Start update to PDO instead of old mysql_ functions

1 files changed, 7 insertions, 7 deletions

diff --git a/lib/login.php b/lib/login.php
index 2ba954e..a58ee75 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -2,7 +2,7 @@
 
 require("conf/login.php");
 
-session_start($session_name);
+session_start();
 
 $priv = array(0 => "Anonymous", 1 => "Member", 2 => "Administrator");
 $user = array('id' => 0, 'name' => 'Anonymous', 'priv' => 0);
@@ -15,9 +15,9 @@ if (isset($_GET['logout'])) {
 }
 
 if (isset($_POST['login']) && isset($_POST['pw'])) {
-	$sql = sql("SELECT id FROM account ".
-		"WHERE login = '" . esc($_POST['login']) . "' AND password = PASSWORD('" . esc($_POST['pw']) . "')");
-	if ($util = mysql_fetch_assoc($sql)) {
+	$sql = sql("SELECT id FROM account WHERE login = ? AND password = PASSWORD(?)",
+				esc($_POST['login']), esc($_POST['pw']));
+	if ($util = $sql->fetch()) {
 		$_SESSION['user_id'] = intval($util['id']);
 	} else {
 		$error = "Wrong username or password.";
@@ -31,9 +31,9 @@ if (isset($_SESSION['user_id'])) {
 		$user = $_SESSION['user'];
 	} else {
 		$sql = sql("SELECT login AS name, id, priv ".
-			"FROM account ".
-			"WHERE id = " . $_SESSION['user_id']);
-		if ($util = mysql_fetch_assoc($sql)) {
+			"FROM account WHERE id = ?",
+			$_SESSION['user_id']);
+		if ($util = $sql->fetch()) {
 			$user['id'] = $_SESSION['user_id'];
 			$user['name'] = $util['name'];
 			$user['priv'] = $util['priv'];