guest_login: Cleanup, fix sql injection

main
Daniel Friesel 14 years ago
parent 554bd796dc
commit 70de7e5a1d

@ -5,11 +5,17 @@ function guest_faq() {
foreach ($faqs as $faq) { foreach ($faqs as $faq) {
$html .= "<dl>"; $html .= "<dl>";
if ($_SESSION['Sprache'] == "DE") { if ($_SESSION['Sprache'] == "DE") {
$html .= "<dt>" . $faq['Frage_de'] . "</dt>"; $html .= sprintf(
$html .= "<dd>" . $faq['Antwort_de'] . "</dd>"; '<dt>%s</dt> <dd>%s</dd>',
$faq['frage_de'],
$faq['antwort_de']
);
} else { } else {
$html .= "<dt>" . $faq['Frage_en'] . "</dt>"; $html .= sprintf(
$html .= "<dd>" . $faq['Antwort_en'] . "</dd>"; '<dt>%s</dt> <dd>%s</dd>',
$faq['frage_en'],
$faq['antwort_en']
);
} }
$html .= "</dl>"; $html .= "</dl>";
} }

@ -16,12 +16,25 @@ function guest_register() {
$Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
if (strlen($_POST["Nick"]) < 2) if (strlen($_POST["Nick"]) < 2)
$error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); $error = Get_Text("makeuser_error_nick1")
elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail");
elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); elseif (count($Ergans) > 0)
elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); $error = Get_Text("makeuser_error_nick1")
elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false)
$error = Get_Text("makeuser_error_mail");
elseif (!is_numeric($_POST["Alter"]))
$error = Get_Text("makeuser_error_Alter");
elseif ($_POST["Passwort"] != $_POST["Passwort2"])
$error = Get_Text("makeuser_error_password1");
elseif (strlen($_POST["Passwort"]) < 6)
$error = Get_Text("makeuser_error_password2");
else { else {
$_POST["Passwort"] = PassCrypt($_POST["Passwort"]); $_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
unset ($_POST["Passwort2"]); unset ($_POST["Passwort2"]);
@ -35,15 +48,26 @@ function guest_register() {
"`Size`, " . "`Passwort`, " . "`Size`, " . "`Passwort`, " .
"`Art` , " . "`kommentar`, " . "`Art` , " . "`kommentar`, " .
"`Hometown`," . "`CreateDate`, `Sprache` ) " . "`Hometown`," . "`CreateDate`, `Sprache` ) " .
"VALUES ( " . "VALUES ( '"
"'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . . sql_escape($_POST["Nick"]) . "', " . "'"
"'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . . sql_escape($_POST["Name"]) . "', " . "'"
"'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . . sql_escape($_POST["Vorname"]) . "', " . "'"
"'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . . sql_escape($_POST["Alter"]) . "', " . "'"
"'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . . sql_escape($_POST["Telefon"]) . "', " . "'"
"'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . . sql_escape($_POST["DECT"]) . "', " . "'"
"'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . . sql_escape($_POST["Handy"]) . "', " . "'"
"'" . $_POST["Hometown"] . "'," . "NOW(), '" . $_SESSION['Sprache'] . "')"); . sql_escape($_POST["email"]) . "', " . "'"
. sql_escape($_POST["ICQ"]) . "', " . "'"
. sql_escape($_POST["jabber"]) . "', " . "'"
. sql_escape($_POST["Size"]) . "', " . "'"
. sql_escape($_POST["Passwort"]) . "', " . "'"
. sql_escape($_POST["Art"]) . "', " . "'"
. sql_escape($_POST["kommentar"]) . "', " . "'"
. sql_escape($_POST["Hometown"]) . "',"
. "NOW(), '"
. sql_escape($_SESSION["Sprache"])
. "')"
);
if ($Erg != 1) { if ($Erg != 1) {
$html .= Get_Text("makeuser_error_write1") . "<br />\n"; $html .= Get_Text("makeuser_error_write1") . "<br />\n";
@ -242,4 +266,4 @@ function guest_login_form() {
'send' => Get_Text("index_lang_send") 'send' => Get_Text("index_lang_send")
)); ));
} }
?> ?>

Loading…
Cancel
Save