-
Posts
16,734 -
Joined
-
Last visited
-
Days Won
9
Everything posted by PFMaBiSmAd
-
Oops. I did not notice that you were not using php...
-
There are 'variable functions'. Have you looked at the php manual?
-
The error means you query failed. If you use mysqli_error($dbc) as part of your die() message, it will tell you why the query failed. I suspect that your password column name is not named password1
-
Form submition after authentication through CAS
PFMaBiSmAd replied to tblade's topic in PHP Coding Help
That CAS script only redirects to the authorization site when you are not logged in. If someone was logged in on your form page and submitted data, there should be no issue (assuming you are not getting a header error that is preventing the session from working at all.) The form data will be present and the code will just stay on your form processing page. If someone submitted form data and they are not already logged in, they weren't using your form page anyway and you should not care that the form data is lost. -
http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_timestampdiff
-
And how would that stop someone from either just setting the variable themselves or removing the code that is checking if the variable is set? The only way you can prevent someone from bypassing your lic.php file is if the file that is including and using the information from lic.php is also encrypted.
-
AJAX (Asynchronous JavaScript And XML) in itself is client-side and is independent of any server specifications. It just makes Asynchronous HTTP requests to web servers. As far as the web server is concerned, the HTTP request from AJAX is no different from any other HTTP request. However, since the data being requested is usually dynamically produced, you need some server side language to produce the response that is sent back to the client.
-
Or you could just do this - <?php $arr = array(); $arr[1] = 'attack'; // $lol['att'] = explode(",", $lulwut[1]); $arr[3] = 'strength'; // $lol['str'] = explode(",", $lulwut[3]); $arr[2] = 'defence'; // $lol['def'] = explode(",", $lulwut[2]); $arr[5] = 'ranged'; // $lol['rng'] = explode(",", $lulwut[5]); $arr[6] = 'prayer'; // $lol['pry'] = explode(",", $lulwut[6]); $arr[7] = 'magic'; // $lol['mag'] = explode(",", $lulwut[7]); $arr[21] = 'runecrafting'; // $lol['rc'] = explode(",", $lulwut[21]); $arr[23] = 'construction'; // $lol['cs'] = explode(",", $lulwut[23]); $arr[4] = 'constitution'; // $lol['hp'] = explode(",", $lulwut[4]); $arr[17] = 'agility'; // $lol['ag'] = explode(",", $lulwut[17]); $arr[16] = 'herblore'; // $lol['her'] = explode(",", $lulwut[16]); $arr[18] = 'thieving'; // $lol['th'] = explode(",", $lulwut[18]); $arr[13] = 'crafting'; // $lol['cra'] = explode(",", $lulwut[13]); $arr[10] = 'fletching'; // $lol['flt'] = explode(",", $lulwut[10]); $arr[19] = 'slayer'; // $lol['sl'] = explode(",", $lulwut[19]); $arr[22] = 'hunter'; // $lol['hun'] = explode(",", $lulwut[22]); $arr[15] = 'mining'; // $lol['min'] = explode(",", $lulwut[15]); $arr[14] = 'smithing'; // $lol['smi'] = explode(",", $lulwut[14]); $arr[11] = 'fishing'; // $lol['fsh'] = explode(",", $lulwut[11]); $arr[8] = 'cooking'; // $lol['ck'] = explode(",", $lulwut[8]); $arr[12] = 'firemaking'; // $lol['fm'] = explode(",", $lulwut[12]); $arr[9] = 'woodcutting'; // $lol['wc'] = explode(",", $lulwut[9]); $arr[20] = 'farming'; // $lol['frm'] = explode(",", $lulwut[20]); $arr[24] = 'summoning'; // $lol['sum'] = explode(",", $lulwut[24]); $arr[25] = 'dungeoneering'; //$lol['dun'] = explode(",", $lulwut[25]); $index = file_get_contents('http://hiscore.runescape.com/index_lite.ws?player=' . $username); if ($index != ""){ $lulwut = explode("\n", $index); $overall = explode(",", $lulwut[0]); // not used $query = "UPDATE `clan_members` SET "; foreach($arr as $key => $name){ $temp = explode(",", $lulwut[$key]); // $lol['att'] = explode(",", $lulwut[1]); $temp = str_replace('-1', '1', $temp); // $lol['att'] = str_replace('-1', '1', $lol['att']); $query .= "`$name` = '{$temp[1]}',"; } $query = rtrim($query,','); $query .= " WHERE `username` = '$username'"; echo $query; } ?>
-
I would also make a master array where the keys are the offset in the $lulwut array and the values are the corresponding column names so that you can dynamically produce the query from the correct data by using a foreach(){} loop to iterate over the master array to get the key/values to process the data.
-
mysqli_connect() won't work inside include file
PFMaBiSmAd replied to bulrush's topic in PHP Coding Help
The global keyword you are using in connectvars.php code does NOT do what you think it does. Those variables are already in the global (main program) scope and putting the global keyword anywhere in the main program has absolutely no meaning. -
mysqli_connect() won't work inside include file
PFMaBiSmAd replied to bulrush's topic in PHP Coding Help
Each of your mysqli_query() statements is going to have the same problem referencing the $dbc connection variable. I suggest you rethink what you are trying to use functions for. They are not designed to share variables between functions or to directly access main program variables. -
mysqli_connect() won't work inside include file
PFMaBiSmAd replied to bulrush's topic in PHP Coding Help
Then you should already know that the code and variables in a function are local to that function so that they can perform the task needed by that function without needing to worry about any unintended interaction with anything outside of that function and that you must pass any values into a function as parameters in the function call. If you have variables and functions that are so closely related that they will always be used together, you should be using OOP/classes. -
What sort of errors are in the server logs that lead you to believe that there is a memory leak and that it is being caused by the specific code that you posted?
-
Script isn't working, and therefore insecure :(
PFMaBiSmAd replied to adamjones's topic in PHP Coding Help
Each of your header() redirects need exit; statements after them to prevent the remainder of the code on the page from being executed while the browser requests the URL in the Location: redirect. See my posts in the following thread for more information - http://www.phpfreaks.com/forums/index.php/topic,297383.0.html Also, session_is_registered() only works when register_globals are ON (they were turned off by default in php4.2 in April of the year 2002.) You should use isset($_SESSION[...]) like you are using later in the same code. -
Line 12 is missing a closing quote and a semi-colon - ";
-
Ummm. You are creating an instance of the PDO class. You must use methods of the PDO class in your code.
-
Encryption/decryption operates on discrete blocks of data and it pads any supplied data to make it a full block in length. The characters are nulls and you can remove them by using the trim() function.
-
This will probably help - http://dev.mysql.com/doc/refman/5.1/en/example-maximum-column-group-row.html
-
last_insert_id() only returns the last id after an INSERT (and in some cases for an UPDATE) query has been preformed using the same database connection. The way you are using it causes it to return the item_id value. What exactly are you trying to accomplish?
-
You would need to determine why your connection that is being attempted in the dbConnect.php file is either not working or is being closed before the mysql_query() statement.
-
how does php determine what if an else applies to?
PFMaBiSmAd replied to Hailwood's topic in PHP Coding Help
The else goes with the previous if() that is at the same 'nested' statement level. For what you posted, the else is at the same statement level as the if($c==$d). To force the the else in the code you posted to go with the if($a==$b) test, you need to enclose the $c==$d logic inside of {} so that it becomes a single statement that is part of the if($a==$b) test - if($a==$b){ if($c==$d) return true;} else return false; -
What URL are you entering in the browser? It should be something like http://localhost/your_file.php
-
Help my website is hacked and the bug is in php.ini
PFMaBiSmAd replied to Hanna's topic in PHP Coding Help
We have already pointed out at least two possible security holes. The posted php.ini information also has display_errors ON, which would allow a hacker to see resulting errors that he triggers by feeding your scripts all kinds of unexpected data (having nothing to do with injecting sql.) No one here mentioned XSS. What was suggested however was remote php code inclusion. And frankly, it is equally likely that you have an upload function on your site and someone was able to upload a .php script and execute it. -
Help my website is hacked and the bug is in php.ini
PFMaBiSmAd replied to Hanna's topic in PHP Coding Help
It would actually be more helpful if you posted the output from a phpinfo(); statement so that we could see the actual settings. Based on what you did post (the magic_quotes_gpc setting is off), your code is likely not using mysql_real_escape_string() to prevent sql injection in string data or validating/casting numeric data to prevent sql injection and someone managed to inject some sql to either dump your user table or to log in as you under your scripts. Edit: Also, based on what you did post, allow_url_fopen is on, so under PHP4 (the requested phpinfo() output will also tell us which php version you are using), your code might allow remote php code inclusion, which would allow someone to include and run their php code on your server. -
http://dev.mysql.com/doc/refman/5.1/en/comparison-operators.html#function_in