jerome/winlog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ajout addslashes, simplification test sur action

Browse Source
This commit is contained in:
jbousquie 2016-11-18 10:20:16 +01:00
parent 5ee3c05f54
commit 674faeece8
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
index.php
View File

@ -5,13 +5,17 @@ include_once('admin/db_access.php');
// ne traiter que sur des requêtes POST sur le port 443
if ( $_SERVER["REQUEST_METHOD"] == "POST" && $_SERVER["SERVER_PORT"] == "443") {
$action = $_POST["action"];
$username = $_POST["username"];
$computer = $_POST["computer"];
$action = addslashes($_POST["action"]);
$username = addslashes($_POST["username"]);
$computer = addslashes($_POST["computer"]);
$code = $_POST["code"];
$ip = $_SERVER["REMOTE_ADDR"];
if (strcmp($code, $server_code)!=0) { exit; } // se protéger des POST anonymes par un code partagé entre client et serveur
// se protéger des POST anonymes par un code partagé entre client et serveur
if (strcmp(addslashes($code), addslashes($server_code)) != 0) {
exit;
}
$db = db_connect();
@ -21,10 +25,13 @@ if ( $_SERVER["REQUEST_METHOD"] == "POST" && $_SERVER["SERVER_PORT"] == "443") {
$req_con_C ='INSERT INTO connexions (username, hote, ip, debut_con, close) VALUES ("'.$username.'", "'.$computer.'", "'.$ip.'", CURRENT_TIMESTAMP(),0)';
//requête de mise à jour (fermeture) de la connexion
$req_con_D = 'UPDATE connexions SET close = 1 WHERE close = 0 AND username = "'.$username.'" AND hote = "'.$computer.'"';
// si action = C alors $req = $req_con_C, sinon $req_con_D
$req = $action == "C" ? $req_con_C:$req_con_D;
if ($action == "C") { db_query($db, $req_purge_C); } // on commence par purger avant de créer une connexion
$res = db_query($db, $req);
if ($action == "C") {
db_query($db, $req_purge_C); // on commence par purger avant de créer une connexion
db_query($db, $req_con_C);
}
else {
db_query($db, $req_con_D);
}
}
?>