TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
076053658bac85c138598fd00e28b24243390a3f
4WDCSA.co.za/create_bar_tab.php
twotalesanimation 3247d15ce7 Task 9: Add CSRF tokens to form templates and backend processors 
Updated forms with hidden CSRF token fields:
- comment_box.php - Comment form
- course_details.php - Course booking form
- campsites.php - Campsite addition modal form
- bar_tabs.php - Bar tab creation modal form
- membership_application.php - Membership application form

Updated backend processors with CSRF validation:
- create_bar_tab.php - Bar tab AJAX processor
- add_campsite.php - Campsite form processor
- submit_order.php - Order submission processor

All forms now require validated CSRF tokens before processing, preventing cross-site request forgery attacks.
2025-12-03 11:47:26 +02:00

47 lines
1.9 KiB
PHP
Raw Blame History

<?php
require_once("session.php");
require_once("connection.php");
require_once("functions.php");
// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Security token validation failed.']);
exit();
}
// Check if user_id is set in the POST request
if (isset($_POST['user_id']) && !empty($_POST['user_id'])) {
// Sanitize the input to prevent SQL injection
$user_id = mysqli_real_escape_string($conn, $_POST['user_id']);
$created_at = date('Y-m-d H:i:s'); // Use current date and time for created_at
// First, check if a bar tab already exists for this user_id
$checkSql = "SELECT * FROM bar_tabs WHERE user_id = '$user_id' LIMIT 1";
$checkResult = mysqli_query($conn, $checkSql);
if (mysqli_num_rows($checkResult) > 0) {
// If a bar tab already exists for this user_id, return an error message
echo json_encode(['status' => 'error', 'message' => 'A bar tab already exists for this user.']);
} else {
// Prepare the SQL query to insert a new record into the bar_tabs table
$sql = "INSERT INTO bar_tabs (user_id) VALUES ('$user_id')";
// Execute the query
if (mysqli_query($conn, $sql)) {
// If the insertion is successful, return a success message
echo json_encode(['status' => 'success', 'message' => 'Bar tab created successfully.']);
} else {
// If there's an error, return an error message
echo json_encode(['status' => 'error', 'message' => 'Error: ' . mysqli_error($conn)]);
}
}
} else {
// If user_id is not provided, return an error message
echo json_encode(['status' => 'error', 'message' => 'User ID is required.']);
}
// Close the database connection
mysqli_close($conn);
?>
Reference in New Issue View Git Blame Copy Permalink