From 531c210b7544e5e937919c5124681f352e1b1998 Mon Sep 17 00:00:00 2001 From: Tim Krehan Date: Wed, 22 May 2019 10:38:07 +0200 Subject: [PATCH] sql inject prevent --- php/classes.user.php | 47 ++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/php/classes.user.php b/php/classes.user.php index b1ab751..c4edc1b 100644 --- a/php/classes.user.php +++ b/php/classes.user.php @@ -5,8 +5,10 @@ function get_info($session_id) { include $_SESSION["docroot"].'/php/connect.php'; - $query = "SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = \"$session_id\")"; - $result = $mysqli->query($query); + $selectQuery = $mysqli->prepare("SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = ?);"); + $selectQuery->bind_param("s", $session_id); + $selectQuery->execute(); + $result = $selectQuery->get_result(); $user = $result->fetch_assoc(); $this->uid = $user["uid"]; $this->username = $user["username"]; @@ -21,11 +23,15 @@ include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/connect.php'; $current_pwhash = hash_password($current, $this->salt); - $query = "SELECT `uid` FROM `users` WHERE `uid` = $this->uid AND `password` = '$current_pwhash'"; - $result = $mysqli->query($query); + $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `uid` = ? AND `password` = ?;"); + $selectQuery->bind_param("ss", $this->uid, $current_pwhash); + $selectQuery->execute(); + $result = $selectQuery->get_result(); if($result->num_rows===1){ $new_pwdhash = hash_password($new, $this->salt); - $mysqli->query("UPDATE `users` SET `password` = '$new_pwdhash' WHERE `users`.`uid` = $this->uid;"); + $updateQuery = $mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `users`.`uid` = ?;"); + $updateQuery->bind_param("ss", $new_pwdhash, $this->uid); + $updateQuery->execute(); $mysqli->close(); print_r("0"); } @@ -35,20 +41,25 @@ } function change_mail($mailaddress){ - include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/connect.php'; $this->mail = $mailaddress; - $result = $mysqli->query("UPDATE `users` SET `email` = '$mailaddress' WHERE `users`.`uid` = $this->uid;"); + $updateQuery = $mysqli->prepare("UPDATE `users` SET `email` = ? WHERE `users`.`uid` = ?;"); + $updateQuery->bind_param("ss", $mailaddress, $this->uid); + $updateQuery->execute(); $mysqli->close(); } function change_username($newname){ - include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/connect.php'; $this->username = $newname; - $result = $mysqli->query("SELECT * WHERE `username` = $this->username;"); + $selectQuery = $mysqli->prepare("SELECT * FROM `users` WHERE `username` = ?;"); + $selectQuery->bind_param("s", $this->username); + $selectQuery->execute(); + $result = $selectQuery->get_result(); if($result->num_rows==0){ - $result = $mysqli->query("UPDATE `users` SET `username` = '$newname' WHERE `users`.`uid` = $this->uid;"); + $updateQuery = $mysqli->prepare("UPDATE `users` SET `username` = ? WHERE `users`.`uid` = ?;"); + $updateQuery->bind_param("ss", $newname, $this->uid); + $updateQuery->execute(); print_r("0"); } else{ @@ -59,7 +70,9 @@ function change_theme($theme){ include $_SESSION["docroot"].'/php/connect.php'; - $result = $mysqli->query("UPDATE `users` SET `theme` = '$theme' WHERE `users`.`uid` = $this->uid;"); + $updateQuery = $mysqli->prepare("UPDATE `users` SET `theme` = ? WHERE `users`.`uid` = ?;"); + $updateQuery->bind_param("ss", $theme, $this->uid); + $updateQuery->execute(); if($result){ print_r("0"); } @@ -72,13 +85,17 @@ include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/hash.php'; - $query = "SELECT `uid` FROM `users` WHERE `username` = '$uname'"; - $result = $mysqli->query($query); + $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `username` = ?;"); + $selectQuery->bind_param("s", $uname); + $selectQuery->execute(); + $result = $selectQuery->get_result(); if($result->num_rows==0){ $salt = create_salt(); $passhash = hash_password($password, $salt); - $query = "INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES ('$uname', '$passhash', '$salt', CURRENT_TIMESTAMP);"; - $result = $mysqli->query($query); + $insertQuery = $mysqli->prepare("INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES (?, ?, ?, CURRENT_TIMESTAMP);"); + $insertQuery->bind_param("sss", $uname, $passhash, $salt); + $insertQuery->execute(); + $result = $insertQuery->get_result(); unset($salt); unset($password); print_r(0);