diff options
author | Erich Eckner <git@eckner.net> | 2024-11-04 20:16:55 +0100 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2024-11-04 20:16:55 +0100 |
commit | 9197f35b32ea7a218e49588ac167bebd248e8576 (patch) | |
tree | f937c61f8f43f27ef9bbe3b4749337adefaa8770 | |
parent | 242e9fd798b1ed7623f4f004f738d70cb888b15c (diff) | |
download | computer-time-limit-9197f35b32ea7a218e49588ac167bebd248e8576.tar.xz |
php vereinheitlichen, SQL injections verhindern
-rw-r--r-- | computer-time-limit.php | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/computer-time-limit.php b/computer-time-limit.php index 3297f67..acc3135 100644 --- a/computer-time-limit.php +++ b/computer-time-limit.php @@ -90,12 +90,14 @@ if (array_key_exists('msg', $_POST) && array_key_exists('sig', $_POST)) { $von = date('Y-m-d H:i:s', $now); $bis = date('Y-m-d H:i:s', $now + $noch); if (is_null($host)) { + $print_host = 'NULL'; $host = 'NULL'; } else { - $host = '"' . $host . '"'; + $print_host = $host; + $host = 'from_base64("' . base64_encode($host) . '")'; } - log_to_file('to_db ' . $key . ' ' . $host . ' ' . $von . ' ' . $bis); + log_to_file('to_db ' . $key . ' ' . $print_host . ' ' . $von . ' ' . $bis); $db -> exec( 'UPDATE `computer_time`' . ' SET `host`=' . $host . ',' . @@ -113,10 +115,7 @@ if ($is_openmetrics) { print('#HELP computer_time_left Available computer time in seconds.' . "\n"); print('#TYPE computer_time_left gauge' . "\n"); } else { - -?><html><body><table> -<?php - + print('<html><body><table>' . "\n"); } while ($row = $result->fetchArray()) { @@ -141,19 +140,11 @@ while ($row = $result->fetchArray()) { continue; } - ?> <tr><td><?php print($row['name']); ?></td><td><?php - - print(date('Y-m-d H:i:s', $bis)); - print(' ('); - print($noch); - print(')'); + print('<tr><td>' . $row['name'] . '</td><td>' . date('Y-m-d H:i:s', $bis) . ' (' . $noch . ')'); + print('</td><td>' . $row['host'] . '</td></tr>' . "\n"); - ?></td><td><?php print($row['host']); ?></td></tr> -<?php } if (!$is_openmetrics) { - -?></table></body></html><?php - + print ('</table></body></html>' . "\n"); } |