Jump to content
  • 0

ostatní vymazanie z mena čast


BlueSk

Dotaz

Zdravím mám spravene prihlasovanie cez steam a ked sa prihlasi tak mi uloži do databazi jeho meno ale nastal tu jeden problem,že ak si niekto da do mena <script> tak môže lahko zabugovať stránku tak by som potreboval podmienku,že ak ma v mene script tak mu to vymaže z mena určite ma chápete :d

case 'login':
		include 'openid.php';
		try
		{
			$openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
			if (!$openid->mode) {
				$openid->identity = 'http://steamcommunity.com/openid/?l=russian';
				header('Location: ' . str_replace("csgowinbet", "csgowinbet", $openid->authUrl()));
			} elseif ($openid->mode == 'cancel') {
				echo '';
			} else {
				if ($openid->validate()) {

					$id = $openid->identity;
					$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
					preg_match($ptn, $id, $matches);

					$url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamids=$matches[1]";
					$json_object = file_get_contents($url);
					$json_decoded = json_decode($json_object);
					foreach ($json_decoded->response->players as $player) {
						$steamid = $player->steamid;
						$name = $player->personaname;
						$avatar = $player->avatar;
					}

					$hash = md5($steamid . time() . rand(1, 50));
					$sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
					$row = $sql->fetchAll(PDO::FETCH_ASSOC);
					if (count($row) == 0) {
						$db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
					} else {
						$db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
					}
					setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
					header('Location: http://www.csgowinbet.eu/sets.php?id=' . $hash);
				}
			}
		} catch (ErrorException $e) {
			exit($e->getMessage());
		}
		break;
Link to comment
Share on other sites

3 odpovědí na tuto otázku

Recommended Posts

  • 0

dženkuje ale moc tomu nerozumiem :d

To neres proste tu funkci aplikujes na ten retezec driv nez ho posles do databaze, on se postara o to, aby ten <script> ti nic nedobugoval (< &lr, > &rl) atp.. uz nevim jak ty skratky jsou :d

Edited by ATomas
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...