xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: sanitization of username in session where used directly in queries

Browse Source
This commit is contained in:
Martin Ambrus
2017-10-17 13:18:26 +02:00
parent ac5d3538f8
commit ee467fe734
3 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
GameEngine/Session.php
+7 -6
View File
@@ -85,17 +85,18 @@ class Session {
$this->logged_in = true;
$_SESSION['sessid'] = $generator->generateRandID();
$_SESSION['username'] = $user;
$user_sanitized = $database->escape($user);
$_SESSION['checker'] = $generator->generateRandStr(3);
$_SESSION['mchecker'] = $generator->generateRandStr(5);
$_SESSION['qst'] = $database->getUserField($_SESSION['username'], "quest", 1);
$result = mysqli_query($GLOBALS['link'],"SELECT village_select FROM `". TB_PREFIX."users` WHERE `username`='".$_SESSION['username']."'");
$_SESSION['qst'] = $database->getUserField($user_sanitized, "quest", 1);
$result = mysqli_query($GLOBALS['link'],"SELECT village_select FROM `". TB_PREFIX."users` WHERE `username`='".$user_sanitized."'");
$dbarray = mysqli_fetch_assoc($result);
$selected_village=$dbarray['village_select'];
if(!isset($_SESSION['wid'])) {
if($selected_village!='') {
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = '.$selected_village);
}else{
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($_SESSION['username'], "id", 1) . ' LIMIT 1');
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1');
}
$data = mysqli_fetch_assoc($query);
$_SESSION['wid'] = $data['wref'];
@@ -104,7 +105,7 @@ class Session {
if($selected_village!='') {
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = '.$selected_village);
}else{
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($_SESSION['username'], "id", 1) . ' LIMIT 1');
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1');
}
$data = mysqli_fetch_assoc($query);
$_SESSION['wid'] = $data['wref'];
@@ -112,8 +113,8 @@ class Session {
$this->PopulateVar();
$logging->addLoginLog($this->uid, $_SERVER['REMOTE_ADDR']);
$database->addActiveUser($_SESSION['username'], $this->time);
$database->updateUserField($_SESSION['username'], "sessid", $_SESSION['sessid'], 0);
$database->addActiveUser($user_sanitized, $this->time);
$database->updateUserField($user_sanitized, "sessid", $_SESSION['sessid'], 0);
header("Location: dorf1.php");
}