diff options
author | Tom Smeding <tom@tomsmeding.com> | 2021-02-27 17:39:46 +0100 |
---|---|---|
committer | Tom Smeding <tom@tomsmeding.com> | 2021-02-27 17:49:10 +0100 |
commit | 1e1cd7ce0aa362a0a2a20a764145035be911673d (patch) | |
tree | d4a4860c90a8bc408954871ff55c441dad543cd0 /db.c | |
parent | e7a188d9f8cd105485c5362f525cdd614c03dd3c (diff) |
server: Restrict is_online to only query users you know about
Diffstat (limited to 'db.c')
-rw-r--r-- | db.c | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -453,6 +453,24 @@ bool db_delete_token(i64 userid,const char *token){ return success; } +bool db_user_knows_user(i64 userid1, i64 userid2) { + assert(userid1 != -1 && userid2 != -1); + static sqlite3_stmt *stmt = NULL; + if (!stmt) { + SQLITE(prepare_v2, database, + "select count(*) > 0 " + "from Members as A, Members as B " + "where A.room = B.room and A.user = ? and B.user = ?" + ,-1, &stmt, NULL); + } + SQLITE(bind_int64, stmt, 1, userid1); + SQLITE(bind_int64, stmt, 2, userid2); + assert(sqlite3_step(stmt) == SQLITE_ROW); + bool found = sqlite3_column_int(stmt, 0) == 1; + reset_stmt(stmt); + return found; +} + i64 db_create_message(i64 roomid,i64 userid,i64 timestamp,i64 replyid,const char *message){ static sqlite3_stmt *stmt = NULL; |