예제 #1
0
파일: register.php 프로젝트: pgrath/IT202
$fullname = $_GET["fullname"];
$address = $_GET["address"];
$major = $_GET["major"];
$cell = $_GET["cell"];
//use RES to sanitize input
$password = mysql_real_escape_string($password);
$username = mysql_real_escape_string($username);
$email = mysql_real_escape_string($email);
$fullname = mysql_real_escape_string($fullname);
$address = mysql_real_escape_string($address);
$major = mysql_real_escape_string($major);
$cell = mysql_real_escape_string($cell);
//sha1 $password, if needed later. remove before submitting if you dont
$hashpw = sha1($password);
//check if the user is already in the registered table. if they are, quit
if (Rnum($username, $email) > 0) {
    die("{$username} and {$email} are already in the database! Ending. <br><br>  Bye!");
}
//if it isnt, add it
$s = "insert into registered values ( '{$username}', '{$email}', '{$hashpw}', '{$fullname}', '{$cell}', '{$address}', NOW(), '{$major}', 0 ) ";
$t = mysql_query($s) or die(mysql_error());
print "{$username} was added to registered! <br><br> ";
//get info that was just added, since it will match username
$l = "select * from registered where user='******' ";
$x = mysql_query($l) or die(mysql_error());
//start table row
$table = "<table> <tr> <td> <b> Username </b> </td>  <td> <b> Email </b> </td>  <td> <b> Full Name </b> </td>  <td> <b> cell </b> </td>  <td> <b> Address </b> </td>  <td> <b> Registered </b> </td>  <td> <b> Major </b> </td> </tr>";
while ($r = mysql_fetch_array($x)) {
    //get data to print into table
    $username = $r["user"];
    $email = $r["email"];
예제 #2
0
파일: grades.php 프로젝트: pgrath/IT202
//check hashed password from table with hashed pwds
$checkPW = "select * from encrypt where pwd = '{$hashed}'";
$PwdChk = mysql_query($checkPW);
//if the password matches, continue, if not , die
mysql_num_rows($PwdChk) != 0 or die("Incorrect Password!");
//get user and course from form
$username = $_GET["user"];
$course = $_GET["course"];
//prevent xss
$username = mysql_real_escape_string($username);
$course = mysql_real_escape_string($course);
//same deal, get extra points and sanitize it
$expts = $_GET["expts"];
$expts = mysql_real_escape_string($expts);
//make sure user is not already in registered. leave email field blank
if (Rnum($username, "") == 0) {
    die("{$username} is in db already <br><br> Exiting.");
}
//make sure the same user is not already in grades
if (Gnum($username, $course) == 0) {
    //insert the userdata into grades, exclude the other stuff
    $insGrades = "insert into grades values ( '{$username}', '{$course}', '', '', '', '', '', '', '' ) ";
    $ins = mysql_query($insGrades) or die(mysql_error());
    print "{$username} was added to grades  <br>";
}
//now to add values to newly added user, make sure it exists first.
if (Gnum($username, $course) > 0) {
    //if the boxes are set, get the a data
    if (isset($_GET["usea1"])) {
        $A1 = $_GET["a1"];
        $A1S = $_GET["a1s"];