From 0e76ed638633fe9e83e67d8aebe1a269c4203d28 Mon Sep 17 00:00:00 2001 From: kaetemi Date: Sat, 6 Sep 2014 01:40:37 +0200 Subject: [PATCH] Protect shard admin auth SQL queries --- code/web/public_php/admin/functions_auth.php | 10 +++++----- code/web/public_php/admin/functions_mysqli.php | 4 ++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/code/web/public_php/admin/functions_auth.php b/code/web/public_php/admin/functions_auth.php index fcc53ed6a..b56a12064 100644 --- a/code/web/public_php/admin/functions_auth.php +++ b/code/web/public_php/admin/functions_auth.php @@ -8,7 +8,7 @@ { global $db; - $sql = "UPDATE ". NELDB_USER_TABLE ." SET user_logged_count=user_logged_count+1,user_logged_last=". time() ." WHERE user_id=". $user_id; + $sql = "UPDATE ". NELDB_USER_TABLE ." SET user_logged_count=user_logged_count+1,user_logged_last=". time() ." WHERE user_id=". (int)$user_id; $db->sql_query($sql); } @@ -18,7 +18,7 @@ $data = null; - $sql = "SELECT * FROM ". NELDB_USER_TABLE ." LEFT JOIN ". NELDB_GROUP_TABLE ." ON (user_group_id=group_id) WHERE user_id=". $nelid; + $sql = "SELECT * FROM ". NELDB_USER_TABLE ." LEFT JOIN ". NELDB_GROUP_TABLE ." ON (user_group_id=group_id) WHERE user_id=". (int)$nelid; if ($result = $db->sql_query($sql)) { if ($db->sql_numrows($result)) @@ -34,7 +34,7 @@ { global $db; - $sql = "SELECT user_name FROM ". NELDB_USER_TABLE ." WHERE user_id=". $group_id; + $sql = "SELECT user_name FROM ". NELDB_USER_TABLE ." WHERE user_id=". (int)$group_id; if ($result = $db->sql_query($sql)) { if ($db->sql_numrows($result)) @@ -53,7 +53,7 @@ $data = null; - $user = trim($user); + $user = $db->sql_escape_string(trim($user)); $passwd = md5(trim($passwd)); $sql = "SELECT * FROM ". NELDB_USER_TABLE ." LEFT JOIN ". NELDB_GROUP_TABLE ." ON (user_group_id=group_id) WHERE user_name='". $user ."' AND user_password='". $passwd ."' AND user_active=1 AND group_active=1"; @@ -120,4 +120,4 @@ unset($NELTOOL['SESSION_VARS'][$name]); } -?> \ No newline at end of file +?> diff --git a/code/web/public_php/admin/functions_mysqli.php b/code/web/public_php/admin/functions_mysqli.php index da455eb79..8cc2737c3 100644 --- a/code/web/public_php/admin/functions_mysqli.php +++ b/code/web/public_php/admin/functions_mysqli.php @@ -251,6 +251,10 @@ class sql_db return false; } } + function sql_escape_string($str) + { + return mysqli_real_escape_string($this->db_connect_id, $str); + } function sql_error($query_id = 0) { $result["message"] = mysqli_error($this->db_connect_id);