diff --git a/signalmaster/server.js b/signalmaster/server.js index 55f179d..d92b0dd 100644 --- a/signalmaster/server.js +++ b/signalmaster/server.js @@ -38,7 +38,12 @@ function safeCb(cb) { } function checkRoom(room,token,user,cb) { - var q = "SELECT `participant` FROM `room_participants` WHERE `participant`=" + sql.escape(user) + " AND `room_id` IN (SELECT `id` FROM `rooms` WHERE `name`=" + sql.escape(room) + " AND `token`=" + sql.escape(token) + ");"; + var q = 'SELECT `p`.`participant` FROM ' + + '`room_participants` `p`, `rooms` `r` ' + + 'WHERE `p`.`participant`=' + sql.escape(user) + + ' AND `p`.`room_id`=`r`.`id` ' + + ' AND `r`.`name`=' + sql.escape(room) + + ' AND `r`.`token`=' + sql.escape(token); console.log('Checking if ' + user + ' is allowed to join room ' + room + ' using token ' + token); sql.query(q, function(err, rows, fields) { if (err){