Merge pull request #8 from Zanark/php_forum

Zanark · web-flow · commit b55a6c6a01a2 · 2018-03-19T00:24:03.000+05:30
Added Password encryption to prevent SQL Injection
diff --git a/forum/connect.php b/forum/connect.php
@@ -7,7 +7,7 @@
     $database['username'] = "root";
     $database['password'] = "";
     
-    $link = mysqli_connect($database['host'] , $database['username'] , $database['password']);
+    $link = mysqli_connect($database['host'] , $database['username'] , $database['password'] , $database['name'] );
 
     if($link){
         echo "<b>Successfully</b> connected to database   :  " . $database['name'] . "<br/><br/>";
diff --git a/forum/forum_functions.php b/forum/forum_functions.php
@@ -5,4 +5,18 @@ function checkInvalidCharacters($text) {
         return(bool) preg_match("/[^\w-.]/" , $text );
     }
 
+    function encrypt_pswd($input , $rounds = 9 ){
+
+        $salt = "";
+
+        $saltChars = array_merge(range('A' , 'Z') , range('a' , 'z') , range('0' , '9') );
+
+        for($i = 0 ; $i < 22 ; $i++)
+        {
+            $salt .= $saltChars[array_rand($saltChars)];
+        }
+
+        return crypt($input  , sprintf('$2a$%02d$' , $rounds) . $salt);
+    }
+
 ?>
diff --git a/forum/register_parse.php b/forum/register_parse.php
@@ -22,19 +22,24 @@
         else {
             if (strlen($password) >= $minpl) {
 
+                    $password = encrypt_pswd($password);
+                    
                     $sql = "INSERT INTO forum.users(username , password)
-                            VALUES ('$username' , '$password');
+                            VALUES ( ? , ? );
                             ";
 
-                    $res = mysqli_query($link , $sql);
+                    $stmt = $link->prepare($sql);
+                    $stmt->bind_param('ss' , $username , $password);
 
-                    if($res){
+                    //$res = mysqli_query($link , $sql);
+
+                    if($stmt->execute()){
                         echo "<b>Successfully Registered</b> as :   " . $username . "<br/><br/>";
                     }
     
                     else {
                         echo "<b>Registration Failed</b><br/><br/>";
-                        echo "Error is =>   " . mysql_error();
+                        echo "Error is =>   " . mysqli_error($link);
                     }
 
                 
