...

[banana.git] / include / usercheck.inc

diff --git a/include/usercheck.inc b/include/usercheck.inc
index 27cecff3fa2f1aacef9d623b08d2480645a53031..26ab85111b161450124d15266ea3dff67a1c18ac 100644 (file)
--- a/include/usercheck.inc
+++ b/include/usercheck.inc
@@ -1,9 +1,16 @@
 <?php
+
   require 'db.inc';
+  require 'common.inc';
 
   $mnumber = $_POST['mnumber'];
   $password = $_POST['password'];
 
+  if(! is_numeric($mnumber)) {
+    block("red", "Matr.nummer has to be numeric!");
+    exit;
+  }
+
   if($db->query("SELECT COUNT(*) FROM students WHERE mnumber = $mnumber")->fetch(PDO::FETCH_NUM)[0] == 0) {
     print '<table bgcolor="red">';
       print '<tr><th><b><font color="white">Mat.nummer not found</font></b></th><tr>';