private function renderResult() { $mat_no = $_POST['mat_no']; if (!ctype_alnum($mat_no)) { $this->renderError('Matriculation number contains non-alphanumerical characters'); return; } $project_id = $_POST['project_id']; if (!ctype_digit($project_id)) { $this->renderError('Project-id invalid'); return; } $pwd = $_POST['password']; if (!$pwd) { $this->renderError('Password empty'); return; } $result_str = 'No results for this combination of matriculation number and password found.'; if (preg_match(PasswordGenerator::$passwordCharacterRegExp, $pwd)) { //If not, we dont query the database, but we won't tell the intruder either $db = Database::getInstance(); $data = $db->getResultDataByMatNo($project_id, $mat_no); $crypt = new CryptProxy($data['crypt_module'], $project_id, $data['member_id']); $decrypted_result = $crypt->decryptResult($data['result'], $data['crypt_data'], $pwd); if ($decrypted_result) { $result_str = sprintf('<div class="result">%s</div>', $decrypted_result); } } $this->renderNote($result_str, sprintf('Results for matriculation number %s:', $mat_no)); }
private function renderResult() { $mat_no = $_POST['mat_no']; if (!ctype_alnum($mat_no)) { $this->renderError(Messages::getString('StartPage.MatNoInvalid')); return; } $project_id = $_POST['project_id']; if (!ctype_digit($project_id)) { $this->renderError(Messages::getString('StartPage.ProjectIdInvalid')); return; } $pwd = $_POST['password']; if (!$pwd) { $this->renderError(Messages::getString('StartPage.PasswordEmpty')); return; } $result_str = Messages::getString('StartPage.NoResultsFound'); if (preg_match(PasswordGenerator::$passwordCharacterRegExp, $pwd)) { //If not, we dont query the database, but we won't tell the intruder either $db = Database::getInstance(); if (!$db->accessOpen($project_id)) { $this->renderError(Messages::getString('StartPage.NoAccessOpen')); return; } $data = $db->getResultDataByMatNo($project_id, $mat_no); $crypt = new CryptProxy($data['crypt_module'], $project_id, $data['member_id']); $decrypted_result = $crypt->decryptResult($data['result'], $data['crypt_data'], $pwd); if ($decrypted_result) { $result_str = sprintf('<div class="result">%s</div>', $decrypted_result); } } $this->renderBackNote($result_str, sprintf(Messages::getString('StartPage.Results'), $mat_no)); }