Fix SQL injection in the rest of the passman
This commit is contained in:
parent
f94a1ebbd5
commit
bd9aec48d7
@ -26,12 +26,23 @@ if(isset($_POST['new_website'], $_POST['new_username'], $_POST['new_password'])
|
||||
$new_username = trim($_POST["new_username"]);
|
||||
$new_password = trim($_POST["new_password"]);
|
||||
|
||||
// Insert new web site
|
||||
// Insert new web site using a prepared statement to prevent SQL injection.
|
||||
$sql_query = "INSERT INTO websites (login_user_id, web_url, web_username, web_password) VALUES " .
|
||||
"((SELECT id FROM login_users WHERE username='{$username}'),'{$new_website}','{$new_username}','{$new_password}');";
|
||||
//echo $sql_query;
|
||||
$result = $conn->query($sql_query);
|
||||
"((SELECT id FROM login_users WHERE username = ?), ?, ?, ?)";
|
||||
|
||||
$stmt = $conn->prepare($sql_query);
|
||||
if ($stmt === false) {
|
||||
$conn->close();
|
||||
die("Prepare failed.");
|
||||
}
|
||||
|
||||
$stmt->bind_param("ssss", $username, $new_website, $new_username, $new_password);
|
||||
//echo $sql_query;
|
||||
|
||||
$result = $stmt->execute();
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
|
||||
|
||||
// After processing, redirect to the same page to clear the form
|
||||
unset($_POST['new_website']);
|
||||
@ -45,11 +56,25 @@ if(isset($_POST['new_website'], $_POST['new_username'], $_POST['new_password'])
|
||||
if(isset($_POST['delete_website']) && trim($_POST["websiteid"] != '')) {
|
||||
$webid = trim($_POST["websiteid"]);
|
||||
|
||||
// Cast to int to avoid unexpected input and use a prepared statement to prevent SQL injection.
|
||||
$webid = (int)trim($_POST["websiteid"]);
|
||||
|
||||
// Delete selected web site
|
||||
$sql_query = "DELETE FROM websites WHERE webid='{$webid}';";
|
||||
//echo $sql_query;
|
||||
$result = $conn->query($sql_query);
|
||||
$sql_query = "DELETE FROM websites WHERE webid = ?";
|
||||
|
||||
$stmt = $conn->prepare($sql_query);
|
||||
if ($stmt === false) {
|
||||
$conn->close();
|
||||
die("Prepare failed.");
|
||||
}
|
||||
|
||||
$stmt->bind_param("i", $webid);
|
||||
//echo $sql_query;
|
||||
|
||||
$result = $stmt->execute();
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
|
||||
|
||||
// After processing, redirect to the same page to clear the form
|
||||
unset($_POST['websiteid']);
|
||||
@ -57,10 +82,21 @@ if(isset($_POST['delete_website']) && trim($_POST["websiteid"] != '')) {
|
||||
exit();
|
||||
}
|
||||
|
||||
// Display list of user's web sites
|
||||
$sql_query = "SELECT * FROM websites INNER JOIN login_users ON websites.login_user_id=login_users.id WHERE login_users.username='{$username}';";
|
||||
// Display list of user's web sites using a prepared statement to prevent SQL injection.
|
||||
$sql_query = "SELECT * FROM websites INNER JOIN login_users ON websites.login_user_id=login_users.id WHERE login_users.username = ?";
|
||||
//echo $sql_query;
|
||||
$result = $conn->query($sql_query);
|
||||
|
||||
$stmt = $conn->prepare($sql_query);
|
||||
if ($stmt === false) {
|
||||
$conn->close();
|
||||
die("Prepare failed.");
|
||||
}
|
||||
|
||||
$stmt->bind_param("s", $username);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$stmt->close();
|
||||
|
||||
|
||||
//echo htmlspecialchars($username);
|
||||
echo "<h3>Entries of " . $username . "</h3>";
|
||||
|
||||
@ -50,14 +50,25 @@ if(isset($_POST['new_note']) && trim($_POST['new_note']) !='') {
|
||||
//$sql_query = "INSERT INTO notes (login_user_id,note) VALUES " .
|
||||
// "((SELECT id FROM login_users WHERE username='{$username}'),('{$new_note}'));";
|
||||
|
||||
// Insert new note using a prepared statement to prevent SQL injection.
|
||||
$sql_query = "INSERT INTO notes (login_user_id, note) ".
|
||||
"VALUES ((SELECT id FROM login_users WHERE username='{$username}'), '{$new_note}')";
|
||||
"VALUES ((SELECT id FROM login_users WHERE username = ?), ?)";
|
||||
|
||||
$stmt = $conn->prepare($sql_query);
|
||||
if ($stmt === false) {
|
||||
// Fail closed (do not leak DB details).
|
||||
$conn->close();
|
||||
die("Prepare failed.");
|
||||
}
|
||||
|
||||
$stmt->bind_param("ss", $username, $new_note);
|
||||
//echo $sql_query;
|
||||
|
||||
$result = $conn->query($sql_query);
|
||||
$result = $stmt->execute();
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
|
||||
|
||||
// After processing, redirect to the same page to clear the form
|
||||
unset($_POST['new_note']);
|
||||
header("Location: " . $_SERVER['PHP_SELF']);
|
||||
|
||||
@ -29,11 +29,19 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
|
||||
//}
|
||||
require_once __DIR__ . "/config.php";
|
||||
|
||||
// Insert a new user
|
||||
$sql_query = "INSERT INTO login_users (username,password) VALUES ('{$new_username}','{$new_password}');";
|
||||
//echo $sql_query;
|
||||
// Insert a new user using a prepared statement to prevent SQL injection.
|
||||
$sql_query = "INSERT INTO login_users (username, password) VALUES (?, ?)";
|
||||
|
||||
$stmt = $conn->prepare($sql_query);
|
||||
if ($stmt === false) {
|
||||
$login_message = "Database error (prepare failed).";
|
||||
$result = false;
|
||||
} else {
|
||||
$stmt->bind_param("ss", $new_username, $new_password);
|
||||
$result = $stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
|
||||
$result = $conn->query($sql_query);
|
||||
|
||||
unset($_POST['new_username']);
|
||||
unset($_POST['new_password']);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user