sql inject prevent

This commit is contained in:
Tim Krehan 2019-05-22 10:38:07 +02:00
parent 543b9aafef
commit 531c210b75

View file

@ -5,8 +5,10 @@
function get_info($session_id) { function get_info($session_id) {
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$query = "SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = \"$session_id\")"; $selectQuery = $mysqli->prepare("SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = ?);");
$result = $mysqli->query($query); $selectQuery->bind_param("s", $session_id);
$selectQuery->execute();
$result = $selectQuery->get_result();
$user = $result->fetch_assoc(); $user = $result->fetch_assoc();
$this->uid = $user["uid"]; $this->uid = $user["uid"];
$this->username = $user["username"]; $this->username = $user["username"];
@ -21,11 +23,15 @@
include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/hash.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$current_pwhash = hash_password($current, $this->salt); $current_pwhash = hash_password($current, $this->salt);
$query = "SELECT `uid` FROM `users` WHERE `uid` = $this->uid AND `password` = '$current_pwhash'"; $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `uid` = ? AND `password` = ?;");
$result = $mysqli->query($query); $selectQuery->bind_param("ss", $this->uid, $current_pwhash);
$selectQuery->execute();
$result = $selectQuery->get_result();
if($result->num_rows===1){ if($result->num_rows===1){
$new_pwdhash = hash_password($new, $this->salt); $new_pwdhash = hash_password($new, $this->salt);
$mysqli->query("UPDATE `users` SET `password` = '$new_pwdhash' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $new_pwdhash, $this->uid);
$updateQuery->execute();
$mysqli->close(); $mysqli->close();
print_r("0"); print_r("0");
} }
@ -35,20 +41,25 @@
} }
function change_mail($mailaddress){ function change_mail($mailaddress){
include $_SESSION["docroot"].'/php/hash.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$this->mail = $mailaddress; $this->mail = $mailaddress;
$result = $mysqli->query("UPDATE `users` SET `email` = '$mailaddress' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `email` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $mailaddress, $this->uid);
$updateQuery->execute();
$mysqli->close(); $mysqli->close();
} }
function change_username($newname){ function change_username($newname){
include $_SESSION["docroot"].'/php/hash.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$this->username = $newname; $this->username = $newname;
$result = $mysqli->query("SELECT * WHERE `username` = $this->username;"); $selectQuery = $mysqli->prepare("SELECT * FROM `users` WHERE `username` = ?;");
$selectQuery->bind_param("s", $this->username);
$selectQuery->execute();
$result = $selectQuery->get_result();
if($result->num_rows==0){ if($result->num_rows==0){
$result = $mysqli->query("UPDATE `users` SET `username` = '$newname' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `username` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $newname, $this->uid);
$updateQuery->execute();
print_r("0"); print_r("0");
} }
else{ else{
@ -59,7 +70,9 @@
function change_theme($theme){ function change_theme($theme){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$result = $mysqli->query("UPDATE `users` SET `theme` = '$theme' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `theme` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $theme, $this->uid);
$updateQuery->execute();
if($result){ if($result){
print_r("0"); print_r("0");
} }
@ -72,13 +85,17 @@
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/hash.php';
$query = "SELECT `uid` FROM `users` WHERE `username` = '$uname'"; $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `username` = ?;");
$result = $mysqli->query($query); $selectQuery->bind_param("s", $uname);
$selectQuery->execute();
$result = $selectQuery->get_result();
if($result->num_rows==0){ if($result->num_rows==0){
$salt = create_salt(); $salt = create_salt();
$passhash = hash_password($password, $salt); $passhash = hash_password($password, $salt);
$query = "INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES ('$uname', '$passhash', '$salt', CURRENT_TIMESTAMP);"; $insertQuery = $mysqli->prepare("INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES (?, ?, ?, CURRENT_TIMESTAMP);");
$result = $mysqli->query($query); $insertQuery->bind_param("sss", $uname, $passhash, $salt);
$insertQuery->execute();
$result = $insertQuery->get_result();
unset($salt); unset($salt);
unset($password); unset($password);
print_r(0); print_r(0);