From 70de7e5a1dd96c47c48eb45498004d219bec1283 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Fri, 3 Jun 2011 11:34:54 +0200 Subject: [PATCH] guest_login: Cleanup, fix sql injection --- includes/pages/guest_faq.php | 14 ++++++--- includes/pages/guest_login.php | 56 ++++++++++++++++++++++++---------- 2 files changed, 50 insertions(+), 20 deletions(-) diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php index c4bcd0bb..2799cbaf 100644 --- a/includes/pages/guest_faq.php +++ b/includes/pages/guest_faq.php @@ -5,11 +5,17 @@ function guest_faq() { foreach ($faqs as $faq) { $html .= "
"; if ($_SESSION['Sprache'] == "DE") { - $html .= "
" . $faq['Frage_de'] . "
"; - $html .= "
" . $faq['Antwort_de'] . "
"; + $html .= sprintf( + '
%s
%s
', + $faq['frage_de'], + $faq['antwort_de'] + ); } else { - $html .= "
" . $faq['Frage_en'] . "
"; - $html .= "
" . $faq['Antwort_en'] . "
"; + $html .= sprintf( + '
%s
%s
', + $faq['frage_en'], + $faq['antwort_en'] + ); } $html .= "
"; } diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index bbf36b6d..db20a207 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -16,12 +16,25 @@ function guest_register() { $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); if (strlen($_POST["Nick"]) < 2) - $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); - elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); - elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); - elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); - elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); - elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); + + elseif (count($Ergans) > 0) + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); + + elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) + $error = Get_Text("makeuser_error_mail"); + + elseif (!is_numeric($_POST["Alter"])) + $error = Get_Text("makeuser_error_Alter"); + + elseif ($_POST["Passwort"] != $_POST["Passwort2"]) + $error = Get_Text("makeuser_error_password1"); + + elseif (strlen($_POST["Passwort"]) < 6) + $error = Get_Text("makeuser_error_password2"); + else { $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); unset ($_POST["Passwort2"]); @@ -35,15 +48,26 @@ function guest_register() { "`Size`, " . "`Passwort`, " . "`Art` , " . "`kommentar`, " . "`Hometown`," . "`CreateDate`, `Sprache` ) " . - "VALUES ( " . - "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . - "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . - "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . - "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . - "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . - "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . - "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . - "'" . $_POST["Hometown"] . "'," . "NOW(), '" . $_SESSION['Sprache'] . "')"); + "VALUES ( '" + . sql_escape($_POST["Nick"]) . "', " . "'" + . sql_escape($_POST["Name"]) . "', " . "'" + . sql_escape($_POST["Vorname"]) . "', " . "'" + . sql_escape($_POST["Alter"]) . "', " . "'" + . sql_escape($_POST["Telefon"]) . "', " . "'" + . sql_escape($_POST["DECT"]) . "', " . "'" + . sql_escape($_POST["Handy"]) . "', " . "'" + . sql_escape($_POST["email"]) . "', " . "'" + . sql_escape($_POST["ICQ"]) . "', " . "'" + . sql_escape($_POST["jabber"]) . "', " . "'" + . sql_escape($_POST["Size"]) . "', " . "'" + . sql_escape($_POST["Passwort"]) . "', " . "'" + . sql_escape($_POST["Art"]) . "', " . "'" + . sql_escape($_POST["kommentar"]) . "', " . "'" + . sql_escape($_POST["Hometown"]) . "'," + . "NOW(), '" + . sql_escape($_SESSION["Sprache"]) + . "')" + ); if ($Erg != 1) { $html .= Get_Text("makeuser_error_write1") . "
\n"; @@ -242,4 +266,4 @@ function guest_login_form() { 'send' => Get_Text("index_lang_send") )); } -?> \ No newline at end of file +?>