diff --git a/auth/loginsql.php b/auth/loginsql.php index b550ecd..0aba4bd 100644 --- a/auth/loginsql.php +++ b/auth/loginsql.php @@ -7,35 +7,37 @@ include('../config.php'); -if ($usr&&$pw) +if ($usr && $pw) { -$conn = new mysqli($servername, $username, $password, $dbname); -if ($conn->connect_error) { - die("Connection failed: " . $conn->connect_error); -} -$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$usr."'"); -$numrows = mysqli_num_rows($query); + $conn = new mysqli($servername, $username, $password, $dbname); + if ($conn->connect_error) { + die("Connection failed: " . $conn->connect_error); + } + $stmt = $conn->prepare("SELECT * FROM login WHERE username = ?"); + $stmt->bind_param("s", $usr); + $stmt->execute(); + $result = $stmt->get_result(); -while ($row = mysqli_fetch_assoc($query)) -{ - $dbusername = $row['username']; - $dbpassword = $row['password']; - $dbsalt1 = $row['salt1']; - $dbsalt2 = $row['salt2']; - $hashsaltusergivenpassword = hash('sha512', $dbsalt1 . $pw . $dbsalt2); -} -if ($usr==$dbusername&&$hashsaltusergivenpassword==$dbpassword) -{ - $_SESSION['logged_in_user'] = $usr; - $_SESSION['hashed_pass'] = $dbpassword; - header("refresh:0;url=/"); -} -else { - echo "

Invalid User or Password

"; -} + while ($row = $result->fetch_assoc()) + { + $dbusername = $row['username']; + $dbpassword = $row['password']; + $dbsalt1 = $row['salt1']; + $dbsalt2 = $row['salt2']; + $hashsaltusergivenpassword = hash('sha512', $dbsalt1 . $pw . $dbsalt2); + } -die(); -} + if ($usr == $dbusername && $hashsaltusergivenpassword == $dbpassword) + { + $_SESSION['logged_in_user'] = $usr; + $_SESSION['hashed_pass'] = $dbpassword; + header("refresh:0;url=/"); + } + else { + echo "

Invalid User or Password

"; + } + die(); +} ?> \ No newline at end of file diff --git a/auth/signupsql.php b/auth/signupsql.php index 2d983fb..3905306 100644 --- a/auth/signupsql.php +++ b/auth/signupsql.php @@ -25,16 +25,18 @@ function getName($n) { die("Connection failed: " . $conn->connect_error); } -$select = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_POST['name']."'"); -if(mysqli_num_rows($select)) { +$stmt = $conn->prepare("SELECT * FROM login WHERE username = ?"); +$stmt->bind_param("s", $_POST['name']); +$stmt->execute(); +$result = $stmt->get_result(); +if($result->num_rows) { header( "refresh:2;url=signup.html" ); exit('

This username already exists

'); } -$sql = "INSERT INTO login (username, password, salt1, salt2, videoshadow) -VALUES ('$usr', '$pw', '$salt1', '$salt2', 'on')"; - -if ($conn->query($sql) === TRUE) { +$stmt = $conn->prepare("INSERT INTO login (username, password, salt1, salt2, videoshadow) VALUES (?, ?, ?, ?, 'on')"); +$stmt->bind_param("ssss", $usr, $pw, $salt1, $salt2); +if ($stmt->execute() === TRUE) { echo "

Welcome $usr. Redirecting Soon...

"; $_SESSION['logged_in_user'] = $usr; $_SESSION['hashed_pass'] = $pw; diff --git a/channel/index.php b/channel/index.php index 823a1d8..97e23a6 100644 --- a/channel/index.php +++ b/channel/index.php @@ -7,19 +7,21 @@ if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } - $query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'"); - $numrows = mysqli_num_rows($query); - while ($row = mysqli_fetch_assoc($query)) + $stmt = $conn->prepare("SELECT * FROM login WHERE username = ?"); + $stmt->bind_param("s", $_SESSION['logged_in_user']); + $stmt->execute(); + $result = $stmt->get_result(); + while ($row = $result->fetch_assoc()) { $pwrow = $row['password']; } if ($_SESSION['hashed_pass'] == $pwrow) { - } else { - session_destroy(); - } } else { session_destroy(); } +} else { + session_destroy(); +} if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') $link = "https"; @@ -43,27 +45,29 @@ connect_error) { - die("Connection failed: " . $conn->connect_error); -} -if (isset($_SESSION['logged_in_user'])) -{ -$conn = new mysqli($servername, $username, $password, $dbname); -if ($conn->connect_error) { - die("Connection failed: " . $conn->connect_error); -} -$query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'"); -$numrows = mysqli_num_rows($query); -while ($row = mysqli_fetch_assoc($query)) -{ - $themerow = $row['theme']; - $regionrow = $row['region']; -} -$row = mysqli_fetch_assoc($query); -$numrows = mysqli_num_rows($query); -} + $dbsenduser = $_SESSION['logged_in_user']; + $conn = new mysqli($servername, $username, $password, $dbname); + if ($conn->connect_error) { + die("Connection failed: " . $conn->connect_error); + } + if (isset($_SESSION['logged_in_user'])) + { + $conn = new mysqli($servername, $username, $password, $dbname); + if ($conn->connect_error) { + die("Connection failed: " . $conn->connect_error); + } + $stmt = $conn->prepare("SELECT * FROM login WHERE username = ?"); + $stmt->bind_param("s", $_SESSION['logged_in_user']); + $stmt->execute(); + $result = $stmt->get_result(); + while ($row = $result->fetch_assoc()) + { + $themerow = $row['theme']; + $regionrow = $row['region']; + $loadcomments = $row['loadcomments']; + $userproxysetting = $row['proxy']; + $playerrow = $row['player']; + } if(strcmp($themerow, 'blue') == 0) { echo ''; @@ -77,7 +81,8 @@ } else { echo ''; } - ?> +} +?>
- Liberatube Version 1.8 beta · Licensed under AGPLv3 on GitHub · Credits: Dominic Wajda (GoldDominik893).
+ Liberatube Version 1.8 · Licensed under AGPLv3 on GitHub · Credits: Dominic Wajda (GoldDominik893).
This website is optimised for mobile users and does not collect any user data apart from
watch history which doesn't exist yet and you will be able to turn it off when logged in.
Join the Matrix or discord · Invidious · GitHub · Donate to the Liberatube project
Have you noticed a bug or want to see a new feature? Open and issue on GitHub diff --git a/playlist/index.php b/playlist/index.php index aa11d52..bdb5174 100644 --- a/playlist/index.php +++ b/playlist/index.php @@ -7,19 +7,21 @@ if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } - $query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'"); - $numrows = mysqli_num_rows($query); - while ($row = mysqli_fetch_assoc($query)) + $stmt = $conn->prepare("SELECT * FROM login WHERE username = ?"); + $stmt->bind_param("s", $_SESSION['logged_in_user']); + $stmt->execute(); + $result = $stmt->get_result(); + while ($row = $result->fetch_assoc()) { $pwrow = $row['password']; } if ($_SESSION['hashed_pass'] == $pwrow) { - } else { - session_destroy(); - } } else { session_destroy(); } +} else { + session_destroy(); +} if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') $link = "https"; @@ -54,15 +56,17 @@ if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } - $query = mysqli_query($conn, "SELECT * FROM login WHERE username = '".$_SESSION['logged_in_user']."'"); - $numrows = mysqli_num_rows($query); - while ($row = mysqli_fetch_assoc($query)) + $stmt = $conn->prepare("SELECT * FROM login WHERE username = ?"); + $stmt->bind_param("s", $_SESSION['logged_in_user']); + $stmt->execute(); + $result = $stmt->get_result(); + while ($row = $result->fetch_assoc()) { $themerow = $row['theme']; $regionrow = $row['region']; - } - $row = mysqli_fetch_assoc($query); - $numrows = mysqli_num_rows($query); + $loadcomments = $row['loadcomments']; + $userproxysetting = $row['proxy']; + $playerrow = $row['player']; } if(strcmp($themerow, 'blue') == 0) { @@ -77,7 +81,8 @@ } else { echo ''; } - ?> +} +?>