...

author Alexander Schmidt <alex@treefish.org>

Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)

committer Alexander Schmidt <alex@treefish.org>

Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)
author Alexander Schmidt <alex@treefish.org>
Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)
committer Alexander Schmidt <alex@treefish.org>
Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)
diff --git a/include/common.inc b/include/common.inc

index 38de0137e7843fe84a0c9e197d2b1a7bd8d43590..4b1a17a8ffd441f738d00db33b8b5bdc4524a779 100644 (file)
--- a/include/common.inc
+++ b/include/common.inc
@@ -1,7 +1,13 @@
  <?php
  <?php
-  function block($color, $text) {
-    print "<table bgcolor=\" $color \">";
-      print "<tr><th><b><font color=\"white\"> $text </font></b></th><tr>";
-    print "</table>";
+  if( ! isset($COMMON_H)) {
+
+    $COMMON_H = 1;
+
+    function block($color, $text) {
+      print "<table bgcolor=\" $color \">";
+        print "<tr><th><b><font color=\"white\"> $text </font></b></th><tr>";
+      print "</table>";
+    }
+
    }
  ?>
    }
  ?>
diff --git a/include/usercheck.inc b/include/usercheck.inc

index 27cecff3fa2f1aacef9d623b08d2480645a53031..26ab85111b161450124d15266ea3dff67a1c18ac 100644 (file)
--- a/include/usercheck.inc
+++ b/include/usercheck.inc
@@ -1,9 +1,16 @@
  <?php
  <?php
+
    require 'db.inc';
    require 'db.inc';
+  require 'common.inc';
  
    $mnumber = $_POST['mnumber'];
    $password = $_POST['password'];
  
  
    $mnumber = $_POST['mnumber'];
    $password = $_POST['password'];
  
+  if(! is_numeric($mnumber)) {
+    block("red", "Matr.nummer has to be numeric!");
+    exit;
+  }
+
    if($db->query("SELECT COUNT(*) FROM students WHERE mnumber = $mnumber")->fetch(PDO::FETCH_NUM)[0] == 0) {
      print '<table bgcolor="red">';
        print '<tr><th><b><font color="white">Mat.nummer not found</font></b></th><tr>';
    if($db->query("SELECT COUNT(*) FROM students WHERE mnumber = $mnumber")->fetch(PDO::FETCH_NUM)[0] == 0) {
      print '<table bgcolor="red">';
        print '<tr><th><b><font color="white">Mat.nummer not found</font></b></th><tr>';
diff --git a/register.php b/register.php

index fc6eb4bc170ac8d5b885751234c038aee8f2c2e0..e63872b2e6a4f833d8ccac036198cbd24e4ae92e 100644 (file)
--- a/register.php
+++ b/register.php
@@ -1,6 +1,8 @@
  <?php
  require 'include/head.inc';
  require 'include/prefs.inc';
  <?php
  require 'include/head.inc';
  require 'include/prefs.inc';
+require 'include/common.inc';
+
  
  if(isset($_POST['submit']) && $_POST['firstname']!="" && $_POST['lastname']!="" 
                            && $_POST['mnumber']!="" && $_POST['email']!="" && $_POST['password']!="")
  
  if(isset($_POST['submit']) && $_POST['firstname']!="" && $_POST['lastname']!="" 
                            && $_POST['mnumber']!="" && $_POST['email']!="" && $_POST['password']!="")
@@ -11,6 +13,11 @@ if(isset($_POST['submit']) && $_POST['firstname']!="" && $_POST['lastname']!=""
    $email = $_POST['email'];
    $password = $_POST['password'];
  
    $email = $_POST['email'];
    $password = $_POST['password'];
  
+  if( ! is_numeric($mnumber) ) {
+    block("red", "Mat.nummer has to be numeric!");
+    exit;
+  }
+
    require 'include/db.inc';
  
    // user already exists //
    require 'include/db.inc';
  
    // user already exists //
author	Alexander Schmidt <alex@treefish.org>
	Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)
committer	Alexander Schmidt <alex@treefish.org>
	Mon, 1 Oct 2012 15:28:58 +0000 (17:28 +0200)
include/common.inc		patch \| blob \| history
include/usercheck.inc		patch \| blob \| history
register.php		patch \| blob \| history