]> git.treefish.org Git - banana.git/commitdiff
projects / banana.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: da4d58f)
...
authorAlexander Schmidt <alex@treefish.org>
Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)
committerAlexander Schmidt <alex@treefish.org>
Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)
include/common.inc patch | blob | history
include/usercheck.inc patch | blob | history
register.php patch | blob | history

diff --git a/include/common.inc b/include/common.inc
index 38de0137e7843fe84a0c9e197d2b1a7bd8d43590..4b1a17a8ffd441f738d00db33b8b5bdc4524a779 100644 (file)
--- a/include/common.inc
+++ b/include/common.inc
@@ -1,7 +1,13 @@
 <?php
-  function block($color, $text) {
-    print "<table bgcolor=\" $color \">";
-      print "<tr><th><b><font color=\"white\"> $text </font></b></th><tr>";
-    print "</table>";
+  if( ! isset($COMMON_H)) {
+
+    $COMMON_H = 1;
+
+    function block($color, $text) {
+      print "<table bgcolor=\" $color \">";
+        print "<tr><th><b><font color=\"white\"> $text </font></b></th><tr>";
+      print "</table>";
+    }
+
   }
 ?>
diff --git a/include/usercheck.inc b/include/usercheck.inc
index 27cecff3fa2f1aacef9d623b08d2480645a53031..26ab85111b161450124d15266ea3dff67a1c18ac 100644 (file)
--- a/include/usercheck.inc
+++ b/include/usercheck.inc
@@ -1,9 +1,16 @@
 <?php
+
   require 'db.inc';
+  require 'common.inc';
 
   $mnumber = $_POST['mnumber'];
   $password = $_POST['password'];
 
+  if(! is_numeric($mnumber)) {
+    block("red", "Matr.nummer has to be numeric!");
+    exit;
+  }
+
   if($db->query("SELECT COUNT(*) FROM students WHERE mnumber = $mnumber")->fetch(PDO::FETCH_NUM)[0] == 0) {
     print '<table bgcolor="red">';
       print '<tr><th><b><font color="white">Mat.nummer not found</font></b></th><tr>';
diff --git a/register.php b/register.php
index fc6eb4bc170ac8d5b885751234c038aee8f2c2e0..e63872b2e6a4f833d8ccac036198cbd24e4ae92e 100644 (file)
--- a/register.php
+++ b/register.php
@@ -1,6 +1,8 @@
 <?php
 require 'include/head.inc';
 require 'include/prefs.inc';
+require 'include/common.inc';
+
 
 if(isset($_POST['submit']) && $_POST['firstname']!="" && $_POST['lastname']!="" 
                           && $_POST['mnumber']!="" && $_POST['email']!="" && $_POST['password']!="")
@@ -11,6 +13,11 @@ if(isset($_POST['submit']) && $_POST['firstname']!="" && $_POST['lastname']!=""
   $email = $_POST['email'];
   $password = $_POST['password'];
 
+  if( ! is_numeric($mnumber) ) {
+    block("red", "Mat.nummer has to be numeric!");
+    exit;
+  }
+
   require 'include/db.inc';
 
   // user already exists //
The free university-exercise-management-system for everybody.