Fixed empty entry submission problem

Author: ngsankha

account.php

@@ -23,6 +23,8 @@
           echo("<div class=\"alert alert-success\">\nAccount settings updated!\n</div>");
         else if(isset($_GET['passerror']))
           echo("<div class=\"alert alert-error\">\nThe old password you entered is wrong. Please enter the correct password and try again.\n</div>");
+        else if(isset($_GET['derror']))
+          echo("<div class=\"alert alert-error\">\nPlease enter all the details asked before you can continue!\n</div>");
     ?>
     Account settings for <?php echo($_SESSION['username']);?><hr/>
     	  <form method="post" action="update.php">

admin/index.php

@@ -24,6 +24,8 @@
           echo("<div class=\"alert alert-success\">\nSettings Saved!\n</div>");
         else if(isset($_GET['passerror']))
           echo("<div class=\"alert alert-error\">\nThe old password is incorrect!\n</div>");
+        else if(isset($_GET['derror']))
+          echo("<div class=\"alert alert-error\">\nPlease enter all the details asked before you can continue!\n</div>");
       ?>
       <ul class="nav nav-tabs">
         <li class="active"><a href="#">General</a></li>

admin/login.php

@@ -3,17 +3,21 @@
 	if(loggedin() and $_SESSION['username'] == 'admin')
 		header("Location: index.php");
 	else if(isset($_POST['password'])) {
-		connectdb();
-		$query = "SELECT salt,hash FROM users WHERE username='admin'";
-		$result = mysql_query($query);
-		$fields = mysql_fetch_array($result);
-		$currhash = crypt($_POST['password'], $fields['salt']);
-		if($currhash == $fields['hash']) {
-			$_SESSION['username'] = "admin";
-			header("Location: index.php");
-		} else
-			header("Location: login.php?error=1");
-	} else
+		if(trim($_POST['password']) == "")
+			header("Location: login.php?derror=1");
+		else {
+			connectdb();
+			$query = "SELECT salt,hash FROM users WHERE username='admin'";
+			$result = mysql_query($query);
+			$fields = mysql_fetch_array($result);
+			$currhash = crypt($_POST['password'], $fields['salt']);
+			if($currhash == $fields['hash']) {
+				$_SESSION['username'] = "admin";
+				header("Location: index.php");
+			} else
+				header("Location: login.php?error=1");
+		}
+	}
 ?>
 <!DOCTYPE html>
 <html lang="en"><head>
@@ -73,6 +77,8 @@
           echo("<div class=\"alert alert-info\">\nYou have logged out successfully!\n</div>");
         else if(isset($_GET['error']))
           echo("<div class=\"alert alert-error\">\nIncorrect Password!\n</div>");
+        else if(isset($_GET['derror']))
+          echo("<div class=\"alert alert-error\">\nPlease enter all the details asked before you can continue!\n</div>");
       ?>
       <h1><small>Login</small></h1>
       <p>Please login to use the admin panel.</p><br/>

admin/problems.php

@@ -25,6 +25,8 @@
           echo("<div class=\"alert alert-error\">\nProblem deleted!\n</div>");
         else if(isset($_GET['updated']))
           echo("<div class=\"alert alert-success\">\nProblem updated!\n</div>");
+        else if(isset($_GET['derror']))
+          echo("<div class=\"alert alert-error\">\nPlease enter all the details asked before you can continue!\n</div>");
       ?>
       <ul class="nav nav-tabs">
         <li><a href="index.php">General</a></li>

admin/update.php

@@ -3,36 +3,56 @@
 	connectdb();
 	if(isset($_POST['action'])){
 		if($_POST['action']=='email') {
-			mysql_query("UPDATE users SET email='".mysql_real_escape_string($_POST['email'])."' WHERE username='".$_SESSION['username']."'");
-			header("Location: index.php?changed=1");
-		} else if($_POST['action']=='password') {
-			$query = "SELECT salt,hash FROM users WHERE username='admin'";
-			$result = mysql_query($query);
-			$fields = mysql_fetch_array($result);
-			$currhash = crypt($_POST['oldpass'], $fields['salt']);
-			if($currhash == $fields['hash']) {
-				$salt = randomAlphaNum(5);
-				$newhash = crypt($_POST['newpass'], $salt);
-				mysql_query("UPDATE users SET hash='$newhash', salt='$salt' WHERE username='".$_SESSION['username']."'");
+			if(trim($_POST['email']) == "")
+				header("Location: index.php?derror=1");
+			else {
+				mysql_query("UPDATE users SET email='".mysql_real_escape_string($_POST['email'])."' WHERE username='".$_SESSION['username']."'");
 				header("Location: index.php?changed=1");
-			} else
-				header("Location: index.php?passerror=1");
+			}
+		} else if($_POST['action']=='password') {
+			if(trim($_POST['oldpass']) == "" or trim($_POST['newpass']) == "")
+				header("Location: index.php?derror=1");
+			else {
+				$query = "SELECT salt,hash FROM users WHERE username='admin'";
+				$result = mysql_query($query);
+				$fields = mysql_fetch_array($result);
+				$currhash = crypt($_POST['oldpass'], $fields['salt']);
+				if($currhash == $fields['hash']) {
+					$salt = randomAlphaNum(5);
+					$newhash = crypt($_POST['newpass'], $salt);
+					mysql_query("UPDATE users SET hash='$newhash', salt='$salt' WHERE username='".$_SESSION['username']."'");
+					header("Location: index.php?changed=1");
+				} else
+					header("Location: index.php?passerror=1");
+			}
 		} else if($_POST['action']=='settings') {
-			if($_POST['accept']=='on') $accept=1; else $accept=0;
-			if($_POST['c']=='on') $c=1; else $c=0;
-			if($_POST['cpp']=='on') $cpp=1; else $cpp=0;
-			if($_POST['java']=='on') $java=1; else $java=0;
-			if($_POST['python']=='on') $python=1; else $python=0;
-			mysql_query("UPDATE prefs SET name='".mysql_real_escape_string($_POST['name'])."', accept=$accept, c=$c, cpp=$cpp, java=$java, python=$python");
-			header("Location: index.php?changed=1");
+			if(trim($_POST['name']) == "")
+				header("Location: index.php?derror=1");
+			else {
+				if($_POST['accept']=='on') $accept=1; else $accept=0;
+				if($_POST['c']=='on') $c=1; else $c=0;
+				if($_POST['cpp']=='on') $cpp=1; else $cpp=0;
+				if($_POST['java']=='on') $java=1; else $java=0;
+				if($_POST['python']=='on') $python=1; else $python=0;
+				mysql_query("UPDATE prefs SET name='".mysql_real_escape_string($_POST['name'])."', accept=$accept, c=$c, cpp=$cpp, java=$java, python=$python");
+				header("Location: index.php?changed=1");
+			}
 		} else if($_POST['action']=='addproblem') {
-			$query="INSERT INTO `problems` ( `name` , `text`, `input`, `output`) VALUES ('".mysql_real_escape_string($_POST['title'])."', '".mysql_real_escape_string($_POST['problem'])."', '".mysql_real_escape_string($_POST['input'])."', '".mysql_real_escape_string($_POST['output'])."')";
-			mysql_query($query);
-			header("Location: problems.php?added=1");
+			if(trim($_POST['title']) == "" or trim($_POST['problem']) == "")
+				header("Location: problems.php?derror=1");
+			else {
+				$query="INSERT INTO `problems` ( `name` , `text`, `input`, `output`) VALUES ('".mysql_real_escape_string($_POST['title'])."', '".mysql_real_escape_string($_POST['problem'])."', '".mysql_real_escape_string($_POST['input'])."', '".mysql_real_escape_string($_POST['output'])."')";
+				mysql_query($query);
+				header("Location: problems.php?added=1");
+			}
 		} else if($_POST['action']=='editproblem' and is_numeric($_POST['id'])) {
-			mysql_query("UPDATE problems SET input='".mysql_real_escape_string($_POST['input'])."', output='".mysql_real_escape_string($_POST['output'])."', name='".mysql_real_escape_string($_POST['title'])."', text='".mysql_real_escape_string($_POST['problem'])."'  WHERE sl='".$_POST['id']."'");
-			mysql_query($query);
-			header("Location: problems.php?updated=1&action=edit&id=".$_POST['id']);
+			if(trim($_POST['title']) == "" or trim($_POST['problem']) == "")
+				header("Location: problems.php?derror=1&action=edit&id=".$_POST['id']);
+			else {
+				mysql_query("UPDATE problems SET input='".mysql_real_escape_string($_POST['input'])."', output='".mysql_real_escape_string($_POST['output'])."', name='".mysql_real_escape_string($_POST['title'])."', text='".mysql_real_escape_string($_POST['problem'])."'  WHERE sl='".$_POST['id']."'");
+				mysql_query($query);
+				header("Location: problems.php?updated=1&action=edit&id=".$_POST['id']);
+			}
 		}
 	}
 	else if(isset($_GET['action'])){

eval.php

@@ -12,47 +12,51 @@
         	$soln = mysql_real_escape_string($_POST['soln']);
         	$filename = mysql_real_escape_string($_POST['filename']);
         	$lang = mysql_real_escape_string($_POST['lang']);
-		if($_POST['ctype']=='new')
-			$query = "INSERT INTO `solve` ( `problem_id` , `username`, `soln`, `filename`, `lang`) VALUES ('".$_POST['id']."', '".$_SESSION['username']."', '".$soln."', '".$filename."', '".$lang."')";
-		else {
-			$tmp = "SELECT attempts FROM solve WHERE (problem_id='".$_POST['id']."' AND username='".$_SESSION['username']."')";
-			$result = mysql_query($tmp);
-			$fields = mysql_fetch_array($result);
-			$query = "UPDATE solve SET lang='".$lang."', attempts='".($fields['attempts']+1)."', soln='".$soln."', filename='".$filename."' WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
-		}
-		mysql_query($query);
-		$socket = fsockopen($compilerhost, $compilerport);
-		if($socket) {
-			fwrite($socket, $_POST['filename']."\n");
-			$soln = str_replace("\n", '$_n_$', treat($_POST['soln']));
-			fwrite($socket, $soln."\n");
-			$query = "SELECT input, output FROM problems WHERE sl='".$_POST['id']."'";
-			$result = mysql_query($query);
-			$fields = mysql_fetch_array($result);
-			$input = str_replace("\n", '$_n_$', treat($fields['input']));
-			fwrite($socket, $input."\n");
-			fwrite($socket, $lang."\n");
-			$status = fgets($socket);
-			$contents = "";
-			while(!feof($socket))
-				$contents = $contents."\n".fgets($socket);
-			if($status == 0) {
-				$query = "UPDATE solve SET status=1 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
-				mysql_query($query);
-				$_SESSION['cerror'] = trim($contents);
-				header("Location: solve.php?cerror=1&id=".$_POST['id']);
-			} else if($status == 1) {
-				if(trim($contents) == trim(treat($fields['output']))) {
-					$query = "UPDATE solve SET status=2 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
-					mysql_query($query);
-					header("Location: index.php?success=1");
-				} else {
+        	if(trim($soln) == "" or trim($filename) == "" or trim($lang) == "")
+        		header("Location: solve.php?derror=1&id=".$_POST['id']);
+        	else {
+			if($_POST['ctype']=='new')
+				$query = "INSERT INTO `solve` ( `problem_id` , `username`, `soln`, `filename`, `lang`) VALUES ('".$_POST['id']."', '".$_SESSION['username']."', '".$soln."', '".$filename."', '".$lang."')";
+			else {
+				$tmp = "SELECT attempts FROM solve WHERE (problem_id='".$_POST['id']."' AND username='".$_SESSION['username']."')";
+				$result = mysql_query($tmp);
+				$fields = mysql_fetch_array($result);
+				$query = "UPDATE solve SET lang='".$lang."', attempts='".($fields['attempts']+1)."', soln='".$soln."', filename='".$filename."' WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
+			}
+			mysql_query($query);
+			$socket = fsockopen($compilerhost, $compilerport);
+			if($socket) {
+				fwrite($socket, $_POST['filename']."\n");
+				$soln = str_replace("\n", '$_n_$', treat($_POST['soln']));
+				fwrite($socket, $soln."\n");
+				$query = "SELECT input, output FROM problems WHERE sl='".$_POST['id']."'";
+				$result = mysql_query($query);
+				$fields = mysql_fetch_array($result);
+				$input = str_replace("\n", '$_n_$', treat($fields['input']));
+				fwrite($socket, $input."\n");
+				fwrite($socket, $lang."\n");
+				$status = fgets($socket);
+				$contents = "";
+				while(!feof($socket))
+					$contents = $contents."\n".fgets($socket);
+				if($status == 0) {
 					$query = "UPDATE solve SET status=1 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
 					mysql_query($query);
-					header("Location: solve.php?oerror=1&id=".$_POST['id']);
+					$_SESSION['cerror'] = trim($contents);
+					header("Location: solve.php?cerror=1&id=".$_POST['id']);
+				} else if($status == 1) {
+					if(trim($contents) == trim(treat($fields['output']))) {
+						$query = "UPDATE solve SET status=2 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
+						mysql_query($query);
+						header("Location: index.php?success=1");
+					} else {
+						$query = "UPDATE solve SET status=1 WHERE (username='".$_SESSION['username']."' AND problem_id='".$_POST['id']."')";
+						mysql_query($query);
+						header("Location: solve.php?oerror=1&id=".$_POST['id']);
+					}
 				}
-			}
-		} else
-			header("Location: solve.php?serror=1&id=".$_POST['id']);
+			} else
+				header("Location: solve.php?serror=1&id=".$_POST['id']);
+		}
 	}
 ?>

login.php

@@ -5,29 +5,37 @@
 	else if(isset($_POST['action'])) {
 		$username = mysql_real_escape_string($_POST['username']);
 		if($_POST['action']=='login') {
-			connectdb();
-			$query = "SELECT salt,hash FROM users WHERE username='".$username."'";
-			$result = mysql_query($query);
-			$fields = mysql_fetch_array($result);
-			$currhash = crypt($_POST['password'], $fields['salt']);
-			if($currhash == $fields['hash']) {
-				$_SESSION['username'] = $username;
-				header("Location: index.php");
-			} else
-				header("Location: login.php?error=1");
+			if(trim($username) == "" or trim($_POST['password']) == "")
+				header("Location: login.php?derror=1");
+			else {
+				connectdb();
+				$query = "SELECT salt,hash FROM users WHERE username='".$username."'";
+				$result = mysql_query($query);
+				$fields = mysql_fetch_array($result);
+				$currhash = crypt($_POST['password'], $fields['salt']);
+				if($currhash == $fields['hash']) {
+					$_SESSION['username'] = $username;
+					header("Location: index.php");
+				} else
+					header("Location: login.php?error=1");
+			}
 		} else if($_POST['action']=='register') {
 			$email = mysql_real_escape_string($_POST['email']);
-			connectdb();
-			$query = "SELECT salt,hash FROM users WHERE username='".$username."'";
-			$result = mysql_query($query);
-			if(mysql_num_rows($result)!=0)
-				header("Location: login.php?exists=1");
+			if(trim($username) == "" or trim($_POST['password']) == "" or trim($email) == "")
+				header("Location: login.php?derror=1");
 			else {
-				$salt = randomAlphaNum(5);
-				$hash = crypt($_POST['password'], $salt);
-				$sql="INSERT INTO `users` ( `username` , `salt` , `hash` , `email` ) VALUES ('".$username."', '$salt', '$hash', '".$email."')";
-				mysql_query($sql);
-				header("Location: login.php?registered=1");
+				connectdb();
+				$query = "SELECT salt,hash FROM users WHERE username='".$username."'";
+				$result = mysql_query($query);
+				if(mysql_num_rows($result)!=0)
+					header("Location: login.php?exists=1");
+				else {
+					$salt = randomAlphaNum(5);
+					$hash = crypt($_POST['password'], $salt);
+					$sql="INSERT INTO `users` ( `username` , `salt` , `hash` , `email` ) VALUES ('".$username."', '$salt', '$hash', '".$email."')";
+					mysql_query($sql);
+					header("Location: login.php?registered=1");
+				}
 			}
 		}
 	}
@@ -94,6 +102,8 @@
           echo("<div class=\"alert alert-success\">\nYou have been registered successfully! Login to continue.\n</div>");
         else if(isset($_GET['exists']))
           echo("<div class=\"alert alert-error\">\nUser already exists! Please select a different username.\n</div>");
+        else if(isset($_GET['derror']))
+          echo("<div class=\"alert alert-error\">\nPlease enter all the details asked before you can continue!\n</div>");
       ?>
       <h1><small>Login</small></h1>
       <p>Please login to continue.</p><br/>

solve.php

@@ -27,6 +27,8 @@
           echo("<div class=\"alert alert-error\">\nYou did not use one of the allowed languages. Please use a language that is allowed.\n</div>");
         else if(isset($_GET['serror']))
           echo("<div class=\"alert alert-error\">\nCould not connect to the compiler server. Please contact the admin to solve the problem.\n</div>");
+        else if(isset($_GET['derror']))
+          echo("<div class=\"alert alert-error\">\nPlease enter all the details asked before you can continue!\n</div>");
 
         $query = "SELECT * FROM prefs";
         $result = mysql_query($query);

update.php

@@ -2,19 +2,27 @@
 	include('functions.php');
 	connectdb();
 	if($_POST['action']=='email') {
-		mysql_query("UPDATE users SET email='".mysql_real_escape_string($_POST['email'])."' WHERE username='".$_SESSION['username']."'");
-		header("Location: account.php?changed=1");
-	} else if($_POST['action']=='password') {
-		$query = "SELECT salt,hash FROM users WHERE username='".$_SESSION['username']."'";
-		$result = mysql_query($query);
-		$fields = mysql_fetch_array($result);
-		$currhash = crypt($_POST['oldpass'], $fields['salt']);
-		if($currhash == $fields['hash']) {
-			$salt = randomAlphaNum(5);
-			$newhash = crypt($_POST['newpass'], $salt);
-			mysql_query("UPDATE users SET hash='$newhash', salt='$salt' WHERE username='".$_SESSION['username']."'");
+		if(trim($_POST['email']) == "")
+			header("Location: account.php?derror=1");
+		else {
+			mysql_query("UPDATE users SET email='".mysql_real_escape_string($_POST['email'])."' WHERE username='".$_SESSION['username']."'");
 			header("Location: account.php?changed=1");
-		} else
-			header("Location: account.php?passerror=1");
+		}
+	} else if($_POST['action']=='password') {
+		if(trim($_POST['oldpass']) == "" or trim($_POST['newpass']) == "")
+			header("Location: account.php?derror=1");
+		else {
+			$query = "SELECT salt,hash FROM users WHERE username='".$_SESSION['username']."'";
+			$result = mysql_query($query);
+			$fields = mysql_fetch_array($result);
+			$currhash = crypt($_POST['oldpass'], $fields['salt']);
+			if($currhash == $fields['hash']) {
+				$salt = randomAlphaNum(5);
+				$newhash = crypt($_POST['newpass'], $salt);
+				mysql_query("UPDATE users SET hash='$newhash', salt='$salt' WHERE username='".$_SESSION['username']."'");
+				header("Location: account.php?changed=1");
+			} else
+				header("Location: account.php?passerror=1");
+		}
 	}
 ?>