Grisu/PunkteSystem-KSP
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

sanitize all input against xss and fixed bug with time encoding when adding result

Browse Source
This commit is contained in:
Grisu
2022-06-21 23:35:06 +02:00
parent b0478a7dd4
commit 6d74360d1d
10 changed files with 68 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/public/edit_user.php
View File

@@ -5,28 +5,34 @@
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_user($con, $_GET['id'])->fetch();
$id = sanitize_input($_GET['id']);
$row = get_user($con, $id)->fetch();
include("header_footer/header.php");
}
if($_SERVER['REQUEST_METHOD'] == "POST") {
$user = get_user($con, $_POST['id'])->fetch();
$id = sanitize_input($_POST['id']);
$user = get_user($con, $id)->fetch();
$user_group = sanitize_input($_POST['user_group']);
$user_name = sanitize_input($_POST['user_name']);
$bind_station = sanitize_input($_POST['bind_station']);
$password = sanitize_input($_POST['password']);
if($user['user_name'] != $_POST['user_name']) {
change_user_name($con, $_POST['id'], $_POST['user_name']);
if($user['user_name'] != $user_name) {
change_user_name($con, $id, $user_name);
}
if($user['user_group'] != $_POST['user_group']) {
if($user['user_group'] != $user_group) {
if($_POST['user_group'] == "station") {
change_user_group($con, $_POST['id'], $_POST['user_group'], $_POST['bind_station']);
change_user_group($con, $id, $user_group, $bind_station);
} else {
change_user_group($con, $_POST['id'], $_POST['user_group'], NULL);
change_user_group($con, $id, $user_group, NULL);
}
}
if(!empty($_POST['password'])) {
$phash = generate_password_hash($_POST['password'], $user['salt']);
change_password($con, $_POST['id'], $phash);
if(!empty($password)) {
$phash = generate_password_hash($password, $user['salt']);
change_password($con, $id, $phash);
}
header("Location: manage_user.php");