function _checkRemembered($cookie) { $arr = unserialize(base64_decode($cookie)); list($username, $token) = $arr; if (!$username or !$token) { return; } /* UNTRUSTED DATA SANITIZATION */ $username = sanatize_username($username); $token = sanatize_username($token); /* END UNTRUSTED DATA SANITIZATION */ $sql = "SELECT * FROM Person WHERE " . "(Username = '******') AND (Token = '{$token}')"; $rs = $this->db->executeQuery($sql); if ($rs->next()) { $this->id = $rs->getCurrentValueByName("PersonID"); $this->username = $rs->getCurrentValueByName("Username"); } }
function display_login() { nav_start_outer("Login", ""); $login_username = sanatize_username($_POST['login_username']); $php_self = $_SERVER['PHP_SELF']; ?> <div id="login" class="centerpiece"> <form name="loginform" method="POST" action="<?php echo $php_self; ?> "> <table> <tr> <td>Username:</td> <td><input type="text" name="login_username" size="30" autocomplete="no" value="<?php echo $login_username; ?> "></td> </tr> <tr> <td>Password:</td> <td colspan="2"><input type="password" name="login_password" size="30" autocomplete="no"> <input type="submit" name="submit_login" value="Log in"> <input type="submit" name="submit_registration" value="Register"></td> </tr> </table> </form> </div> <div class="footer warning"> <?php global $login_error; echo $login_error; ?> </div> <script>document.loginform.login_username.focus();</script> <?php nav_end_outer(); }
<?php require_once "includes/common.php"; global $php_self; global $secret_token; global $form_token; nav_start_outer("Transfer", $secret_token); nav_start_inner(); /* UNTRUSTED DATA SANITIZATION */ $recipient = sanatize_username($_POST['recipient']); /* reflected & used in SQL query */ $submission_status = $_POST['submission']; /* not reflected or stored */ $zoobars = (int) $_POST['zoobars']; /* reflected, cast will sanatize */ /* END UNTRUSTED DATA SANITIZATION */ if ($submission_status && $form_token && $form_token == $secret_token) { $sql = "SELECT Zoobars FROM Person WHERE PersonID={$user->id}"; $rs = $db->executeQuery($sql); $sender_balance = (int) $rs->getValueByNr(0, 0) - $zoobars; $sql = "SELECT PersonID FROM Person WHERE Username='******'"; $rs = $db->executeQuery($sql); $recipient_exists = $rs->getValueByNr(0, 0); if ($zoobars > 0 && $sender_balance >= 0 && $recipient_exists) { $sql = "UPDATE Person SET Zoobars = {$sender_balance} " . "WHERE PersonID={$user->id}"; $db->executeQuery($sql); $sql = "SELECT Zoobars FROM Person WHERE Username='******'"; $rs = $db->executeQuery($sql); $recipient_balance = (int) $rs->getValueByNr(0, 0) + $zoobars; $sql = "UPDATE Person SET Zoobars = {$recipient_balance} " . "WHERE Username='******'"; $db->executeQuery($sql);
<input type="text" name="user" value="<?php echo $selecteduser; ?> " size="10"> <input type="submit" value="View"></nobr> </form> <div id="profileheader"><!-- user data appears here --></div> <?php $sql = "SELECT Profile, Username, Zoobars FROM Person " . "WHERE Username='******'"; $rs = $db->executeQuery($sql); if ($rs->next()) { // Sanitize and display profile list($profile, $username, $zoobars) = $rs->getCurrentValues(); /* UNTRUSTED DATA SANITIZATION */ $zoobars = (int) $zoobars; $username = sanatize_username($username); $profile = prepare_profile_for_output($profile); /* END UNTRUSTED DATA SANITIZATION */ echo "<div class='profilecontainer'><b>Profile</b>"; echo "<p id='profile'>{$profile}</p></div>"; } else { if ($selecteduser) { // user parameter present but user not found echo '<p class="warning" id="baduser">Cannot find that user.</p>'; } } $zoobars = $zoobars > 0 ? $zoobars : 0; echo "<span id='zoobars' class='{$zoobars}'/>"; ?> <script type="text/javascript"> var total = parseInt(document.getElementById('zoobars').className);