Use header("Location: $url\n\n") instead of header("Location: $url")

Secure every SQL query with the quoteSmart methode.
Completely rewrite singleSignOn.php, now the code is more easy to understand
and more clean.

1 files changed, 8 insertions, 9 deletions

diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php
index 6893ad72..4c219432 100644
--- a/php/Attic/examples/sample-sp/admin_user.php
+++ b/php/Attic/examples/sample-sp/admin_user.php
@@ -33,7 +33,7 @@
 	  die($db->getMessage());
 
   if (!empty($_GET['dump'])) {
-  	$query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
+  	$query = "SELECT identity_dump FROM users WHERE user_id='".$db->quoteSmart($_GET['dump']);
 	$res =& $db->query($query);
 	if (DB::isError($res)) 
 	  print $res->getMessage(). "\n";
@@ -64,21 +64,20 @@
 	exit;
 	}
 
-  if (!empty($_GET['del'])) {
+  if (!empty($_GET['del'])) 
+  {
 
-	$query = "DELETE FROM nameidentifiers WHERE user_id='" . $_GET['del'] . "'" ;
+	$query = "DELETE FROM nameidentifiers WHERE user_id=".$db->quoteSmart($_GET['del']);
    	$res =& $db->query($query);
 	if (DB::isError($res)) 
-	  print $res->getMessage(). "\n";
+	  die($res->getMessage());
 
-	$query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ;
+	$query = "DELETE FROM users WHERE user_id='".$db->quoteSmart($_GET['del']);
    	$res =& $db->query($query);
 	if (DB::isError($res)) 
-	  print $res->getMessage(). "\n";
-
-	}
+	  die($res->getMessage());
+  }
 	
-
   $query = "SELECT * FROM users";
   $res =& $db->query($query);
   if (DB::isError($res))