iset3
/
projetphp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add php input rules

This commit is contained in:
adri 2018-12-30 20:04:09 +01:00
parent ac113b3b13
commit ec58273211
1 changed files with 27 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
post.php
View File

@ -9,31 +9,33 @@ try {
}
//UPDATE `projetphp` SET `security_level` = '6' WHERE `projetphp`.`login` = 'aaazzze';
if(isset($_POST["updatePW"], $_POST["datene"], $_POST["email"], $_POST["pw"], $_POST["sl"], $_POST["login"]))
if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "true")
{
$req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `mot_de_passe` = :pw, `security_level` = :sl WHERE `projetphp`.`login` = :login');
$req->execute(array(
'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')),
'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
));
$ret["return"] = true;
$ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8'));
}
else
{
$req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `security_level` = :sl WHERE `projetphp`.`login` = :login');
$req->execute(array(
'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
));
$ret["return"] = true;
$ret["pw"] = htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8');
}
if(preg_match('/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/', $_POST["email"]))
if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "true" && preg_match('/^[a-z]{8,16}$/',$_POST["pw"]))
{
$req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `mot_de_passe` = :pw, `security_level` = :sl WHERE `projetphp`.`login` = :login');
$req->execute(array(
'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')),
'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
));
$ret["return"] = true;
$ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8'));
}
else if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "false")
{
$req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `security_level` = :sl WHERE `projetphp`.`login` = :login');
$req->execute(array(
'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
));
$ret["return"] = true;
$ret["pw"] = htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8');
}
else;
else;
echo json_encode((object)$ret);