couche de sécu en plus
这个提交包含在:
父节点
72037a668b
当前提交
34b2dbbe03
共有 2 个文件被更改,包括 55 次插入 和 50 次删除
|
@ -9,32 +9,34 @@ $req = $db->query("SELECT * FROM enigma WHERE id = 1");
|
|||
$r = $req -> fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
if(isset($_POST['send'])) {
|
||||
if(isset($_POST['answer']) AND !empty($_POST['answer'])) {
|
||||
$ans = htmlspecialchars($_POST['answer']);
|
||||
$req = $db->prepare("UPDATE enigma SET answer = ? WHERE id = 1");
|
||||
$req->execute(array($ans));
|
||||
}
|
||||
if(isset($_POST['points']) AND !empty($_POST['points'])) {
|
||||
$point = (int) htmlspecialchars($_POST['points']);
|
||||
$req = $db->prepare("UPDATE enigma SET point = ? WHERE id = 1");
|
||||
$req->execute(array($point));
|
||||
}
|
||||
if(isset($_POST['team']) AND !empty($_POST['team'])) {
|
||||
switch (htmlspecialchars($_POST['team'])) {
|
||||
case "t":
|
||||
$t_int = NULL;
|
||||
break;
|
||||
case "t0":
|
||||
$t_int = 0;
|
||||
break;
|
||||
case "t1":
|
||||
$t_int = 1;
|
||||
break;
|
||||
if($user['perm'] >= 2) {
|
||||
if(isset($_POST['answer']) AND !empty($_POST['answer'])) {
|
||||
$ans = htmlspecialchars($_POST['answer']);
|
||||
$req = $db->prepare("UPDATE enigma SET answer = ? WHERE id = 1");
|
||||
$req->execute(array($ans));
|
||||
}
|
||||
$req = $db->prepare("UPDATE enigma SET team = ? WHERE id = 1");
|
||||
$req->execute(array($t_int));
|
||||
if(isset($_POST['points']) AND !empty($_POST['points'])) {
|
||||
$point = (int) htmlspecialchars($_POST['points']);
|
||||
$req = $db->prepare("UPDATE enigma SET point = ? WHERE id = 1");
|
||||
$req->execute(array($point));
|
||||
}
|
||||
if(isset($_POST['team']) AND !empty($_POST['team'])) {
|
||||
switch (htmlspecialchars($_POST['team'])) {
|
||||
case "t":
|
||||
$t_int = NULL;
|
||||
break;
|
||||
case "t0":
|
||||
$t_int = 0;
|
||||
break;
|
||||
case "t1":
|
||||
$t_int = 1;
|
||||
break;
|
||||
}
|
||||
$req = $db->prepare("UPDATE enigma SET team = ? WHERE id = 1");
|
||||
$req->execute(array($t_int));
|
||||
}
|
||||
header('Refresh:0');
|
||||
}
|
||||
header('Refresh:0');
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
|
|
|
@ -19,35 +19,38 @@ if(isset($_GET['del']) AND !empty(['del']))
|
|||
|
||||
if(isset($_POST['send'])) {
|
||||
if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['mdp']) AND !empty($_POST['mdp']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {
|
||||
$pseudo = htmlspecialchars($_POST['pseudo']);
|
||||
$mdp = htmlspecialchars($_POST['mdp']);
|
||||
$perm = htmlspecialchars($_POST['perm']);
|
||||
|
||||
switch ($perm) {
|
||||
case "v0":
|
||||
$perm_int = 0;
|
||||
break;
|
||||
case "v1":
|
||||
$perm_int = 1;
|
||||
break;
|
||||
case "v2":
|
||||
$perm_int = 2;
|
||||
break;
|
||||
}
|
||||
if($user['perm'] >= 2) {
|
||||
$pseudo = htmlspecialchars($_POST['pseudo']);
|
||||
$mdp = htmlspecialchars($_POST['mdp']);
|
||||
$perm = htmlspecialchars($_POST['perm']);
|
||||
|
||||
if(strlen($pseudo) <= 50) {
|
||||
$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
|
||||
$req->execute(array($pseudo));
|
||||
$pseudo_exist = $req->rowCount();
|
||||
if ($pseudo_exist == 0) {
|
||||
$req = $db->prepare("INSERT INTO admin(pseudo, mdp, perm) VALUES(?, ?, ?)");
|
||||
$req->execute(array($pseudo, password_hash($mdp, PASSWORD_DEFAULT), $perm_int));
|
||||
header('refresh:0');
|
||||
} else {
|
||||
$error = "pseudo déja utilisé";
|
||||
switch ($perm) {
|
||||
case "v0":
|
||||
$perm_int = 0;
|
||||
break;
|
||||
case "v1":
|
||||
$perm_int = 1;
|
||||
break;
|
||||
case "v2":
|
||||
$perm_int = 2;
|
||||
break;
|
||||
}
|
||||
|
||||
if(strlen($pseudo) <= 50) {
|
||||
$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
|
||||
$req->execute(array($pseudo));
|
||||
$pseudo_exist = $req->rowCount();
|
||||
if ($pseudo_exist == 0) {
|
||||
$req = $db->prepare("INSERT INTO admin(pseudo, mdp, perm) VALUES(?, ?, ?)");
|
||||
$req->execute(array($pseudo, password_hash($mdp, PASSWORD_DEFAULT), $perm_int));
|
||||
header('refresh:0');
|
||||
} else {
|
||||
$error = "pseudo déja utilisé";
|
||||
}
|
||||
} else {
|
||||
$error = "le pseudo ne doit pas dépasser 50 char";
|
||||
}
|
||||
} else {
|
||||
$error = "le pseudo ne doit pas dépasser 50 char";
|
||||
}
|
||||
} else {
|
||||
$error = "Tout les champs doivent être complétés";
|
||||
|
|
正在加载…
在新工单中引用