mirror of
https://github.com/tim-krehan/shopping-list.git
synced 2024-11-23 22:30:41 +01:00
sql inject
This commit is contained in:
parent
531c210b75
commit
6257036261
1 changed files with 14 additions and 9 deletions
|
@ -4,9 +4,10 @@ include $_SESSION["docroot"].'/config/config.php';
|
|||
include $_SESSION["docroot"].'/php/connect.php';
|
||||
include $_SESSION["docroot"].'/php/hash.php';
|
||||
|
||||
|
||||
$query = 'SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=\''.$_POST['user'].'\';';
|
||||
$result = $mysqli->query($query);
|
||||
$selectQuery = $mysqli->prepare('SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=?;');
|
||||
$selectQuery->bind_param("s", $_POST['user']);
|
||||
$selectQuery->execute();
|
||||
$result = $selectQuery->get_result();
|
||||
|
||||
if ($result->num_rows == 1)
|
||||
{
|
||||
|
@ -27,10 +28,14 @@ if ($result->num_rows == 1)
|
|||
$session_expiry = date('Y-m-d H:i:s', time()+86400);
|
||||
}
|
||||
|
||||
$mysqli->query('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (\''.$token.'\', \''.$userdetails["uid"].'\', \''.$session_expiry.'\'); ');
|
||||
$insertQuery = $mysqli->prepare('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (?,?,?);');
|
||||
$insertQuery->bind_param("sss", $token, $userdetails["uid"], $session_expiry);
|
||||
$insertQuery->execute();
|
||||
|
||||
}
|
||||
$mysqli->query('UPDATE `users` SET `last_login` = \''.date("Y-m-d H:i:s").'\' WHERE `uid` = \''.$userdetails["uid"].'\';');
|
||||
$updateQuery = $mysqli->prepare("UPDATE `users` SET `last_login` = \'".date("Y-m-d H:i:s")."\' WHERE `uid` = ?;");
|
||||
$updateQuery->bind_param($userdetails["uid"]);
|
||||
$updateQuery->execute();
|
||||
$mysqli->close();
|
||||
header("Location: ".$_POST["refurl"]);
|
||||
exit(0);
|
||||
|
|
Loading…
Reference in a new issue