This commit is contained in:
@@ -1,15 +1,11 @@
|
||||
<?php
|
||||
session_start();
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
require_same_origin_request();
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// Check if the user is logged in
|
||||
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Not logged in'
|
||||
]);
|
||||
exit();
|
||||
}
|
||||
require_logged_in();
|
||||
|
||||
// Include database configuration
|
||||
include "../../config/config.php";
|
||||
@@ -47,7 +43,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
// Sanitize and validate the input
|
||||
$name = preg_replace("/[^a-zA-Z0-9_]/", "", $data['name']); // Allow only letters, numbers, and underscores
|
||||
$email = filter_var($data['email'], FILTER_SANITIZE_EMAIL); // Sanitize email
|
||||
$email = trim((string) $data['email']);
|
||||
if ($email !== "" && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Invalid email address'
|
||||
]);
|
||||
exit();
|
||||
}
|
||||
$telegram_id = htmlspecialchars($data['telegram_id'], ENT_QUOTES, 'UTF-8'); // Escape special characters
|
||||
|
||||
//check if username is allready taken
|
||||
|
||||
Reference in New Issue
Block a user