summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2024-11-04 20:16:55 +0100
committerErich Eckner <git@eckner.net>2024-11-04 20:16:55 +0100
commit9197f35b32ea7a218e49588ac167bebd248e8576 (patch)
treef937c61f8f43f27ef9bbe3b4749337adefaa8770
parent242e9fd798b1ed7623f4f004f738d70cb888b15c (diff)
downloadcomputer-time-limit-9197f35b32ea7a218e49588ac167bebd248e8576.tar.xz
php vereinheitlichen, SQL injections verhindern
-rw-r--r--computer-time-limit.php25
1 files changed, 8 insertions, 17 deletions
diff --git a/computer-time-limit.php b/computer-time-limit.php
index 3297f67..acc3135 100644
--- a/computer-time-limit.php
+++ b/computer-time-limit.php
@@ -90,12 +90,14 @@ if (array_key_exists('msg', $_POST) && array_key_exists('sig', $_POST)) {
$von = date('Y-m-d H:i:s', $now);
$bis = date('Y-m-d H:i:s', $now + $noch);
if (is_null($host)) {
+ $print_host = 'NULL';
$host = 'NULL';
} else {
- $host = '"' . $host . '"';
+ $print_host = $host;
+ $host = 'from_base64("' . base64_encode($host) . '")';
}
- log_to_file('to_db ' . $key . ' ' . $host . ' ' . $von . ' ' . $bis);
+ log_to_file('to_db ' . $key . ' ' . $print_host . ' ' . $von . ' ' . $bis);
$db -> exec(
'UPDATE `computer_time`' .
' SET `host`=' . $host . ',' .
@@ -113,10 +115,7 @@ if ($is_openmetrics) {
print('#HELP computer_time_left Available computer time in seconds.' . "\n");
print('#TYPE computer_time_left gauge' . "\n");
} else {
-
-?><html><body><table>
-<?php
-
+ print('<html><body><table>' . "\n");
}
while ($row = $result->fetchArray()) {
@@ -141,19 +140,11 @@ while ($row = $result->fetchArray()) {
continue;
}
- ?> <tr><td><?php print($row['name']); ?></td><td><?php
-
- print(date('Y-m-d H:i:s', $bis));
- print(' (');
- print($noch);
- print(')');
+ print('<tr><td>' . $row['name'] . '</td><td>' . date('Y-m-d H:i:s', $bis) . ' (' . $noch . ')');
+ print('</td><td>' . $row['host'] . '</td></tr>' . "\n");
- ?></td><td><?php print($row['host']); ?></td></tr>
-<?php
}
if (!$is_openmetrics) {
-
-?></table></body></html><?php
-
+ print ('</table></body></html>' . "\n");
}