From 3d15b591e3f4196846fff005cc800feb383073c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20H=C3=A4usler?= Date: Mon, 13 Jun 2011 19:34:01 +0200 Subject: [PATCH] cleanup, security sql fixes --- includes/pages/admin_log.php | 6 +- includes/pages/admin_user.php | 68 +++++++------- includes/pages/guest_login.php | 14 ++- includes/pages/user_messages.php | 150 ++----------------------------- includes/pages/user_news.php | 8 +- 5 files changed, 56 insertions(+), 190 deletions(-) diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php index 2798b2cf..4a29a496 100644 --- a/includes/pages/admin_log.php +++ b/includes/pages/admin_log.php @@ -63,12 +63,12 @@ function admin_log() { $html .= "
\n"; $html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)"); $html .= "
\n"; - $html .= funktion_db_element_list_2row("Geleisteter Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)"); + $html .= funktion_db_element_list_2row("Geleistete Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)"); $html .= "
\n"; - $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)"); + $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)"); $html .= "
\n"; - $html .= funktion_db_element_list_2row("Geleisteter Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)"); + $html .= funktion_db_element_list_2row("Geleistete Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)"); return $html; } diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 0399dda8..d1b69db4 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -2,7 +2,7 @@ function admin_user() { global $user; - include ("includes/funktion_db_list.php"); + include ("includes_old/funktion_db_list.php"); $html = ""; @@ -20,7 +20,7 @@ function admin_user() { $html .= "\n"; $html .= "\n"; - $SQL = "SELECT * FROM `User` WHERE `UID`='" . $id . "'"; + $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'"; $Erg = sql_query($SQL); $html .= "
\n"; @@ -184,21 +184,21 @@ function admin_user() { case 'save' : $SQL = "UPDATE `User` SET "; - $SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " . - "`Vorname` = '" . $_POST["eVorname"] . "', " . - "`Telefon` = '" . $_POST["eTelefon"] . "', " . - "`Handy` = '" . $_POST["eHandy"] . "', " . - "`Alter` = '" . $_POST["eAlter"] . "', " . - "`DECT` = '" . $_POST["eDECT"] . "', " . - "`email` = '" . $_POST["eemail"] . "', " . - "`ICQ` = '" . $_POST["eICQ"] . "', " . - "`jabber` = '" . $_POST["ejabber"] . "', " . - "`Size` = '" . $_POST["eSize"] . "', " . - "`Gekommen`= '" . $_POST["eGekommen"] . "', " . - "`Aktiv`= '" . $_POST["eAktiv"] . "', " . - "`Tshirt` = '" . $_POST["eTshirt"] . "', " . - "`Hometown` = '" . $_POST["Hometown"] . "' " . - "WHERE `UID` = '" . $id . + $SQL .= " `Nick` = '" . sql_escape($_POST["eNick"]) . "', `Name` = '" . sql_escape($_POST["eName"]) . "', " . + "`Vorname` = '" . sql_escape($_POST["eVorname"]) . "', " . + "`Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', " . + "`Handy` = '" . sql_escape($_POST["eHandy"]) . "', " . + "`Alter` = '" . sql_escape($_POST["eAlter"]) . "', " . + "`DECT` = '" . sql_escape($_POST["eDECT"]) . "', " . + "`email` = '" . sql_escape($_POST["eemail"]) . "', " . + "`ICQ` = '" . sql_escape($_POST["eICQ"]) . "', " . + "`jabber` = '" . sql_escape($_POST["ejabber"]) . "', " . + "`Size` = '" . sql_escape($_POST["eSize"]) . "', " . + "`Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', " . + "`Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', " . + "`Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', " . + "`Hometown` = '" .sql_escape( $_POST["Hometown"]) . "' " . + "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;"; sql_query($SQL); $html .= success("Änderung wurde gespeichert...\n"); @@ -229,23 +229,23 @@ function admin_user() { $html .= "Anzahl Engel: $Zeilen

\n"; $html .= ' - - - - - - - - - - - - - '; +
- Nick - Vorname NameAlter - E-Mail - GrößeGekommenAktivT-ShirtRegistriertÄnd.
+ + + + + + + + + + + + '; $Gekommen = 0; $Active = 0; $Tshirt = 0; diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index db20a207..ecfcde20 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -3,6 +3,8 @@ // Engel registrieren function guest_register() { + global $SubscribeMailinglist; + $html = ""; $success = "none"; @@ -75,15 +77,11 @@ function guest_register() { } else { $html .= "

" . Get_Text("makeuser_writeOK") . "\n"; - $Erg3 = mysql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); + // Assign user-group + sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); - if ($Erg3 != 1) { - $html .= "

" . Get_Text("makeuser_error_write2") . "
\n"; - $error = sql_error(); - } else { - $html .= Get_Text("makeuser_writeOK2") . "
\n"; - $html .= "

" . Get_Text("makeuser_writeOK3") . "

\n"; - } + $html .= Get_Text("makeuser_writeOK2") . "
\n"; + $html .= "

" . Get_Text("makeuser_writeOK3") . "

\n"; $html .= Get_Text("makeuser_writeOK4") . "

\n

\n"; $success = "any"; diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index a13b28f0..29b41cae 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -6,13 +6,7 @@ function user_unread_messages() { $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); if ($new_messages > 0) - return sprintf( - '

%s %s %s


', - page_link_to("user_messages"), - Get_Text("pub_messages_new1"), - $new_messages, - Get_Text("pub_messages_new2") - ); + return sprintf('

%s %s %s


', page_link_to("user_messages"), Get_Text("pub_messages_new1"), $new_messages, Get_Text("pub_messages_new2")); } return ""; @@ -22,8 +16,7 @@ function user_messages() { global $user; if (!isset ($_REQUEST['action'])) { - $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" - . sql_escape($user['UID']) . " ORDER BY `Nick`"); + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); $to_select_data = array ( "" => "Select receiver..." @@ -35,23 +28,11 @@ function user_messages() { $to_select = html_select_key('to', $to_select_data, ''); $messages_html = ""; - $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" - . sql_escape($user['UID']) - . " OR `RUID`=" . sql_escape($user['UID']) - . " ORDER BY `isRead`,`Datum` DESC" - ); + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); foreach ($messages as $message) { - $messages_html .= sprintf( - '' - .'', - ($message['isRead'] == 'N' ? ' class="new_message"' : ''), - ($message['isRead'] == 'N' ? '•' : ''), - date("Y-m-d H:i", $message['Datum']), - UID2Nick($message['SUID']), - UID2Nick($message['RUID']), - str_replace("\n", '
', $message['Text']) - ); + $messages_html .= sprintf('' . + '', ($message['isRead'] == 'N' ? ' class="new_message"' : ''), ($message['isRead'] == 'N' ? '•' : ''), date("Y-m-d H:i", $message['Datum']), UID2Nick($message['SUID']), UID2Nick($message['RUID']), str_replace("\n", '
', $message['Text'])); $messages_html .= '
+ Nick + Vorname NameAlter + E-Mail + GrößeGekommenAktivT-ShirtRegistriertÄnd.
%s %s %s %s%s
%s %s %s %s%s'; if ($message['RUID'] == $user['UID']) { @@ -65,8 +46,7 @@ function user_messages() { return template_render('../templates/user_messages.html', array ( 'link' => page_link_to("user_messages"), - 'greeting' => Get_Text("Hello") . $user['Nick'] . ",
\n" - . Get_Text("pub_messages_text1") . "

\n", + 'greeting' => Get_Text("Hello") . $user['Nick'] . ",
\n" . Get_Text("pub_messages_text1") . "

\n", 'messages' => $messages_html, 'new_label' => Get_Text("pub_messages_Neu"), 'date_label' => Get_Text("pub_messages_Datum"), @@ -118,122 +98,10 @@ function user_messages() { return error(Get_Text("pub_messages_Send_Error")); } break; - } - return ""; - } - - if (!isset ($_GET["action"])) - $_GET["action"] = "start"; - - switch ($_GET["action"]) { - case "start" : - echo Get_Text("Hello") . $_SESSION['Nick'] . ",
\n"; - echo Get_Text("pub_messages_text1") . "

\n"; - - //show exist Messages - $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'"; - $erg = mysql_query($SQL, $con); - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - for ($i = 0; $i < mysql_num_rows($erg); $i++) { - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - } - - // send Messeges - echo ""; - echo "\n"; - echo "\n"; - echo "\n"; - - // Listet alle Nicks auf - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo ""; - - echo "
" . Get_Text("pub_messages_Datum") . "" . Get_Text("pub_messages_Von") . "" . Get_Text("pub_messages_An") . "" . Get_Text("pub_messages_Text") . "
" . mysql_result($erg, $i, "Datum") . "" . UID2Nick(mysql_result($erg, $i, "SUID")) . "" . UID2Nick(mysql_result($erg, $i, "RUID")) . "" . mysql_result($erg, $i, "Text") . ""; - - if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) { - echo "" . Get_Text("pub_messages_DelMsg") . ""; - - if (mysql_result($erg, $i, "isRead") == "N") - echo "" . Get_Text("pub_messages_MarkRead") . ""; - } else { - if (mysql_result($erg, $i, "isRead") == "N") - echo Get_Text("pub_messages_NotRead"); - } - - echo "
\n"; - break; - - case "SendMsg" : - echo Get_Text("pub_messages_Send1") . "...
\n"; - - $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" . - "'" . gmdate("Y-m-j H:i:s", time()) . "', " . - "'" . $_SESSION["UID"] . "', " . - "'" . $_POST["RUID"] . "', " . - "'" . $_POST["Text"] . "');"; - - $Erg = mysql_query($SQL, $con); - - if ($Erg == 1) - echo Get_Text("pub_messages_Send_OK") . "\n"; - else - echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")"; - break; - - case "MarkRead" : - $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " . - "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " . - "LIMIT 1 ;"; - $Erg = mysql_query($SQL, $con); - - if ($Erg == 1) - echo Get_Text("pub_messages_MarkRead_OK") . "\n"; - else - echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")"; - break; - - case "DelMsg" : - $SQL = "DELETE FROM `Messages` " . - "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " . - "LIMIT 1;"; - $Erg = mysql_query($SQL, $con); - - if ($Erg == 1) - echo Get_Text("pub_messages_DelMsg_OK") . "\n"; - else - echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")"; - break; - - default : - echo Get_Text("pub_messages_NoCommand"); + default : + return error("Wrong action."); + } } } ?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 818c2da2..48b3764c 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -9,7 +9,7 @@ function user_meetings() { else $page = 0; - $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS); + $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) $html .= display_news($entry); @@ -54,7 +54,7 @@ function user_news_comments() { $html = ""; if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) { $nid = $_REQUEST["nid"]; - list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1"); + list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($nid) . " LIMIT 1"); if (isset ($_REQUEST["text"])) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); @@ -66,7 +66,7 @@ function user_news_comments() { $html .= '

Kommentare

'; - $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'"); + $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'"); foreach ($comments as $comment) { $html .= '
'; $html .= DisplayAvatar($comment['UID']); @@ -122,7 +122,7 @@ function user_news() { else $page = 0; - $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS); + $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS)); foreach ($news as $entry) $html .= display_news($entry);