Skip to content

Commit

Permalink
use prepared statements to prevents sql injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@GoldDominik893
GoldDominik893 committed Jan 28, 2024
1 parent 5bc6747 commit d395a0b
Show file tree
Hide file tree
Showing 11 changed files with 283 additions and 214 deletions.
54 changes: 28 additions & 26 deletions auth/#sql.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,35 +7,37 @@

include('../config.php');

if ($usr&&$pw)
if ($usr && $pw)
{
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$usr."'");
$numrows = mysqli_num_rows($query);
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $usr);
$stmt->execute();
$result = $stmt->get_result();

while ($row = mysqli_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
$dbsalt1 = $row['salt1'];
$dbsalt2 = $row['salt2'];
$hashsaltusergivenpassword = hash('sha512', $dbsalt1 . $pw . $dbsalt2);
}
if ($usr==$dbusername&&$hashsaltusergivenpassword==$dbpassword)
{
$_SESSION['logged_in_user'] = $usr;
$_SESSION['hashed_pass'] = $dbpassword;
header("refresh:0;url=/");
}
else {
echo "<h2>Invalid User or Password</h2>";
}
while ($row = $result->fetch_assoc())
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
$dbsalt1 = $row['salt1'];
$dbsalt2 = $row['salt2'];
$hashsaltusergivenpassword = hash('sha512', $dbsalt1 . $pw . $dbsalt2);
}

die();
}
if ($usr == $dbusername && $hashsaltusergivenpassword == $dbpassword)
{
$_SESSION['logged_in_user'] = $usr;
$_SESSION['hashed_pass'] = $dbpassword;
header("refresh:0;url=/");
}
else {
echo "<h2>Invalid User or Password</h2>";
}

die();
}
?>
14 changes: 8 additions & 6 deletions auth/#sql.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,18 @@ function getName($n) {
die("Connection failed: " . $conn->connect_error);
}

$select = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_POST['name']."'");
if(mysqli_num_rows($select)) {
$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $_POST['name']);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows) {
header( "refresh:2;url=#.html" );
exit('<h2>This username already exists</h2>');
}

$sql = "INSERT INTO login (username, password, salt1, salt2, videoshadow)
VALUES ('$usr', '$pw', '$salt1', '$salt2', 'on')";

if ($conn->query($sql) === TRUE) {
$stmt = $conn->prepare("INSERT INTO login (username, password, salt1, salt2, videoshadow) VALUES (?, ?, ?, ?, 'on')");
$stmt->bind_param("ssss", $usr, $pw, $salt1, $salt2);
if ($stmt->execute() === TRUE) {
echo "<h2>Welcome $usr. Redirecting Soon...</h2>";
$_SESSION['logged_in_user'] = $usr;
$_SESSION['hashed_pass'] = $pw;
Expand Down
61 changes: 33 additions & 28 deletions channel/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,21 @@
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'");
$numrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_assoc($query))
$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $_SESSION['logged_in_user']);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc())
{
$pwrow = $row['password'];
}
if ($_SESSION['hashed_pass'] == $pwrow) {
} else {
session_destroy();
}
} else {
session_destroy();
}
} else {
session_destroy();
}

if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on')
$link = "https";
Expand All @@ -43,27 +45,29 @@

<?php
if ($useSQL == true) {
$dbsenduser = $_SESSION['logged_in_user'];
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_SESSION['logged_in_user']))
{
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'");
$numrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_assoc($query))
{
$themerow = $row['theme'];
$regionrow = $row['region'];
}
$row = mysqli_fetch_assoc($query);
$numrows = mysqli_num_rows($query);
}
$dbsenduser = $_SESSION['logged_in_user'];
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_SESSION['logged_in_user']))
{
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $_SESSION['logged_in_user']);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc())
{
$themerow = $row['theme'];
$regionrow = $row['region'];
$loadcomments = $row['loadcomments'];
$userproxysetting = $row['proxy'];
$playerrow = $row['player'];
}
if(strcmp($themerow, 'blue') == 0)
{
echo '<link rel="stylesheet" href="../styles/homeblue.css">';
Expand All @@ -77,7 +81,8 @@
} else {
echo '<link rel="stylesheet" href="../styles/home'.$defaultTheme.'.css">';
}
?>
}
?>
<body>
<div class="w3-sidebar w3-bar-block w3-collapse w3-card sidebar" style="width:55px;" id="mySidebar">
<button class="w3-bar-item w3-button w3-large w3-hide-large" onclick="w3_close()">&times;</button>
Expand Down
45 changes: 27 additions & 18 deletions history.php
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,27 @@
<?php
session_start();
include('config.php');
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'");
$numrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_assoc($query))
{
$pwrow = $row['password'];
}
if ($_SESSION['hashed_pass'] == $pwrow) {

if ($useSQL == true) {
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $_SESSION['logged_in_user']);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc())
{
$pwrow = $row['password'];
}
if ($_SESSION['hashed_pass'] == $pwrow) {
} else {
session_destroy();
}
} else {
session_destroy();
}
?>
<!DOCTYPE HTML>
<html>
Expand All @@ -25,7 +32,7 @@
<link rel="stylesheet" href="/styles/-bootstrap.min.css">
<link rel="stylesheet" href="/styles/-googlesymbols.css">

<?php
<?php
$dbsenduser = $_SESSION['logged_in_user'];
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
Expand All @@ -37,14 +44,16 @@
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'");
$numrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_assoc($query))
$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $_SESSION['logged_in_user']);
$stmt->execute();
$result = $stmt->get_result();
$numrows = $result->num_rows;
while ($row = $result->fetch_assoc())
{
$themerow = $row['theme'];
}
$row = mysqli_fetch_assoc($query);
$numrows = mysqli_num_rows($query);
$numrows = $result->num_rows;
}
if(strcmp($themerow, 'blue') == 0)
{
Expand All @@ -56,7 +65,7 @@
{
echo '<link rel="stylesheet" href="../styles/player'.$defaultTheme.'.css">';
}
?>
?>

<body>
<div class="w3-sidebar w3-bar-block w3-collapse w3-card sidebar" style="width:55px;" id="mySidebar">
Expand Down
66 changes: 36 additions & 30 deletions index.php
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,27 @@
<?php
session_start();
include('config.php');
session_start();

if ($useSQL == true) {
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'");
$numrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_assoc($query))
$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $_SESSION['logged_in_user']);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc())
{
$pwrow = $row['password'];
}
if ($_SESSION['hashed_pass'] == $pwrow) {
} else {
session_destroy();
}
} else {
session_destroy();
}
} else {
session_destroy();
}

$keyword = $_POST['keyword'] ?? "";
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on')
Expand All @@ -43,27 +45,29 @@

<?php
if ($useSQL == true) {
$dbsenduser = $_SESSION['logged_in_user'];
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_SESSION['logged_in_user']))
{
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'");
$numrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_assoc($query))
{
$themerow = $row['theme'];
$regionrow = $row['region'];
}
$row = mysqli_fetch_assoc($query);
$numrows = mysqli_num_rows($query);
}
$dbsenduser = $_SESSION['logged_in_user'];
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_SESSION['logged_in_user']))
{
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?");
$stmt->bind_param("s", $_SESSION['logged_in_user']);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc())
{
$themerow = $row['theme'];
$regionrow = $row['region'];
$loadcomments = $row['loadcomments'];
$userproxysetting = $row['proxy'];
$playerrow = $row['player'];
}
if(strcmp($themerow, 'blue') == 0)
{
echo '<link rel="stylesheet" href="../styles/homeblue.css">';
Expand All @@ -76,7 +80,9 @@
}
} else {
echo '<link rel="stylesheet" href="../styles/home'.$defaultTheme.'.css">';
}?>
}
}
?>
<body>


Expand Down Expand Up @@ -287,7 +293,7 @@
</div>
</div>
<br><div class="videos-data-container footer w3-animate-left">
Liberatube Version 1.8 beta · Licensed under AGPLv3 on GitHub · Credits: Dominic Wajda (GoldDominik893).<br>
Liberatube Version 1.8 · Licensed under AGPLv3 on GitHub · Credits: Dominic Wajda (GoldDominik893).<br>
This website is optimised for mobile users and does not collect any user data apart from<br> watch history which doesn't exist yet and you will be able to turn it off when logged in.
<br><a href="https://matrix.to/#/#libreratube:matrix.org">Join the Matrix</a> <a href="https://discord.gg/z4cCk5c5Zj">or discord</a> · <a href="https://invidious.io">Invidious</a> · <a href="https://github.com/GoldDominik893/liberatube">GitHub</a> · <a href="/donate.html">Donate to the Liberatube project</a><br>
Have you noticed a bug or want to see a new feature? <a href="https://github.com/GoldDominik893/liberatube/issues">Open and issue on GitHub</a>
Expand Down
Loading

0 comments on commit d395a0b

Please # to comment.