Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross Site Scripting vulnerability fixed #18

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Cross Site Scripting vulnerability fixed #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
939bdfe
Cross Site Scripting vulnerability fixed
absosec Mar 6, 2022
153984f
SQL Injection Vulnerability Fixed
absosec Mar 6, 2022
4238d67
SQL Injection Vulnerability Fixed
absosec Mar 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion about_manager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ function hideURLbar() {
<a class="nav-link" href="contact.php">Contact</a>
</li>
<li class="dropdown nav-item">
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo $_SESSION['username']; ?>
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo htmlspecialchars($_SESSION['username']); ?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu agile_short_dropdown">
Expand Down
2 changes: 1 addition & 1 deletion admin/admin_contact.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ function hideURLbar() {
<a class="nav-link" href="admin_contact.php">Contact</a>
</li>
<li class="dropdown nav-item">
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo $_SESSION['username']; ?>
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo htmlspecialchars($_SESSION['username']); ?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu agile_short_dropdown">
Expand Down
2 changes: 1 addition & 1 deletion admin/admin_home.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ function hideURLbar() {
<a class="nav-link" href="admin_contact.php">Contact</a>
</li>
<li class="dropdown nav-item">
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo $_SESSION['username']; ?>
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo htmlspecialchars($_SESSION['username']); ?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu agile_short_dropdown">
Expand Down
8 changes: 4 additions & 4 deletions admin/admin_profile.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,25 +108,25 @@ function hideURLbar() {
</div>
<div class="abt-agile-right">

<h3><?php echo $_SESSION['fname']." ".$_SESSION['lname']; ?></h3>
<h3><?php echo htmlspecialchars($_SESSION['fname']." ".$_SESSION['lname']); ?></h3>
<h5>Admin</h5>
<ul class="address">
<li>
<ul class="address-text">
<li><b>Username </b></li>
<li>: <?php echo $_SESSION['username']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['username']); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>PHONE </b></li>
<li>: <?php echo $_SESSION['mob_no']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['mob_no']); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>Email </b></li>
<li>: <?php echo $_SESSION['email']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['email']); ?></li>
</ul>
</li>
</ul>
Expand Down
8 changes: 4 additions & 4 deletions admin/create_hm.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,25 +117,25 @@ function hideURLbar() {
</div>
<div class="abt-agile-right">

<h3><?php echo $_SESSION['fname']." ".$_SESSION['lname']; ?></h3>
<h3><?php echo htmlspecialchars($_SESSION['fname']." ".$_SESSION['lname']); ?></h3>
<h5>Admin</h5>
<ul class="address">
<li>
<ul class="address-text">
<li><b>Username </b></li>
<li>: <?php echo $_SESSION['username']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['username']); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>PHONE </b></li>
<li>: <?php echo $_SESSION['mob_no']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['mob_no']); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>Email </b></li>
<li>: <?php echo $_SESSION['email']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['email']); ?></li>
</ul>
</li>
</ul>
Expand Down
41 changes: 28 additions & 13 deletions admin/manager_profile.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,41 +125,49 @@ function hideURLbar() {
</div>
<div class="abt-agile-right">

<h3><?php echo $_SESSION['fname']." ".$_SESSION['lname']; ?></h3>
<h3><?php echo htmlspecialchars($_SESSION['fname']." ".$_SESSION['lname']); ?></h3>
<h5>Hostel Manager</h5>
<ul class="address">
<li>
<ul class="address-text">
<li><b>Username </b></li>
<li>: <?php echo $_SESSION['username']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['username']); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>PHONE </b></li>
<li>: <?php echo $_SESSION['mob_no']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['mob_no']); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>Email </b></li>
<li>: <?php echo $_SESSION['email']; ?></li>
<li>: <?php echo htmlspecialchars($_SESSION['email']); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>Managing Hostel </b></li>
<?php
$HOID = $_SESSION['hostel_id'];
$query999 = "SELECT * FROM Hostel WHERE Hostel_id = '$HOID'";
$result999 = mysqli_query($conn,$query999);

$query999 = "SELECT * FROM Hostel WHERE Hostel_id = ?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $query999)){
header("Location: ../admin/create_hm.php?error=sqlerror");
exit();
}
mysqli_stmt_bind_param($stmt, "s", $HOID);
mysqli_stmt_execute($stmt);
$result999 = mysqli_stmt_get_result($stmt);
$row999 = mysqli_fetch_assoc($result999);
$HNM = $row999['Hostel_name'];
if(!$HNM){
$HNM='None';
}
?>
<li>: <?php echo $HNM; ?></li>
<li>: <?php echo htmlspecialchars($HNM); ?></li>
</ul>
</li>
</ul>
Expand All @@ -176,34 +184,41 @@ function hideURLbar() {
<div class="abt-agile-right">
<?php
$ad=1;
$queryA = "SELECT * FROM Hostel_Manager WHERE Isadmin = '$ad'";
$resultA = mysqli_query($conn,$queryA);
$queryA = "SELECT * FROM Hostel_Manager WHERE Isadmin = ?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $queryA)){
header("Location: ../admin/create_hm.php?error=sqlerror");
exit();
}
mysqli_stmt_bind_param($stmt, "s", $ad);
mysqli_stmt_execute($stmt);
$resultA = mysqli_stmt_get_result($stmt);
$rowA = mysqli_fetch_assoc($resultA);
$adFname = $rowA['Fname'];
$adLname = $rowA['Lname'];
$adUname = $rowA['Username'];
$adMob = $rowA['Mob_no'];
$adEmail = $rowA['Email'];
?>
<h3><?php echo $adFname." ".$adLname; ?></h3>
<h3><?php echo htmlspecialchars($adFname." ".$adLname); ?></h3>
<h5>Admin</h5>
<ul class="address">
<li>
<ul class="address-text">
<li><b>Username </b></li>
<li>: <?php echo $adUname; ?></li>
<li>: <?php echo htmlspecialchars($adUname); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>PHONE </b></li>
<li>: <?php echo $adMob; ?></li>
<li>: <?php echo htmlspecialchars($adMob); ?></li>
</ul>
</li>
<li>
<ul class="address-text">
<li><b>Email </b></li>
<li>: <?php echo $adEmail; ?></li>
<li>: <?php echo htmlspecialchars($adEmail); ?></li>
</ul>
</li>

Expand Down
8 changes: 4 additions & 4 deletions admin/students.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ function hideURLbar() {
<a class="nav-link" href="admin_contact.php">Contact</a>
</li>
<li class="dropdown nav-item">
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo $_SESSION['username']; ?>
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo htmlspecialchars($_SESSION['username']); ?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu agile_short_dropdown">
Expand Down Expand Up @@ -109,7 +109,7 @@ function hideURLbar() {
<?php
if (isset($_POST['search'])) {
$search_box = $_POST['search_box'];
/*echo "<script type='text/javascript'>alert('<?php echo $search_box; ?>')</script>";*/
/*echo "<script type='text/javascript'>alert('<?php echo htmlspecialchars($search_box); ?>')</script>";*/
$hostel_id = $_SESSION['hostel_id'];
$query_search = "SELECT * FROM Student WHERE Student_id like '$search_box%'";
$result_search = mysqli_query($conn,$query_search);
Expand Down Expand Up @@ -151,7 +151,7 @@ function hideURLbar() {
//student name
$student_name = $row_search['Fname']." ".$row_search['Lname'];

echo "<tr><td>{$student_name}</td><td>{$row_search['Student_id']}</td><td>{$row_search['Mob_no']}</td><td>{$hostel_name}</td><td>{$room_no}</td></tr>\n";
echo htmlspecialchars("<tr><td>{$student_name}</td><td>{$row_search['Student_id']}</td><td>{$row_search['Mob_no']}</td><td>{$hostel_name}</td><td>{$room_no}</td></tr>\n");
}
}
?>
Expand Down Expand Up @@ -213,7 +213,7 @@ function hideURLbar() {
//student name
$student_name = $row1['Fname']." ".$row1['Lname'];

echo "<tr><td>{$student_name}</td><td>{$row1['Student_id']}</td><td>{$row1['Mob_no']}</td><td>{$HNM}</td><td>{$room_no}</td></tr>\n";
echo htmlspecialchars("<tr><td>{$student_name}</td><td>{$row1['Student_id']}</td><td>{$row1['Mob_no']}</td><td>{$HNM}</td><td>{$room_no}</td></tr>\n");
}
}
?>
Expand Down
36 changes: 26 additions & 10 deletions allocate_room.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ function hideURLbar() {
<a class="nav-link" href="contact_manager.php">Contact</a>
</li>
<li class="dropdown nav-item">
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo $_SESSION['username']; ?>
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo htmlspecialchars($_SESSION['username']); ?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu agile_short_dropdown">
Expand Down Expand Up @@ -124,14 +124,23 @@ function hideURLbar() {
<?php
if (isset($_POST['search'])) {
$search_box = $_POST['search_box'];
/*echo "<script type='text/javascript'>alert('<?php echo $search_box; ?>')</script>";*/
/*echo "<script type='text/javascript'>alert('<?php echo htmlspecialchars($search_box); ?>')</script>";*/
$hostel_id = $_SESSION['hostel_id'];
$query_search = "SELECT * FROM Application WHERE Student_id like '$search_box%' and Hostel_id = '$hostel_id' and Application_status = '1'";
$result_search = mysqli_query($conn,$query_search);

//select the hostel name from hostel table
$query6 = "SELECT * FROM Hostel WHERE Hostel_id = '$hostel_id'";
$result6 = mysqli_query($conn,$query6);
$query6 = "SELECT * FROM Hostel WHERE Hostel_id = ?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $query6)){
header("Location: ../create_hm.php?error=sqlerror");
exit();
}
mysqli_stmt_bind_param($stmt, "s", $hostel_id);
mysqli_stmt_execute($stmt);
$result6 = mysqli_stmt_get_result($stmt);


$row6 = mysqli_fetch_assoc($result6);
$hostel_name = $row6['Hostel_name'];
?>
Expand Down Expand Up @@ -160,7 +169,7 @@ function hideURLbar() {
$row7 = mysqli_fetch_assoc($result7);
$student_name = $row7['Fname']." ".$row7['Lname'];

echo "<tr><td>{$student_name}</td><td>{$row_search['Student_id']}</td><td>{$hostel_name}</td><td>{$row_search['Message']}</td></tr>\n";
echo htmlspecialchars("<tr><td>{$student_name}</td><td>{$row_search['Student_id']}</td><td>{$hostel_name}</td><td>{$row_search['Message']}</td></tr>\n");

}
}
Expand Down Expand Up @@ -203,12 +212,19 @@ function hideURLbar() {
while($row1 = mysqli_fetch_assoc($result1)){
//get the name of the student to display
$student_id = $row1['Student_id'];
$query7 = "SELECT * FROM Student WHERE Student_id = '$student_id'";
$result7 = mysqli_query($conn,$query7);
$query7 = "SELECT * FROM Hostel WHERE Student_id = ?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $query7)){
header("Location: ../create_hm.php?error=sqlerror");
exit();
}
mysqli_stmt_bind_param($stmt, "s", $student_id);
mysqli_stmt_execute($stmt);
$result7 = mysqli_stmt_get_result($stmt);
$row7 = mysqli_fetch_assoc($result7);
$student_name = $row7['Fname']." ".$row7['Lname'];

echo "<tr><td>{$student_name}</td><td>{$row1['Student_id']}</td><td>{$hostel_name}</td><td>{$row1['Message']}</td></tr>\n";
echo htmlspecialchars("<tr><td>{$student_name}</td><td>{$row1['Student_id']}</td><td>{$hostel_name}</td><td>{$row1['Message']}</td></tr>\n");
}
}
?>
Expand All @@ -230,7 +246,7 @@ function hideURLbar() {
if(isset($_POST['submit'])){
$result1 = mysqli_query($conn,$query1);

/*echo "<script type='text/javascript'>alert('<?php echo $room_no ?>')</script>";*/
/*echo "<script type='text/javascript'>alert('<?php echo htmlspecialchars($room_no); ?>')</script>";*/
while($row1 = mysqli_fetch_assoc($result1)){
//find the minimum room number
$query2 = "SELECT * FROM Room where Room_No = (SELECT MIN(Room_No) FROM Room where Allocated = '0' and Hostel_id = '$hostel_id')";
Expand All @@ -245,7 +261,7 @@ function hideURLbar() {
$student_id = $row1['Student_id'];
$query3 = "UPDATE Application SET Application_status = '0',Room_No = '$room_no' WHERE Student_id = '$student_id'";
$result3 = mysqli_query($conn,$query3);
/*echo "<script type='text/javascript'>alert('<?php echo $result3; ?>')</script>";*/
/*echo "<script type='text/javascript'>alert('<?php echo htmlspecialchars($result3); ?>')</script>";*/
if($result3){
$room_id = $row2['Room_id'];
$query4 = "UPDATE Student SET Hostel_id = '$hostel_id',Room_id = '$room_id' WHERE Student_id = '$student_id'";
Expand Down
8 changes: 4 additions & 4 deletions allocated_rooms.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ function hideURLbar() {
<a class="nav-link" href="contact_manager.php">Contact</a>
</li>
<li class="dropdown nav-item">
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo $_SESSION['username']; ?>
<a href="#" class="dropdown-toggle nav-link" data-toggle="dropdown"><?php echo htmlspecialchars($_SESSION['username']); ?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu agile_short_dropdown">
Expand Down Expand Up @@ -126,7 +126,7 @@ function hideURLbar() {
<?php
if (isset($_POST['search'])) {
$search_box = $_POST['search_box'];
/*echo "<script type='text/javascript'>alert('<?php echo $search_box; ?>')</script>";*/
/*echo "<script type='text/javascript'>alert('<?php echo htmlspecialchars($search_box); ?>')</script>";*/
$hostel_id = $_SESSION['hostel_id'];
$query_search = "SELECT * FROM Student WHERE Student_id like '$search_box%' and Hostel_id = '$hostel_id'";
$result_search = mysqli_query($conn,$query_search);
Expand Down Expand Up @@ -164,7 +164,7 @@ function hideURLbar() {
//student name
$student_name = $row_search['Fname']." ".$row_search['Lname'];

echo "<tr><td>{$student_name}</td><td>{$row_search['Student_id']}</td><td>{$row_search['Mob_no']}</td><td>{$hostel_name}</td><td>{$room_no}</td></tr>\n";
echo htmlspecialchars("<tr><td>{$student_name}</td><td>{$row_search['Student_id']}</td><td>{$row_search['Mob_no']}</td><td>{$hostel_name}</td><td>{$room_no}</td></tr>\n");
}
}
?>
Expand Down Expand Up @@ -217,7 +217,7 @@ function hideURLbar() {
//student name
$student_name = $row1['Fname']." ".$row1['Lname'];

echo "<tr><td>{$student_name}</td><td>{$row1['Student_id']}</td><td>{$row1['Mob_no']}</td><td>{$hostel_name}</td><td>{$room_no}</td></tr>\n";
echo htmlspecialchars("<tr><td>{$student_name}</td><td>{$row1['Student_id']}</td><td>{$row1['Mob_no']}</td><td>{$hostel_name}</td><td>{$room_no}</td></tr>\n");
}
}
?>
Expand Down
Loading