PBBFA23CIV/EIANotesApp
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sanitized login form

Browse Source
This commit is contained in:
Felix Ivo 2025-06-30 10:35:03 +02:00
parent 6dbca7cbd4
commit b92f7c1054
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Controller/UserController.php
View File

@ -20,7 +20,7 @@ class UserController
public function loginUser()
{
$erg = array();
$erg = $this->userModel->loginUser($_POST["username"], $_POST["password"]);
$erg = $this->userModel->loginUser($this->sanitize($_POST["username"]), $this->sanitize($_POST["password"]) );
if ($erg["success"] == true) {
header("Location: ?controller=Welcome&do=showWelcome");
exit();
@ -46,7 +46,7 @@ class UserController
public function registerUser()
{
$erg = array();
$erg = $this->userModel->registerUser($_POST["username"], $_POST["password"]);
$erg = $this->userModel->registerUser($this->sanitize($_POST["username"]), $this->sanitize($_POST["password"]) );
if ($erg["success"] == true) {
header("Location: ?controller=User&do=showUserLoginForm");
exit();
@ -54,10 +54,10 @@ class UserController
else {
$this->view->setDoMethodName("showUserRegisterForm");
$message = $erg['message'];
$message = $this->sanitize($erg['message']);
echo "<script type='text/javascript'>alert(\"$message\");</script>";
$this->view->setVars([
"errmsg" => $erg["message"]
"errmsg" => $message
]);
$this->showUserRegisterForm();
}
@ -73,6 +73,7 @@ class UserController
}
function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
return htmlspecialchars((string)$data, $flags, $encoding);
}
}