Skip to content

Commit

Permalink
Merge pull request #151 from sveneld/sql_injection_fix
Browse files Browse the repository at this point in the history 
sql injection fix
  • Loading branch information
@mmmaly
mmmaly authored Jan 9, 2024
2 parents 72c66c2 + df51386 commit 077b14d
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 11 deletions.
9 changes: 8 additions & 1 deletion admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,14 @@
$db->connect();

checksession();
if (getprivileges($_COOKIE["loguserid"])<=0) exit(_('You need admin privileges to access this page.'));

if (isset($_COOKIE["loguserid"])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
} else {
$userid = 0;
}

if (getprivileges($userid)<=0) exit(_('You need admin privileges to access this page.'));
?>
<!DOCTYPE html>
<html lang="en">
Expand Down
15 changes: 12 additions & 3 deletions command.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,18 @@
$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
$db->connect();

if (isset($_COOKIE["loguserid"])) $userid=$_COOKIE["loguserid"];
else $userid=0;
if (isset($_COOKIE["logsession"])) $session=$_COOKIE["logsession"];
if (isset($_COOKIE["loguserid"])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
} else {
$userid = 0;
}

if (isset($_COOKIE["logsession"])) {
$session = $db->conn->real_escape_string(trim($_COOKIE["logsession"]));
} else {
$session = '';
}

$action="";
if (isset($_GET["action"])) $action=trim($_GET["action"]);

Expand Down
14 changes: 10 additions & 4 deletions index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,16 @@
var mapzoom=<?php echo $systemzoom; ?>;
var standselected=0;
<?php
if (isset($_COOKIE["loguserid"])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
} else {
$userid = 0;
}

if (isloggedin())
{
echo 'var loggedin=1;',"\n";
echo 'var priv=',getprivileges($_COOKIE["loguserid"]),";\n";
echo 'var priv=',getprivileges($userid),";\n";
}
else
{
Expand Down Expand Up @@ -81,11 +87,11 @@
<ul class="list-inline">
<li><a href="<?php echo $systemrules; ?>"><span class="glyphicon glyphicon-question-sign"></span> <?php echo _('Help'); ?></a></li>
<?php
if (isloggedin() AND getprivileges($_COOKIE["loguserid"])>0) echo '<li><a href="admin.php"><span class="glyphicon glyphicon-cog"></span> ',_('Admin'),'</a></li>';
if (isloggedin() AND getprivileges($userid)>0) echo '<li><a href="admin.php"><span class="glyphicon glyphicon-cog"></span> ',_('Admin'),'</a></li>';
if (isloggedin())
{
echo '<li><span class="glyphicon glyphicon-user"></span> <small>',getusername($_COOKIE["loguserid"]),'</small>';
if (iscreditenabled()) echo ' (<span id="usercredit" title="',_('Remaining credit'),'">',getusercredit($_COOKIE["loguserid"]),'</span> ',getcreditcurrency(),' <button type="button" class="btn btn-success btn-xs" id="opencredit" title="',_('Add credit'),'"><span class="glyphicon glyphicon-plus"></span></button>)<span id="couponblock"><br /><span class="form-inline"><input type="text" class="form-control input-sm" id="coupon" placeholder="XXXXXX" /><button type="button" class="btn btn-primary btn-sm" id="validatecoupon" title="',_('Confirm coupon'),'"><span class="glyphicon glyphicon-plus"></span></button></span></span></li>';
echo '<li><span class="glyphicon glyphicon-user"></span> <small>',getusername($userid),'</small>';
if (iscreditenabled()) echo ' (<span id="usercredit" title="',_('Remaining credit'),'">',getusercredit($userid),'</span> ',getcreditcurrency(),' <button type="button" class="btn btn-success btn-xs" id="opencredit" title="',_('Add credit'),'"><span class="glyphicon glyphicon-plus"></span></button>)<span id="couponblock"><br /><span class="form-inline"><input type="text" class="form-control input-sm" id="coupon" placeholder="XXXXXX" /><button type="button" class="btn btn-primary btn-sm" id="validatecoupon" title="',_('Confirm coupon'),'"><span class="glyphicon glyphicon-plus"></span></button></span></span></li>';
echo '<li><a href="command.php?action=logout" id="logout"><span class="glyphicon glyphicon-log-out"></span> ',_('Log out'),'</a></li>';
}
?>
Expand Down
14 changes: 11 additions & 3 deletions scan.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,17 @@
$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
$db->connect();

if (isset($_COOKIE["loguserid"])) $userid=$_COOKIE["loguserid"];
else $userid=0;
if (isset($_COOKIE["logsession"])) $session=$_COOKIE["logsession"];
if (isset($_COOKIE["loguserid"])) {
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
} else {
$userid = 0;
}

if (isset($_COOKIE["logsession"])) {
$session = $db->conn->real_escape_string(trim($_COOKIE["logsession"]));
} else {
$session = '';
}
$request=substr($_SERVER["REQUEST_URI"],strpos($_SERVER["REQUEST_URI"],".php")+5);
$request=explode("/",$request);
$action=$request[0];
Expand Down

0 comments on commit 077b14d

Please sign in to comment.