From 6257036261bd75b3373587edd456bab879b3454a Mon Sep 17 00:00:00 2001 From: Tim Krehan Date: Wed, 22 May 2019 10:45:09 +0200 Subject: [PATCH] sql inject --- php/login.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/php/login.php b/php/login.php index 7416fe8..dd52d59 100644 --- a/php/login.php +++ b/php/login.php @@ -4,9 +4,10 @@ include $_SESSION["docroot"].'/config/config.php'; include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/hash.php'; - -$query = 'SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=\''.$_POST['user'].'\';'; -$result = $mysqli->query($query); +$selectQuery = $mysqli->prepare('SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=?;'); +$selectQuery->bind_param("s", $_POST['user']); +$selectQuery->execute(); +$result = $selectQuery->get_result(); if ($result->num_rows == 1) { @@ -27,13 +28,17 @@ if ($result->num_rows == 1) $session_expiry = date('Y-m-d H:i:s', time()+86400); } - $mysqli->query('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (\''.$token.'\', \''.$userdetails["uid"].'\', \''.$session_expiry.'\'); '); + $insertQuery = $mysqli->prepare('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (?,?,?);'); + $insertQuery->bind_param("sss", $token, $userdetails["uid"], $session_expiry); + $insertQuery->execute(); } - $mysqli->query('UPDATE `users` SET `last_login` = \''.date("Y-m-d H:i:s").'\' WHERE `uid` = \''.$userdetails["uid"].'\';'); - $mysqli->close(); - header("Location: ".$_POST["refurl"]); - exit(0); + $updateQuery = $mysqli->prepare("UPDATE `users` SET `last_login` = \'".date("Y-m-d H:i:s")."\' WHERE `uid` = ?;"); + $updateQuery->bind_param($userdetails["uid"]); + $updateQuery->execute(); + $mysqli->close(); + header("Location: ".$_POST["refurl"]); + exit(0); } else { @@ -41,4 +46,4 @@ else header("Location: /"); exit(1); } -?> +?> \ No newline at end of file