diff --git a/passman-dev/php/passman/dashboard.php b/passman-dev/php/passman/dashboard.php index f2c2bd9..dcc8401 100644 --- a/passman-dev/php/passman/dashboard.php +++ b/passman-dev/php/passman/dashboard.php @@ -26,12 +26,23 @@ if(isset($_POST['new_website'], $_POST['new_username'], $_POST['new_password']) $new_username = trim($_POST["new_username"]); $new_password = trim($_POST["new_password"]); - // Insert new web site - $sql_query = "INSERT INTO websites (login_user_id,web_url,web_username,web_password) VALUES " . - "((SELECT id FROM login_users WHERE username='{$username}'),'{$new_website}','{$new_username}','{$new_password}');"; + // Insert new web site using a prepared statement to prevent SQL injection. + $sql_query = "INSERT INTO websites (login_user_id, web_url, web_username, web_password) VALUES " . + "((SELECT id FROM login_users WHERE username = ?), ?, ?, ?)"; + + $stmt = $conn->prepare($sql_query); + if ($stmt === false) { + $conn->close(); + die("Prepare failed."); + } + + $stmt->bind_param("ssss", $username, $new_website, $new_username, $new_password); //echo $sql_query; - $result = $conn->query($sql_query); - $conn -> close(); + + $result = $stmt->execute(); + $stmt->close(); + $conn->close(); + // After processing, redirect to the same page to clear the form unset($_POST['new_website']); @@ -45,11 +56,25 @@ if(isset($_POST['new_website'], $_POST['new_username'], $_POST['new_password']) if(isset($_POST['delete_website']) && trim($_POST["websiteid"] != '')) { $webid = trim($_POST["websiteid"]); + // Cast to int to avoid unexpected input and use a prepared statement to prevent SQL injection. + $webid = (int)trim($_POST["websiteid"]); + // Delete selected web site - $sql_query = "DELETE FROM websites WHERE webid='{$webid}';"; + $sql_query = "DELETE FROM websites WHERE webid = ?"; + + $stmt = $conn->prepare($sql_query); + if ($stmt === false) { + $conn->close(); + die("Prepare failed."); + } + + $stmt->bind_param("i", $webid); //echo $sql_query; - $result = $conn->query($sql_query); - $conn -> close(); + + $result = $stmt->execute(); + $stmt->close(); + $conn->close(); + // After processing, redirect to the same page to clear the form unset($_POST['websiteid']); @@ -57,10 +82,21 @@ if(isset($_POST['delete_website']) && trim($_POST["websiteid"] != '')) { exit(); } -// Display list of user's web sites -$sql_query = "SELECT * FROM websites INNER JOIN login_users ON websites.login_user_id=login_users.id WHERE login_users.username='{$username}';"; +// Display list of user's web sites using a prepared statement to prevent SQL injection. +$sql_query = "SELECT * FROM websites INNER JOIN login_users ON websites.login_user_id=login_users.id WHERE login_users.username = ?"; //echo $sql_query; -$result = $conn->query($sql_query); + +$stmt = $conn->prepare($sql_query); +if ($stmt === false) { + $conn->close(); + die("Prepare failed."); +} + +$stmt->bind_param("s", $username); +$stmt->execute(); +$result = $stmt->get_result(); +$stmt->close(); + //echo htmlspecialchars($username); echo "

Entries of " . $username . "

"; diff --git a/passman-dev/php/passman/notes.php b/passman-dev/php/passman/notes.php index 4b3131c..2cadfba 100644 --- a/passman-dev/php/passman/notes.php +++ b/passman-dev/php/passman/notes.php @@ -50,13 +50,24 @@ if(isset($_POST['new_note']) && trim($_POST['new_note']) !='') { //$sql_query = "INSERT INTO notes (login_user_id,note) VALUES " . // "((SELECT id FROM login_users WHERE username='{$username}'),('{$new_note}'));"; - $sql_query = "INSERT INTO notes (login_user_id, note) ". - "VALUES ((SELECT id FROM login_users WHERE username='{$username}'), '{$new_note}')"; + // Insert new note using a prepared statement to prevent SQL injection. + $sql_query = "INSERT INTO notes (login_user_id, note) ". + "VALUES ((SELECT id FROM login_users WHERE username = ?), ?)"; + + $stmt = $conn->prepare($sql_query); + if ($stmt === false) { + // Fail closed (do not leak DB details). + $conn->close(); + die("Prepare failed."); + } + + $stmt->bind_param("ss", $username, $new_note); + //echo $sql_query; + + $result = $stmt->execute(); + $stmt->close(); + $conn->close(); - //echo $sql_query; - - $result = $conn->query($sql_query); - $conn -> close(); // After processing, redirect to the same page to clear the form unset($_POST['new_note']); diff --git a/passman-dev/php/passman/register.php b/passman-dev/php/passman/register.php index 1759a08..1c3516f 100644 --- a/passman-dev/php/passman/register.php +++ b/passman-dev/php/passman/register.php @@ -29,11 +29,19 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { //} require_once __DIR__ . "/config.php"; - // Insert a new user - $sql_query = "INSERT INTO login_users (username,password) VALUES ('{$new_username}','{$new_password}');"; - //echo $sql_query; + // Insert a new user using a prepared statement to prevent SQL injection. + $sql_query = "INSERT INTO login_users (username, password) VALUES (?, ?)"; + + $stmt = $conn->prepare($sql_query); + if ($stmt === false) { + $login_message = "Database error (prepare failed)."; + $result = false; + } else { + $stmt->bind_param("ss", $new_username, $new_password); + $result = $stmt->execute(); + $stmt->close(); + } - $result = $conn->query($sql_query); unset($_POST['new_username']); unset($_POST['new_password']);