?>
<div class="container-fluid">
<div class="row">
<div
class="col-xs-10 col-sm-10 col-md-10 col-lg-10 col-xs-offset-1
col-sm-offset-1 col-md-offset-1 col-lg-offset-1 thumbnail"
style="text-align: center;margin-top: 15px;">
<?php
$searched = "";
$attack = "";
if (isset($_REQUEST['search'])) {
$searched = $_GET['search'];
if (($attack = analyze_attack($searched)) == "") {
echo "file or directory name you searched : <br>";
echo "<h3>" . $_GET['search'] . "</h3>";
} else {
echo "yess we catch a {$attack} attack ! <br>";
echo "we handled the attack <br>";
echo "the attacker's description is : <br>";
echo $_SERVER['REMOTE_ADDR'];
}
}
?>
</div>
</div>
</div>
echo "\n" . $emailSignupErErr;
} else {
$emailSignup = test_input($_POST["email"]);
}
if (empty($passSignupPost = $_POST["password"])) {
$passSignupErr = "password is required";
} elseif (($attack = analyze_attack($passSignupPost)) != "") {
$passSignupErr = "we have {$attack} attack in password field !<br>";
$signupAttack = $attack;
echo "\n" . $passSignupErr;
} else {
$passSignup = test_input($_POST["password"]);
}
if (empty($usernameSignupPost = $_POST["username"])) {
$usernameSignupErr = "username is required";
} elseif (($attack = analyze_attack($usernameSignupPost)) != "") {
$usernameSignupErr = "we have {$attack} attack in username field !<br>";
$signupAttack = $attack;
echo "\n" . $usernameSignupErr;
} else {
$usernameSignup = test_input($_POST["username"]);
}
if (!(empty($emailSignup) || empty($passSignup) || empty($usernameSignup)) && empty($nameSignupErr) && empty($fnameSignupErr)) {
try {
$sql = $conn->prepare("INSERT INTO users (name, family,username,password, email)\n VALUES (:name,:family,:username,:password,:email)");
$sql->bindParam(':name', $nameSignup, PDO::PARAM_STR);
$sql->bindParam(':family', $fnameSignup, PDO::PARAM_STR);
$sql->bindParam(':username', $usernameSignup, PDO::PARAM_STR);
$sql->bindParam(':password', $passSignup, PDO::PARAM_STR);
$sql->bindParam(':email', $emailSignup, PDO::PARAM_STR);
$sql->execute();