From 7f2656078956a17733831178c69b92eb9c01386e Mon Sep 17 00:00:00 2001
From: Adrien Morais <amorais@centreon.com>
Date: Wed, 10 Jul 2019 14:04:41 +0200
Subject: [PATCH] fix(ui): take feedbacks into account and rebase

---
 www/api/class/centreon_topcounter.class.php | 43 ++++++++++-----------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/www/api/class/centreon_topcounter.class.php b/www/api/class/centreon_topcounter.class.php
index 3fb3a56b929..44b3f40e128 100755
--- a/www/api/class/centreon_topcounter.class.php
+++ b/www/api/class/centreon_topcounter.class.php
@@ -191,8 +191,6 @@ public function putAutoLoginToken()
      */
     public function getUser()
     {
-        $enableAutoLogin = false;
-        $enableAutoLoginShortcut = false;
         $autoLoginKey = null;
 
         if (!isset($_SESSION['centreon'])) {
@@ -209,40 +207,42 @@ public function getUser()
         }
 
         /* Is the autologin feature enabled ? */
-        $query = 'SELECT value FROM options WHERE options.key = "enable_autologin"';
-
         try {
-            $res = $this->pearDB->query($query);
+            $res = $this->pearDB->query(
+                'SELECT value FROM options WHERE options.key = "enable_autologin"'
+            );
         } catch (\Exception $e) {
             throw new \RestInternalServerErrorException('Error getting the user.');
         }
 
-        if ($row = $res->fetch()) {
-            $enableAutoLogin = $row['value'] == '1' ? true : false;
-        }
-
-	    /* Do we need to display the autologin shortcut ? */
-        $query = 'SELECT value FROM options WHERE options.key = "display_autologin_shortcut"';
+        $rowEnableShortcut = $res->fetch();
 
+        /* Do we need to display the autologin shortcut ? */
         try {
-            $res = $this->pearDB->query($query);
+            $res = $this->pearDB->query(
+                'SELECT value FROM options WHERE options.key = "display_autologin_shortcut"'
+            );
         } catch (\Exception $e) {
             throw new \RestInternalServerErrorException('Error getting the user.');
         }
 
-        if ($row = $res->fetch()) {
-            $enableAutoLoginShortcut = $row['value'] == '1' ? true : false;
-        }
+        $rowEnableAutoLogin = $res->fetch();
 
         /* If the autologin feature is enabled then fetch the autologin key
          * And display the shortcut if the option is enabled
          */
-        if ($enableAutoLogin && $enableAutoLoginShortcut) {
+        if (isset($rowEnableAutoLogin['value'])
+            && isset($rowEnableShortcut['value'])
+            && $rowEnableAutoLogin['value'] === '1'
+            && $rowEnableShortcut['value'] === '1'
+            ) {
             /* Get autologinkey */
-            $query = 'SELECT contact_autologin_key FROM contact WHERE contact_id = ' . (int)$user->user_id;
-
             try {
-                $res = $this->pearDB->query($query);
+                $res = $this->pearDB->prepare(
+                    $query = 'SELECT contact_autologin_key FROM contact WHERE contact_id = :userID'
+                );
+                $res->bindValue(':userId',  (int)$user->user_id, \PDO::PARAM_INT);
+                $res->execute();
             } catch (\Exception $e) {
                 throw new \RestInternalServerErrorException('Error getting the user.');
             }
@@ -251,9 +251,8 @@ public function getUser()
                 throw new \RestUnauthorizedException('User does not exists.');
             }
 
-            if ($row = $res->fetch()) {
-                $autoLoginKey = $row['contact_autologin_key'];
-            }
+            $row = $res->fetch();
+            $autoLoginKey = $row['contact_autologin_key'];
         }
 
         return array(