yolanda/trunk/register.pl
josch 6933085e94 made sql injection impossible
git-svn-id: http://yolanda.mister-muffin.de/svn@48 7eef14d0-6ed0-489d-bf55-20463b2d70db
2007-10-12 00:34:32 +00:00

45 lines
1.2 KiB
Perl

#!/usr/bin/perl
require "include.pl";
require "functions.pl";
#initialize session data
CGI::Session->name($session_name);
$query = new CGI;
$session = new CGI::Session;
#if username and password are passed put them into the database
if($query->param('user') and $query->param('pass'))
{
#connect to db
my $dbh = DBI->connect("DBI:mysql:$database:$host", $dbuser, $dbpass) or die $dbh->errstr;
#do query
$sth = $dbh->prepare(qq{insert into users (username, password) values ( ?, password( ? ))}) or die $dbh->errstr;
#execute it
$sth->execute($query->param("user"), $query->param("pass")) or die $dbh->errstr;
#finish query
$sth->finish() or die $dbh->errstr;
#disconnect db
$dbh->disconnect() or die $dbh->errstr;
#print a little confirmation
print $session->header();
print 'done';
}
else
{
#if not, print register form
$page = XMLin("$gnutube_root/register.xml", ForceArray => 1, KeyAttr => {} );
#if a username is associated with session id, username is nonempty
$page->{username} = get_username_from_sid($session->id);
#print xml http header along with session cookie
print $session->header(-type=>'text/xml');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}