diff --git a/connect.php b/connect.php index 1c61e92..538d898 100644 --- a/connect.php +++ b/connect.php @@ -18,7 +18,8 @@ } // Connect to session - session_start(); + session_start(); + session_regenerate_id(true); // Check Login function logged_in() { diff --git a/guestbook.php b/guestbook.php index 5cc2e59..7edf2d7 100644 --- a/guestbook.php +++ b/guestbook.php @@ -13,13 +13,15 @@ if(isset($_POST['entry']) && $_POST['entry'] != "") { $id = $_SESSION['userid']; - $entry = $_POST['entry']; + $entry = filter_input(INPUT_POST, 'entry', FILTER_SANITIZE_SPECIAL_CHARS); //$_POST['entry']; $query = "select * from `users` where `id` = '$id' LIMIT 1"; $result = $db->query($query); if ($row = $result->fetch_assoc()) { $username = $row['username']; } - $query = "INSERT INTO `guestbook` (`username`, `entry`) VALUES ('$username', '$entry');"; + + + $query = "INSERT INTO `guestbook` (`username`, `entry`) VALUES ('" . $db->real_escape_string($username) . "', '" . $db->real_escape_string($entry) . "');"; $result = $db->query($query); $db->commit(); print('
diff --git a/index.php b/index.php index 6ec7e10..e68985c 100644 --- a/index.php +++ b/index.php @@ -1,8 +1,10 @@ "); include "connect.php"; + + +echo(""); include "head.php"; echo(""); @@ -25,10 +27,10 @@ @@ -37,8 +39,14 @@ '); -if (isset($_GET['site']) && $_GET['site'] != "") { - include $_GET['site']; +$allowed_pages = [ + 'guestbook', + 'login', + 'logout' +]; + +if (isset($_GET['site']) && $_GET['site'] != "" && in_array( $_GET['site'], $allowed_pages) ) { + require $_GET['site'] . '.php'; } else { $description = nl2br(file_get_contents("README.md")); echo(' diff --git a/login.php b/login.php index 0dce5fc..2deca39 100644 --- a/login.php +++ b/login.php @@ -2,7 +2,8 @@ function login($username, $password) { global $db; - $query = "select `id` from `users` where `username` = '$username' AND `password` = '$password'"; + $query = "select `id` from `users` where `username` = '" . $db->real_escape_string($username) . "' AND `password` = '" . $db->real_escape_string($password) . "';"; + $result = $db->query($query); if ($result->num_rows > 0 && $row = $result->fetch_assoc()) { $_SESSION['logged_in'] = true; @@ -32,7 +33,7 @@ function login($username, $password) {

Private Area

Hey ' . $username . '. Nice to have you here!

- Logout + Logout

diff --git a/setup/setup.sh b/setup/setup.sh index b0cf1b7..1db0251 100755 --- a/setup/setup.sh +++ b/setup/setup.sh @@ -2,5 +2,5 @@ echo "Setting up database" mysql --user=che --password=che < create_db.sql - +rm create_db.sql echo "Finished..." \ No newline at end of file