Ejemplos de test_input_sql_injection en PHP

Ejemplo n.º 1

Archivo: signup.php Proyecto: saygindogu/QuestionAnsweringSystem

include "util.php";
if (check_login() == 1) {
    die('You\'re already logged in!');
}
if (isset($_POST['username'])) {
    $username = test_input_sql_injection($_POST['username']);
} else {
    die('username empty');
}
if (isset($_POST['password'])) {
    $password = sha1(test_input_sql_injection($_POST['password']));
} else {
    die('password empty');
}
if (isset($_POST['mail'])) {
    $email = test_input_sql_injection($_POST['mail']);
} else {
    die('email empty');
}
try {
    $con = connect();
    $result = mysqli_query($con, "SELECT * FROM users WHERE username = '******' ") or die('err');
    while ($row = mysqli_fetch_array($result)) {
        die('Username already exists!');
    }
    $result = mysqli_query($con, "INSERT INTO users (username,password,email,joined_date,type,reputation,blocked_until ) VALUES ('{$username}','{$password}','{$email}',NOW(),'regular',0,NULL) ") or die('err');
    echo 'OK!';
    header('Location: ../home.php');
    mysqli_close($con);
} catch (Exception $e) {
    die('err');

Ejemplo n.º 2

Archivo: util.php Proyecto: saygindogu/QuestionAnsweringSystem

function check_login()
{
    if (!isset($_SESSION)) {
        session_start();
    }
    if (!isset($_SESSION["sessionid"])) {
        return 0;
    } else {
        $username = test_input_sql_injection($_SESSION["username"]);
        $password = test_input_sql_injection($_SESSION["sessionid"]);
        try {
            $con = connect();
            $result = mysqli_query($con, "SELECT * FROM users WHERE username = '******'") or die('query err');
            $pas;
            if ($row = mysqli_fetch_array($result)) {
                $pas = $row['password'];
            }
            mysqli_close($con);
            if ($pas == $password) {
                return 1;
            } else {
                return 0;
            }
        } catch (Exception $e) {
            return 0;
        }
    }
}

Ejemplo n.º 3

Archivo: signin.php Proyecto: saygindogu/QuestionAnsweringSystem

<?php

require_once "util.php";
if (!isset($_SESSION)) {
    session_start();
}
if (check_login() == 1) {
    die('You\'re already logged in!');
}
if (isset($_POST['username'])) {
    $username = test_input_sql_injection($_POST['username']);
} else {
    die('username empty');
}
if (isset($_POST['password'])) {
    $password = test_input_sql_injection($_POST['password']);
} else {
    die('password empty');
}
try {
    $con = connect();
    $getPwdSql = "SELECT password,blocked_until FROM Users WHERE username = '******' ";
    $result = mysqli_query($con, $getPwdSql) or die('err');
    if ($row = mysqli_fetch_array($result)) {
        if ($row['password'] != sha1($password)) {
            die('passwords not match');
        }
        $blockeduntil = $row['blocked_until'];
        $nowis = date('Y-m-d H:i:s', time());
        if ($nowis < $blockeduntil) {
            die('You are blocked until ' . $blockeduntil);