Grisu/PunkteSystem-KSP
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

sanitize all input against xss and fixed bug with time encoding when adding result

Browse Source
This commit is contained in:
Grisu
2022-06-21 23:35:06 +02:00
parent b0478a7dd4
commit 6d74360d1d
10 changed files with 68 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/public/add_user.php
View File

@@ -6,14 +6,14 @@
$error = null;
if($_SERVER['REQUEST_METHOD'] == "POST") {
$user_name = $_POST['user_name'];
$password = $_POST['password'];
$user_group = $_POST['user_group'];
$bind_station = $_POST['bind_station'];
$user_name = sanitize_input($_POST['user_name']);
$password = sanitize_input($_POST['password']);
$user_group = sanitize_input($_POST['user_group']);
$bind_station = sanitize_input($_POST['bind_station']);
if(!empty($user_name) && !empty($password)) {
$salt = generate_salt();
$user_id = generate_user_id($_POST['user_name'], $salt);
$phash = generate_password_hash($_POST['password'], $salt);
$user_id = generate_user_id($user_name, $salt);
$phash = generate_password_hash($password, $salt);
if($user_group == "station") {
write_user($con, $user_name, $user_id, $phash, $salt, $user_group, $bind_station);
} else {