jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 3 files

Browse Source 
- /html/login/register.php
- /html/account/index.php
- /html/settings/index.php
This commit is contained in:
Jan BELLON 2024-03-14 23:35:12 +00:00
parent aa48c88e72
commit 8359573f81
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
html/account/index.php
View File

@ -85,8 +85,8 @@ if (isset($_POST['userDisplayName']) && isset($_POST['userBio'])) {
if(preg_match('!\S!u', $_POST['userDisplayName']) && preg_match('!\S!u', $_POST['userBio'])) {
$sqlRequest = "UPDATE users SET display_name = :userDisplayName, bio = :userBio WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":userDisplayName", htmlspecialchars($_POST['userDisplayName']));
$request->bindParam(":userBio", htmlspecialchars($_POST['userBio']));
$request->bindParam(":userDisplayName", htmlspecialchars(substr($_POST['userDisplayName'], 0, 20)));
$request->bindParam(":userBio", htmlspecialchars(substr($_POST['userBio'], 200)));
$request->bindParam(":userID", $_SESSION['userID']);
if($request->execute()) {
$status = "Informations mises à jour";

6
html/login/register.php
View File

@ -17,12 +17,12 @@ if (isset($_POST['username']) && isset($_POST['password1']) && isset($_POST['pas
$status = "Caractères illégaux";
} else {
$userEmail = isset($_POST['email']) ? strtolower($_POST['email']) : NULL;
$userDisplayName = htmlspecialchars($_POST['username']);
$userName = str_replace(" ", "_", strtolower(htmlspecialchars($_POST['username'])));
$userDisplayName = htmlspecialchars(substr($_POST['username']));
$userName = str_replace(" ", "_", strtolower(htmlspecialchars(substr($_POST['username'], 0, 20))));
$sqlRequest = "SELECT ID FROM users WHERE username = :username";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars($_POST['username']));
$request->bindParam(":username", $userName);
$request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC);

4
html/settings/index.php
View File

@ -13,7 +13,7 @@ if (isset($_POST['username']) && isset($_POST['email'])) {
if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['email'])) {
$sqlRequest = "SELECT ID FROM users WHERE username = :username";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars($_POST['username']));
$request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20)));
$request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC);
if($result && $result[0]['ID'] != $_SESSION['userID']) {
@ -21,7 +21,7 @@ if (isset($_POST['username']) && isset($_POST['email'])) {
} else {
$sqlRequest = "UPDATE users SET username = :username, email = :email WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars($_POST['username']));
$request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20)));
$request->bindParam(":email", htmlspecialchars($_POST['email']));
$request->bindParam(":userID", $_SESSION['userID']);
if($request->execute()) {