Merge pull request #11 from dbursem/master

Fixed SQL injection vulnerabilities by using PDO statements

.gitignore

@@ -0,0 +1,2 @@
+.idea
+config.php

config.php

@@ -0,0 +1,9 @@
+<?php
+
+$cfg = [
+    "db_type" => 'mysql',
+    "db_host" => 'localhost',
+    "db_user" => '',
+    "db_pass" => '',
+    "db_name" => '',
+];

index.php

@@ -1,61 +1,64 @@
 <?php
-$link="";
 require('sql.php');
-ouvrebase();
 
-if (isset($_GET['rec']))  { $recc="'&r=".$_GET['rec']."'"; $reqc=" AND rec='".$_GET['rec']."'"; } else { $recc = "\"\""; $reqc=""; } 
-if (isset($_GET['pw']))  { $parc="'&p=".$_GET['pw']."'"; } else { $parc = "\"\""; }
+$q="select * from live where tim > 0";
 
+if (isset($_GET['rec']))
+{
+    $recc="'&r=".$_GET['rec']."'";
+    $q .=" AND rec=?";
+    $params[] = $_GET['rec'];
+}
+else
+{
+    $recc = "\"\"";
+}
 
-
-$req="select * from live where tim > 0";
-$req.=$reqc;
+if (isset($_GET['pw']))
+{
+    $parc="'&p=".$_GET['pw']."'";
+}
+else
+{
+    $parc = "\"\"";
+}
 
 
 $latmax=$latmin=$lonmax=$lonmin=0;
 
-if (!$result=@mysql_query ($req))
-  {
-  echo "<BR><BR><CENTER>Request error $req</CENTER><BR><BR>";
-  @mysql_close($link);
-  exit();
-  }
+$stmt = $dbh->prepare($q);
+$stmt->execute($params);
 
-
-if (@mysql_num_rows($result)==0)
-  {
-  $latmax=60;
-  $latmin=35;
-  $lonmax=30;
-  $lonmin=-10;
-  $lon=2;
-  $lat=45;
-
-
-  }
+if ($stmt->rowCount() == 0)
+{
+    $latmax=60;
+    $latmin=35;
+    $lonmax=30;
+    $lonmin=-10;
+    $lon=2;
+    $lat=45;
+}
 else
-  {
-
-  $aa=0;
-
-  while($ligne = @mysql_fetch_array($result))
+{
+    $aa=0;
+    while($ligne = $stmt->fetch(PDO::FETCH_ASSOC))
     {
-    extract($ligne);
-    if ($aa==0)
-      {
-      $latmax=$latmin=$lat;
-      $lonmax=$lonmin=$lon;
-      $aa=1;
-      }
-    else
-      {
-      if ($lat>$latmax) $latmax=$lat;
-      if ($lat<$latmin) $latmin=$lat;
-      if ($lon>$lonmax) $lonmax=$lon;
-      if ($lon<$lonmin) $lonmin=$lon;
-      }
+        extract($ligne);
+        if ($aa==0)
+        {
+            $latmax=$latmin=$lat;
+            $lonmax=$lonmin=$lon;
+            $aa=1;
+        }
+        else
+        {
+            if ($lat>$latmax) $latmax=$lat;
+            if ($lat<$latmin) $latmin=$lat;
+            if ($lon>$lonmax) $lonmax=$lon;
+            if ($lon<$lonmin) $lonmin=$lon;
+        }
     }
-  }
+}
 
 
 echo "<!DOCTYPE html>
@@ -123,5 +126,3 @@ catch(e) {
 </body>
 
 </html>";
-@mysql_close($link);
-?>

sql.php

@@ -1,23 +1,29 @@
 <?php
-function ouvrebase()
-  {
-  // **************** Connexion et ouverture de la base ************************
-  global $link;
-  //if (!($link = @mysql_connect( )))   // en local
-  if (!($link = @mysql_connect("****hostname****", "****username****", "****password****" )))   //
-    {
+include 'config.php';
+
+try
+{
+    $dbh = new PDO($cfg['db_type'].':host='.$cfg['db_host'].';dbname='.$cfg['db_name'], $cfg['db_user'], $cfg['db_pass']);
+    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+}
+catch (PDOException $e) {
+    echo 'Connection failed: ' . $e->getMessage();
+}
+
+//legacy mysql_connect for non-released code:
+
+$link;
+if (!($link = @mysql_connect($cfg['db_host'], $cfg['db_user'], $cfg['db_pass'] )))   //
+{
     echo "<BR><BR><CENTER>Connection not possible</CENTER><BR><BR>";
     @mysql_close($link);
     exit();
-    }
+}
 
-  if (!(@mysql_select_db ("****databasename****",$link)))
-    {
+if (!(@mysql_select_db ($cfg['db_name'],$link)))
+{
     echo "<BR><BR><CENTER>Database access not possible</CENTER><BR><BR>";
     @mysql_close($link);
     exit();
-    }
-  // ***************************************************************************
-
-  }
-?>
+}
+// ***************************************************************************