commit 13cf0cd109772eabd750d4d0bf322beb19e3bc12
author Adrià Vilanova Martínez <me@avm99963.com> Sun Nov 20 01:02:20 2022 +0100
committer Adrià Vilanova Martínez <me@avm99963.com> Sun Nov 20 01:02:20 2022 +0100
tree 89af6f70df0612e4b1c1154aa2069f6fb9df13ee
parent d3394e1accae91a2624805e4b08012483d99341f

Improve security

Change-Id: Ia98bb629c8c81f609d3a5e4d023616a95f9c4248

php/utils.php

diff --git a/php/utils.php b/php/utils.php
index 49ccbb7..1c41567 100644
--- a/php/utils.php
+++ b/php/utils.php
@@ -1,12 +1,19 @@
 <?php
+	require_once('db.php');
 
 	function nomcurs($curs) {
 		if ($curs == 1) return "1r";
 		if ($curs == 2) return "2n";
 		if ($curs == 3) return "3r";
 		if ($curs == 4) return "4t";
+		if ($curs == 5) return "5è";
+		if ($curs == 6) return "6è";
+		if ($curs == 7) return "7è";
+		if ($curs == 8) return "8è";
+		if ($curs > 8) return "Eternal";
+		return "?";
 	}
-	
+
 	function nomgrau($grau) {
 		if ($grau == 0) return "MAT";
 		if ($grau == 1) return "EST";
@@ -19,48 +26,41 @@
 		public $curs;
 		public $grau;
 		public $quimata;
-		
+
 		public function nom() {
 			$noms = explode(" ", $this->nomcomplet);
 			return $noms[0];
 		}
-		
+
 		public function nomcurs() {
 			return nomcurs($this->curs);
 		}
-		
+
 		public function nomgrau() {
 			return nomgrau($this->grau);
 		}
 	}
-	
+
 	function query($query) {
-		// Create connection
-		$credentials = new Credentials();
-		$conn = new mysqli($credentials->servername, $credentials->username, $credentials->password, $credentials->dbname);
-		if ($conn->connect_error) die("Connection failed: " . $conn->connect_error);
-		$conn->set_charset("utf8");
-		
+		global $conn;
+
 		// Execute query and save result
 		$result = $conn->query($query);
-		
-		// Close the connection 
-		$conn->close();
-		
+
 		// Return result of query
 		return $result;
 	}
-	
+
 	function get_users($id = 0, $getAsObjects = true) {
 		$users = [];
-		
+
 		$credentials = new Credentials();
 		$usersdb = $credentials->usersdb;
 		$mortsdb = $credentials->mortsdb;
-		
+
 		// Prepare the query
 		$query = "SELECT * FROM $usersdb";
-		if ($id > 0) $query .= " WHERE id=".$id;
+		if ($id > 0) $query .= " WHERE id=".(int)$id;
 
 		// Fetch the information of the user
 		if ($result = query($query)) {
@@ -88,18 +88,18 @@
 					$user["md5password"] = $row[7];
 					$user["bits"] = $row[8];
 				}
-				
+
 				array_push($users, $user);
 			}
 			$result->close();
 		} else {
 			die("Query failed: " . $query);
 		}
-		
+
 		if ($id > 0) return $users[0];
 		else return $users;
 	}
-	
+
 	// Number n to XXXXXXXXX with X = {0,1} binary format
 	function dec2bits($code) {
 		$bits = decbin($code);