbRows.Create; 81 Database.Query(DbRows, 'UPDATE `UserOnline` SET `User` = ' + IntToStr(User) + ', `LoginTime` = NOW() WHERE `SessionId`="' + 82 82 HandlerData.Request.Cookies.Values['SessionId'] + '"'); 83 83 finally … … 93 93 if Id = AnonymousUserId then Update; 94 94 if User <> AnonymousUserId then begin 95 DbRows := Database.Query('UPDATE `UserOnline` SET `User` = ' + IntToStr(AnonymousUserId) + ' WHERE `SessionId`="' + 96 HandlerData.Request.Cookies.Values['SessionId'] + '"'); 97 DbRows.Destroy; 95 try 96 DbRows := TDbRows.Create; 97 Database.Query(DbRows, 'UPDATE `UserOnline` SET `User` = ' + IntToStr(AnonymousUserId) + ' WHERE `SessionId`="' + 98 HandlerData.Request.Cookies.Values['SessionId'] + '"'); 99 finally 100 DbRows.Free; 101 end; 98 102 User := AnonymousUserId; 99 103 end; … … 103 107 104 108 procedure TWebUser.Delete(Id: Integer); 109 var 110 DbRows: TDbRows; 105 111 begin 106 Database.Query('DELETE FROM `User` WHERE `Id`=' + IntToStr(Id)); 112 try 113 DbRows := TDbRows.Create; 114 Database.Query(DbRows, 'DELETE FROM `User` WHERE `Id`=' + IntToStr(Id)); 115 finally 116 DbRows.Free; 117 end; 107 118 end; 108 119 … … 112 123 DbRows: TDbRows; 113 124 begin 114 DbRows := Database.Query('SELECT `Id` FROM `User` WHERE `Name`="' + Name + '"');115 125 try 126 DbRows := TDbRows.Create; 127 Database.Query(DbRows, 'SELECT `Id` FROM `User` WHERE `Name`="' + Name + '"'); 116 128 if DbRows.Count = 0 then begin 117 129 Salt := EncodeBase64(Copy(BinToHexString(SHA1(FloatToStr(Now))), 1, 8)); 118 Database.Query( 'INSERT INTO `User` (`Name`, `Password`, `Salt`, `Email`, `RegistrationTime`) VALUES ("' +130 Database.Query(DbRows, 'INSERT INTO `User` (`Name`, `Password`, `Salt`, `Email`, `RegistrationTime`) VALUES ("' + 119 131 Name + '", SHA1(CONCAT("' + Password + '", "' + Salt + '")), "' + Salt + 120 132 '", "' + Email + '", NOW())'); 121 133 end else raise EDuplicateItem.Create(SDuplicateUserItem); 122 134 finally 123 DbRows. Destroy;135 DbRows.Free; 124 136 end; 125 137 end; … … 129 141 DbRows: TDbRows; 130 142 begin 131 DbRows := Database.Query('SELECT `Id` FROM `User` WHERE `Name`="' + Name + '"');132 143 try 144 DbRows := TDbRows.Create; 145 Database.Query(DbRows, 'SELECT `Id` FROM `User` WHERE `Name`="' + Name + '"'); 133 146 if DbRows.Count = 1 then Result := StrToInt(DbRows[0].Items[0].Value) 134 147 else raise ENotFound.Create('User "' + Name + '" not found'); 135 148 finally 136 DBRows. Destroy;149 DBRows.Free; 137 150 end; 138 151 end; … … 142 155 DbRows: TDbRows; 143 156 begin 144 DbRows := Database.Query('SELECT `Id` FROM `User` WHERE `Name`="' + Name + '" AND ' +145 '`Password` = SHA1(CONCAT("' + Password + '", Salt))');146 157 try 158 DbRows := TDbRows.Create; 159 Database.Query(DbRows, 'SELECT `Id` FROM `User` WHERE `Name`="' + Name + '" AND ' + 160 '`Password` = SHA1(CONCAT("' + Password + '", Salt))'); 147 161 if DbRows.Count = 1 then Result := StrToInt(DbRows[0].Items[0].Value) 148 162 else raise ENotFound.Create('User "' + Name + '" not found'); 149 163 finally 150 DBRows. Destroy;164 DBRows.Free; 151 165 end; 152 166 end;
Note:
See TracChangeset
for help on using the changeset viewer.