projetphp/post.php

<?php
$ret["return"] = false;
$ret["pw"] = null;
try {
  $config = include('config.php');
  $bdd = new PDO('mysql:host='.$config['host'].';dbname='.$config['dbName'].';charset=utf8', $config['username'], $config['pw']);
} catch (Exception $e) {
  die('Erreur : '.$e->getMessage());
}

//DELETE FROM `projetphp` WHERE `projetphp`.`login` = \'caprout\'
if(isset($_POST["userToDel"]))
{
  $req = $bdd->prepare('DELETE FROM `projetphp` WHERE `projetphp`.`login`=:login');
  $req->execute(array( 'login' => htmlspecialchars($_POST["userToDel"])));
}


//UPDATE `projetphp` SET `security_level` = '6' WHERE `projetphp`.`login` = 'aaazzze';
if(isset($_POST["updatePW"], $_POST["datene"], $_POST["email"], $_POST["pw"], $_POST["sl"], $_POST["login"]))
  if(preg_match('/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/', $_POST["email"]))
    if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "true" && preg_match('/^[a-z]{8,16}$/',$_POST["pw"]))
    {
      $req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `mot_de_passe` = :pw, `security_level` = :sl WHERE `projetphp`.`login` = :login');
      $req->execute(array(
        'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
        'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
        'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')),
        'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
        'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
      ));
      $ret["return"] = true;
      $ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8'));
    }
    else if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "false")
    {
      $req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `security_level` = :sl WHERE `projetphp`.`login` = :login');
      $req->execute(array(
        'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
        'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
        'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
        'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
      ));
      $ret["return"] = true;
      $ret["pw"] = htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8');
    }
  else;
else;

echo json_encode((object)$ret);
?>
fc 2018-12-30 17:41:15 +01:00			`<?php`
			`$ret["return"] = false;`
			`$ret["pw"] = null;`
			`try {`
			`$config = include('config.php');`
			`$bdd = new PDO('mysql:host='.$config['host'].';dbname='.$config['dbName'].';charset=utf8', $config['username'], $config['pw']);`
			`} catch (Exception $e) {`
			`die('Erreur : '.$e->getMessage());`
			`}`
#1 del record 2018-12-30 21:26:55 +01:00
			//DELETE FROM `projetphp` WHERE `projetphp`.`login` = \'caprout\'
			`if(isset($_POST["userToDel"]))`
			`{`
			$req = $bdd->prepare('DELETE FROM `projetphp` WHERE `projetphp`.`login`=:login');
			`$req->execute(array( 'login' => htmlspecialchars($_POST["userToDel"])));`
			`}`


fc 2018-12-30 17:41:15 +01:00			//UPDATE `projetphp` SET `security_level` = '6' WHERE `projetphp`.`login` = 'aaazzze';
			`if(isset($_POST["updatePW"], $_POST["datene"], $_POST["email"], $_POST["pw"], $_POST["sl"], $_POST["login"]))`
add php input rules 2018-12-30 20:04:09 +01:00			`if(preg_match('/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)\|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/', $_POST["email"]))`
			`if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "true" && preg_match('/^[a-z]{8,16}$/',$_POST["pw"]))`
			`{`
			$req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `mot_de_passe` = :pw, `security_level` = :sl WHERE `projetphp`.`login` = :login');
			`$req->execute(array(`
			`'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),`
			`'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),`
			`'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')),`
			`'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),`
			`'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),`
			`));`
			`$ret["return"] = true;`
			`$ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8'));`
			`}`
			`else if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "false")`
			`{`
			$req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `security_level` = :sl WHERE `projetphp`.`login` = :login');
			`$req->execute(array(`
			`'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),`
			`'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),`
			`'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),`
			`'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),`
			`));`
			`$ret["return"] = true;`
			`$ret["pw"] = htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8');`
			`}`
			`else;`
fc 2018-12-30 17:41:15 +01:00			`else;`

			`echo json_encode((object)$ret);`
			`?>`