Jump to content

eaglelegend

Members
  • Posts

    353
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

eaglelegend's Achievements

Regular Member

Regular Member (3/5)

0

Reputation

  1. What is it o.O?... someone make a mistake on the forums "OOP" XD
  2. Ok, sorry its kind of urgent now
  3. Thanks but now... Parse error: syntax error, unexpected '}' in /misc/39/000/171/334/2/user/web/eaglelegend.com/login.php on line 11 <?php include("header.php"); $eaglelegend = "eaglelegend.com"; //Your site url without http:// $eaglelegend2 = "www.eaglelegend.com"; //Type your domain with www. this time $referer = $_SERVER['HTTP_REFERER']; //Check if browser sends referrer url or not if ($referer == "") //If not, set referrer as your domain $domain = $yoursite; } else $domain = parse_url($referer); //If yes, parse referrer } if($domain['host'] == $eaglelegend || $domain['host'] == $eaglelegend2) { //Run your dowloading code here normally } else { //The referrer is not your site, we redirect to your home page header("Location: http://www.eaglelegend.com"); exit(); //Stop running the script } @$username = strip_tags(stripslashes($_POST['username'])); //assuming 'username' is the name of your form var @$password = strip_tags(stripslashes(md5($_POST['password']))); // ditto on 'password' if($username && $password) { $check = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`='$username' AND `password`='$password'")); if($check == 1) { $_SESSION['ELv2'] = $username; if(session_register('ELv2')){ $sql = mysql_query("UPDATE members SET ip ='{$_SERVER['REMOTE_ADDR']}' WHERE username='$username' LIMIT 1"); Header("Location: index.php"); } else { print "Cant set cookie"; } } else { print "Sorry, username/password mismatch!"; } } else { ?>
  4. still in need of help. ???
  5. this is 45, code, up to just before the begining of the form. <?php include("header.php"); $eaglelegend = "eaglelegend.com"; //Your site url without http:// $eaglelegend2 = "www.eaglelegend.com"; //Type your domain with www. this time $referer = $_SERVER['HTTP_REFERER']; //Check if browser sends referrer url or not if ($referer == "") //If not, set referrer as your domain $domain = $yoursite; else $domain = parse_url($referer); //If yes, parse referrer if($domain['host'] == $eaglelegend || $domain['host'] == $eaglelegend2) { //Run your dowloading code here normally } else { //The referrer is not your site, we redirect to your home page header("Location: http://www.eaglelegend.com"); exit(); //Stop running the script } @$username = strip_tags(stripslashes($_POST['username'])); //assuming 'username' is the name of your form var @$password = strip_tags(stripslashes(md5($_POST['password']))); // ditto on 'password' } if($username && $password) { $check = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`='$username' AND `password`='$password'")); if($check == 1) { $_SESSION['ELv2'] = $username; if(session_register('ELv2')){ $sql = mysql_query("UPDATE members SET ip ='{$_SERVER['REMOTE_ADDR']}' WHERE username='$username' LIMIT 1"); Header("Location: index.php"); } else { print "Cant set cookie"; } } else { print "Sorry, username/password mismatch!"; } } else { ?>
  6. Please ignore that old code, I noticed I missed a ew things -.-' here it is currently... include("header.php"); $eaglelegend = "eaglelegend.com"; //Your site url without http:// $eaglelegend2 = "www.eaglelegend.com"; //Type your domain with www. this time $referer = $_SERVER['HTTP_REFERER']; //Check if browser sends referrer url or not if ($referer == "") //If not, set referrer as your domain $domain = $yoursite; else $domain = parse_url($referer); //If yes, parse referrer if($domain['host'] == $eaglelegend || $domain['host'] == $eaglelegend2) { //Run your dowloading code here normally } else { //The referrer is not your site, we redirect to your home page header("Location: http://www.eaglelegend.com"); exit(); //Stop running the script } however the site is showing me this... Parse error: syntax error, unexpected '}' in /misc/39/000/171/334/2/user/web/eaglelegend.com/login.php on line 24
  7. include("header.php"); $eaglelegend = "eaglelegend.com"; //Your site url without http:// $eaglelegend2 = "www.eaglelegend.com"; //Type your domain with www. this time $referer = $_SERVER['HTTP_REFERER']; //Check if browser sends referrer url or not if ($referer == "") //If not, set referrer as your domain $domain = $yoursite; else $domain = parse_url($referer); //If yes, parse referrer if($domain['host'] == $eaglelegend || $domain['host'] == $eaglelegend2) { //Run your dowloading code here normally } else { //The referrer is not your site, we redirect to your home page header("Location: http://www.eaglelegend.com"); exit(); //Stop running the script } I know I am doing alot of work on my site today heh, but security, no matter how small is VERY important to me, so, please help, I have an error... Help IS much appreciated, thanks! Parse error: syntax error, unexpected '=' in /misc/39/000/171/334/2/user/web/eaglelegend.com/login.php on line 14 login.php: @$username = strip_tags(stripslashes($_POST['username'])); //assuming 'username' is the name of your form var @$password = strip_tags(stripslashes(md5($_POST['password']))); // ditto on 'password' } if($username && $password) { $check = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`='$username' AND `password`='$password'")); if($check == 1) { $_SESSION['ELv2'] = $username; if(session_register('ELv2')){ $sql = mysql_query("UPDATE members SET ip ='{$_SERVER['REMOTE_ADDR']}' WHERE username='$username' LIMIT 1"); Header("Location: index.php"); } else { print "Cant set cookie"; } } else { print "Sorry, username/password mismatch!"; } } else { ?>
  8. oh I see, OH thanks for the other post, that you helped solve with me XD
  9. Hey, I am trying to get my files a little bit safer, and less security holes, however, md5 dont like it, look... Warning: md5() expects parameter 1 to be string, array given in /misc/39/000/171/334/2/user/web/eaglelegend.com/register.php on line 6 Warning: md5() expects parameter 1 to be string, array given in /misc/39/000/171/334/2/user/web/eaglelegend.com/register.php on line 7 here is register, however, for your conveniance, I have not inclided the actual form where you "sighn up", just the code. <?php include("header.php"); ?> <?php $username = strip_tags(stripslashes($_POST)); $password = strip_tags(stripslashes(md5($_POST))); $password_confirm = strip_tags(stripslashes(md5($_POST))); $email = strip_tags(stripslashes($_POST)); $sql = mysql_query("UPDATE members SET ip ='{$_SERVER['REMOTE_ADDR']}' WHERE username='$username' LIMIT 1"); if($username && $password && $password_confirm && $email) { Function RemoveXSS($val) { $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); } $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(&#0{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); $val = preg_replace($pattern, $replacement, $val); if ($val_before == $val) { $found = false; } } } return $val; } $siteurl = preg_replace( "/[^a-zA-Z0-9s]/", "", $siteurl ); $check_user = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`=\"$username\"")); $check_site = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `url`=\"$siteurl\"")); if($check_user == 0) { if($password == $password_confirm) { $newpass = md5($password); $date = date("m/d/y"); $sql = mysql_query("SELECT * FROM `sites` WHERE `url`='$Z'"); while($r = mysql_fetch_array($sql)) { $money = $r["money"]; $points = $r["points"]; } $insert = mysql_query("INSERT INTO `members` (`admin`, `date`, `username`, `password`, `email`, `points`, `money`) VALUES('0', '$date', \"$username\", \"$newpass\", \"$email\", '$points', '$money')"); $sql = mysql_query("UPDATE members SET ip ='{$_SERVER['REMOTE_ADDR']}' WHERE username='$username' LIMIT 1"); if($insert) { print "<h2>Congratulations!</h2><p> You are now a registered member of this site!<p> Username: $username<br> Password: $password<p> You can login using the form to the right!"; } else { print mysql_error(); } } else { print "<p>Passwords do not match!</p>"; } } else { if($check_user > 0) { print "<p>That username already exists!</p>"; } } } else { ?>
  10. Thank you, my point is that the "IP" address, isnt updating to the database :/
  11. Why does "lastlogindate" display as "thislogin"? and nothing shows on "this login"?... on the database and also, why dont the ip adress update itself?? <?php include("header.php"); if(isset($_POST['username']) && isset($_POST['password'])) { $username = strip_tags(stripslashes($_POST['username'])); $password = (md5($_POST['password'])); } if($username && $password) { $check = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`='$username' AND `password`='$password'")); $ip = $_SERVER['REMOTE_ADDR']; if($check == 1) { $_SESSION['ELv2'] = $username; if(session_register('ELv2')){ Header("Location: index.php"); $sql = mysql_query("UPDATE members SET thislogin='$thislogindate' WHERE username='$username' LIMIT 1"); $sql = mysql_query("UPDATE members SET lastlogin='$lastlogindate' WHERE username='$username' LIMIT 1"); $sql = mysql_query("UPDATE members SET $ip ='$_SERVER['REMOTE_ADDR']' WHERE username='$username' LIMIT 1"); } else { print "Cant set cookie"; } } else { print "Sorry, username/password mismatch!"; } } else { ?> <h2>Login</h2><p> <form action="login.php" method="post"> Username<br> <input type="text" name="username" class="text_box" size="20" title="Please enter the Username you registered here with." alt="Please enter the Username you registered here with."><p> Password<br> <input type="password" name="password" class="text_box" size="20" title="Please enter the Password you registered here with." alt="Please enter the Password you registered here with."><p> <input type="hidden" name="ip" value="set"> <input type="submit" class="text_box" value=" Login " title="Click here to log in." alt="Click here to log in."></form> <?php } include("footer.php"); ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.