From 6c7374c870ed42818e5a14ed5be32bf83735c737 Mon Sep 17 00:00:00 2001
From: dbursem <david@dbursem.nl>
Date: Fri, 6 Feb 2015 01:01:05 +0100
Subject: [PATCH] Fixed SQL injection vulnerabilities by using PDO statements.

Not tested as I do not have a database schema and am too lazy to reverse engineer it.
---
 .gitignore |  2 ++
 index.php  | 95 +++++++++++++++++++++++++++---------------------------
 sql.php    | 30 ++++++-----------
 3 files changed, 59 insertions(+), 68 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..43777a1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.idea
+config.php
\ No newline at end of file
diff --git a/index.php b/index.php
index 1bb21b4..00646f8 100644
--- a/index.php
+++ b/index.php
@@ -1,61 +1,64 @@
 <?php
-$link="";
 require('sql.php');
-ouvrebase();
 
-if (isset($_GET['rec']))  { $recc="'&r=".$_GET['rec']."'"; $reqc=" AND rec='".$_GET['rec']."'"; } else { $recc = "\"\""; $reqc=""; } 
-if (isset($_GET['pw']))  { $parc="'&p=".$_GET['pw']."'"; } else { $parc = "\"\""; }
+$q="select * from live where tim > 0";
 
+if (isset($_GET['rec']))
+{
+    $recc="'&r=".$_GET['rec']."'";
+    $q .=" AND rec=?";
+    $params[] = $_GET['rec'];
+}
+else
+{
+    $recc = "\"\"";
+}
 
-
-$req="select * from live where tim > 0";
-$req.=$reqc;
+if (isset($_GET['pw']))
+{
+    $parc="'&p=".$_GET['pw']."'";
+}
+else
+{
+    $parc = "\"\"";
+}
 
 
 $latmax=$latmin=$lonmax=$lonmin=0;
 
-if (!$result=@mysql_query ($req))
-  {
-  echo "<BR><BR><CENTER>Request error $req</CENTER><BR><BR>";
-  @mysql_close($link);
-  exit();
-  }
+$stmt = $dbh->prepare($q);
+$stmt->execute($params);
 
-
-if (@mysql_num_rows($result)==0)
-  {
-  $latmax=60;
-  $latmin=35;
-  $lonmax=30;
-  $lonmin=-10;
-  $lon=2;
-  $lat=45;
-
-
-  }
+if ($stmt->columnCount() == 0)
+{
+    $latmax=60;
+    $latmin=35;
+    $lonmax=30;
+    $lonmin=-10;
+    $lon=2;
+    $lat=45;
+}
 else
-  {
-
-  $aa=0;
-
-  while($ligne = @mysql_fetch_array($result))
+{
+    $aa=0;
+    while($ligne = $stmt->fetch(PDO::FETCH_ASSOC))
     {
-    extract($ligne);
-    if ($aa==0)
-      {
-      $latmax=$latmin=$lat;
-      $lonmax=$lonmin=$lon;
-      $aa=1;
-      }
-    else
-      {
-      if ($lat>$latmax) $latmax=$lat;
-      if ($lat<$latmin) $latmin=$lat;
-      if ($lon>$lonmax) $lonmax=$lon;
-      if ($lon<$lonmin) $lonmin=$lon;
-      }
+        extract($ligne);
+        if ($aa==0)
+        {
+            $latmax=$latmin=$lat;
+            $lonmax=$lonmin=$lon;
+            $aa=1;
+        }
+        else
+        {
+            if ($lat>$latmax) $latmax=$lat;
+            if ($lat<$latmin) $latmin=$lat;
+            if ($lon>$lonmax) $lonmax=$lon;
+            if ($lon<$lonmin) $lonmin=$lon;
+        }
     }
-  }
+}
 
 
 echo "<!DOCTYPE html>
@@ -123,5 +126,3 @@ catch(e) {
 </body>
 
 </html>";
-@mysql_close($link);
-?>
diff --git a/sql.php b/sql.php
index 77b4bcf..62f59c4 100644
--- a/sql.php
+++ b/sql.php
@@ -1,23 +1,11 @@
 <?php
-function ouvrebase()
-  {
-  // **************** Connexion et ouverture de la base ************************
-  global $link;
-  //if (!($link = @mysql_connect( )))   // en local
-  if (!($link = @mysql_connect("****hostname****", "****username****", "****password****" )))   //
-    {
-    echo "<BR><BR><CENTER>Connection not possible</CENTER><BR><BR>";
-    @mysql_close($link);
-    exit();
-    }
+include 'config.php';
 
-  if (!(@mysql_select_db ("****databasename****",$link)))
-    {
-    echo "<BR><BR><CENTER>Database access not possible</CENTER><BR><BR>";
-    @mysql_close($link);
-    exit();
-    }
-  // ***************************************************************************
-
-  }
-?>
+try
+{
+    $dbh = new PDO($cfg['db_type'].':host='.$cfg['db_host'].';dbname='.$cfg['db_name'], $cfg['db_user'], $cfg['db_pass']);
+    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+}
+catch (PDOException $e) {
+    echo 'Connection failed: ' . $e->getMessage();
+}