fixed excape

2014-04-26 16:02:17 -07:00 · 2014-04-26 16:02:17 -07:00 · ec0581f896
commit ec0581f896
parent f9eb57acd2
1 changed files with 8 additions and 11 deletions
--- a/include/library/Crunchbutton/Admin/Auth.php
+++ b/include/library/Crunchbutton/Admin/Auth.php
@ -8,17 +8,14 @@ class Crunchbutton_Admin_Auth extends Cana_Model {

 	public static function localLogin($email, $password) {
 		$password = self::passwordEncrypt($password);
-		$query = sprintf('
-			SELECT * 
-			FROM admin
-			WHERE
-				login="%s"
-				AND pass="%s"
-				AND active=1
-				LIMIT 1',
-			@mysql_real_escape_string($email),
-			@mysql_real_escape_string($password)
-		);
+		$query = '
+                        SELECT *
+                        FROM admin
+                        WHERE
+                             	login="'.c::db()->escape($email).'"
+                                AND pass="'.c::db()->escape($password).'"
+                                AND active=1
+                                LIMIT 1';

 		return Admin::q($query)->get(0);