Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-05-29 06:43:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing security issues

Browse source
This commit is contained in:
Michał Gdula 2022-07-25 18:28:55 +01:00
parent 87dc4d5ff0
commit a9ba8669a6
9 changed files with 173 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

35
image.php
View file

@ -20,13 +20,18 @@
echo "<p class='alert alert-high space-bottom-large'>Information updated</p>";
}
// Get image ID
// Getting all image info from table
$get_image = "SELECT * FROM swag_table WHERE id = ".$_GET['id'];
$image_results = mysqli_query($conn, $get_image);
$image = mysqli_fetch_assoc($image_results);
// Get all user details
if (isset($image['author'])) {
$get_user = "SELECT * FROM users WHERE id = ".$image['author'];
$user_results = mysqli_query($conn, $get_user);
$user = mysqli_fetch_assoc($user_results);
}
// Check if ID of image in URL
if (!isset($_GET['id'])) {
// No ID toast
@ -71,6 +76,13 @@
<div class="image-detail flex-down">
<h2>Details</h2>
<?php
// Image ID
if (isset($image['author'])) {
echo "<p>Author: ".$user['username']."</p>";
} else {
echo "<p>Author: No author</p>";
}
// Image ID
echo "<p>ID: ".$image['id']."</p>";
@ -89,10 +101,10 @@
?>
</div>
<div class="danger-zone flex-down">
<h2>Danger zone</h2>
<!-- DELETE BUTTON -->
<?php
<?php
if (isset($_SESSION['id']) && $image['author'] == $_SESSION['id'] || $_SESSION['id'] == 1) {
echo "<div class='danger-zone flex-down'>";
echo "<h2>Danger zone</h2>";
// Image hover details
echo "<form class='detail' method='POST' enctype='multipart/form-data'>";
echo "<button class='btn alert-low' type='submit' name='delete' value='".$image['id']."'><img class='svg' src='assets/icons/trash.svg'>Delete image</button>";
@ -115,11 +127,14 @@
echo "<p class='alert alert-fail' id='deleted'>Error: Coult not delete image</p>";
}
}
?>
<!-- EDIT BUTTON -->
<?php echo "<a class='btn alert-low space-top' href='https://superdupersecteteuploadtest.fluffybean.gay/edit.php?id=".$image['id']."'><img class='svg' src='assets/icons/edit.svg'>Modify image content</a>"; ?>
</div>
echo "<a class='btn alert-low space-top' href='https://superdupersecteteuploadtest.fluffybean.gay/edit.php?id=".$image['id']."'><img class='svg' src='assets/icons/edit.svg'>Modify image content</a>";
echo "</div>";
} else {
}
?>
<?php include("ui/footer.php"); ?>
</body>