danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Username should be a prepared variable

Browse Source
This commit is contained in:
Daniel Winzen
2018-12-04 21:23:56 +01:00
parent d0710d3d20
commit c9cddc9f86
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
var/www/html/register.php
View File

@ -108,10 +108,11 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$stmt->execute([$user_id, $onion]);
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);');
$stmt->execute([$user_id, $onion, $priv_key, 2]);
$create_user=$db->prepare("CREATE USER '$onion.onion'@'%' IDENTIFIED BY ?;");
$create_user->execute([$_POST['pass']]);
$create_user=$db->prepare("CREATE USER ?@'%' IDENTIFIED BY ?;");
$create_user->execute(["$onion.onion", $_POST['pass']]);
$db->exec("CREATE DATABASE IF NOT EXISTS `$onion`;");
$db->exec("GRANT ALL PRIVILEGES ON `$onion`.* TO '$onion.onion'@'%';");
$stmt=$db->prepare("GRANT ALL PRIVILEGES ON `$onion`.* TO ?@'%';");
$stmt->execute(["$onion.onion"]);
$db->exec('FLUSH PRIVILEGES;');
$stmt=$db->prepare('INSERT INTO new_account (user_id, password) VALUES (?, ?);');
$stmt->execute([$user_id, get_system_hash($_POST['pass'])]);