Skip to content
Snippets Groups Projects
Commit a2eea3da authored by Sibidharan's avatar Sibidharan :speech_balloon:
Browse files

Fixing mysql injection attacks

parent 8339ebc2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
api/REST.api.php
+ 2
0
View file @ a2eea3da
<?php
require_once($_SERVER['DOCUMENT_ROOT']."/api/lib/Database.class.php");
class REST {
public $_allow = array();
......@@ -103,6 +104,7 @@
}else{
$data = trim(stripslashes($data));
$data = strip_tags($data);
$data = mysqli_real_escape_string(Database::getConnection(), $data);
$clean_input = trim($data);
}
return $clean_input;
......
api/index.php
+ 1
2
View file @ a2eea3da
......@@ -52,8 +52,7 @@ class API extends REST {
$st = microtime(true);
if(isset($this->_request['pass'])){
$cost = (int)$this->_request['cost'];
$s = new Signup("", $this->_request['pass'], "");
$hash = $s->hashPassword($cost);
$hash = password_hash($this->_request['pass'], PASSWORD_BCRYPT);
$data = [
"hash" => $hash,
"info" => password_get_info($hash),
......
verify.php
+ 2
1
View file @ a2eea3da
<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/api/lib/Signup.class.php';
require_once($_SERVER['DOCUMENT_ROOT']."/api/lib/Database.class.php");
$token = $_GET['token'];
$token = mysqli_real_escape_string(Database::getConnection(), $_GET['token']);
try{
if(Signup::verifyAccount($token)){
?>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment