Monkuar

My Smilieys: $smilies = array( '' => 'smile.gif', '=)' => 'smile.png', ':|' => 'neutral.png', '=|' => 'neutral.png', '' => 'sad.png', '=(' => 'sad.png', '' => 'big_smile.png', '=D' => 'big_smile.png', '' => 'yikes.png', '' => 'yikes.png', '' => 'wink.png', ':/' => 'hmm.png', '' => 'tongue.png', '' => 'tongue.png', '' => 'lol.png', ':mad:' => 'mad.png', '' => 'roll.png', ':cool:' => 'cool.png'); My function to convert: function do_smilies($text) { global $pun_config, $smilies; $text = ' '.$text.' '; foreach ($smilies as $smiley_text => $smiley_img) { if (strpos($text, $smiley_text) !== false) $text = ucp_preg_replace('%(?<=[>\s])'.preg_quote($smiley_text, '%').'(?=[^\p{L}\p{N}])%um', '<img src="'.pun_htmlspecialchars(get_base_url(true).'/img/smileys/'.$smiley_img).'" alt="'.substr($text, 0, strrpos($text, '.')).'" />', $text); } return substr($text, 1, -1); } I am trying to make the alt='' Can you help me please? I tried $text, but then it just foreaches it and converts it again Im trying to put the smiley code inside the alt tag.

but I have no idea where they are doing the query's from! so Iuno what query to give you!! Here is one from a gold mod I made. function buyticket() { global $ibforums, $DB, $std, $print; // Newmans checker lol if ($ibforums->input['amount'] < 0){ $std->Error2("Stop being nawty"); } /// //Figure out the id and send variables for each if (!$ibforums->input['id']){ $std->Error2("Stop trying to be nawty...."); } switch ($ibforums->input['id']){ case "1"; $name = "100FG Scratch Ticket(s)"; $cost = "10"; $redirect = 'Scratch Ticket'; break; case "2"; $name = "1,000FG Scratch Ticket(s)"; $cost = "125"; $redirect = 'Scratch Ticket'; break; case "3"; $name = "Name Stylizer Ticket"; $cost = "1500"; $redirect = 'Name Stylizer'; break; case "4"; $name = "Goodie Bag"; $redirect = 'Goodie Bag'; $cost = "1699"; break; } If (isset($ibforums->input['amount']) AND $ibforums->input['amount'] > "100"){ $std->Error2("You can only buy a max of 100 Tickets"); }else{ } If (isset($ibforums->input['amount'])){ $amount2 = $ibforums->input['amount']; }else{ $ibforums->input['amount'] = "1"; $amount2 = '1'; } $amount = $cost*$ibforums->input['amount']; $newamount = $amount; if ($ibforums->member['gold'] < $amount) { $std->Error2("You do not have enough Forum Gold you need, $amount"); }else{ //Check if they already have the item $DB->query("SELECT item_id from items where user_id = {$ibforums->member['id']} AND item_id = {$ibforums->input['id']}"); $r2 = $DB->fetch_row(); if ($r2['item_id'] == $ibforums->input['id']){ //Just update and give them quantity +1 $DB->query("UPDATE items SET quantity=quantity+$amount2,comment='Bought $name' WHERE user_id={$ibforums->member['id']} AND item_id = {$ibforums->input['id']}"); $DB->query("UPDATE ibf_members SET gold=gold-$amount WHERE id={$ibforums->member['id']}"); $db_string = $std->compile_db_string( array( 'to_id' => "0", 'from_id' => "{$ibforums->member['id']}", 'comments' => "Bought {$amount2}x $name", //Date 'date' => time(), //0 -> Store 1 -> Receieved 2 -> Sent 'amount' => "$newamount", ) ); $DB->query("INSERT INTO gold_logs (" .$db_string['FIELD_NAMES']. ") VALUES (". $db_string['FIELD_VALUES'] .")"); $print->redirect_screen("$redirect Purchased", 'a=Shop&action=MyItems'); }else{ $DB->query("UPDATE ibf_members SET gold=gold-$amount WHERE id={$ibforums->member['id']}"); $db_string = $std->compile_db_string( array( 'to_id' => "0", 'from_id' => "{$ibforums->member['id']}", 'comments' => "Bought {$amount2}x $name", //Date 'date' => time(), //0 -> Store 1 -> Receieved 2 -> Sent 'amount' => "$newamount", ) ); $DB->query("INSERT INTO gold_logs (" .$db_string['FIELD_NAMES']. ") VALUES (". $db_string['FIELD_VALUES'] .")"); $db_string = $std->compile_db_string( array( 'item_id' => "{$ibforums->input['id']}", 'user_id' => "{$ibforums->member['id']}", 'from_id' => "0", 'date' => time(), 'quantity' => ''.$amount2.'', 'comment' => "{$name}", ) ); $DB->query("INSERT INTO items (" .$db_string['FIELD_NAMES']. ") VALUES (". $db_string['FIELD_VALUES'] .")"); $print->redirect_screen("$redirect Purchased", 'a=Shop&action=MyItems'); } } $this->output .= <<< LOL LOL; } Now, see the problem is, they cant access those queries unless they have gold on there account am I right? the hacker has no gold on his profile so i know he didn't use this okay heres another query in the profile settings //Make sure no1 comes in... //Update the star they chose.. if (isset($ibforums->input['remove'])) { $DB->query("UPDATE ibf_members set star='' WHERE id='".$this->member['id']."'"); $print->redirect_screen("Your star has been removed.", "a=[]&c=Donor"); } if (isset($ibforums->input['star'])) { // Newmans checker lol if ($ibforums->input['star'] < 0){ $std->Error2("Stop being nawty"); } if ($ibforums->input['star'] > $this->member['max_stars']){ //They trying to hack my stars... $std->Error2("You cannot choose a star you don't have access to..."); }else{ $DB->query("UPDATE ibf_members set star='{$ibforums->input['star']}' WHERE id='".$this->member['id']."'"); } would that be vulnerable ? but the hacker had a max_Stars of 0 anyway.... so how could they get in? but in general are queries like this vulnerable? but isnt the $ibforums input alrdy escaped? or should i use mysql_real_escape on it again? i dont get it

i have tons of queries as this forum software is from 2001 here is a random code that works to pull all the data from the index to show the forum categorys $DB->query("SELECT f.*, f.name as forum_name, f.id as forum_id, f.posts as forum_posts, f.topics as forum_topics, t.*, c.name as cat_name, c.id as cat_id, c.state as cat_state FROM ibf_topics t, ibf_forums f , ibf_categories c WHERE t.tid=".$ibforums->input['t']." and f.id = t.forum_id and f.category=c.id"); $ibforums is a global var: $ibforums->input = $std->parse_incoming(); parse_incoming is: function parse_incoming() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_CLIENT_IP, $REQUEST_METHOD, $REMOTE_ADDR, $HTTP_PROXY_USER, $HTTP_X_FORWARDED_FOR; $return = array(); if( is_array($HTTP_GET_VARS) ) { while( list($k, $v) = each($HTTP_GET_VARS) ) { //-- mod_sec_update_131 begin if (strpos($k, "amp;") === 0) $k = substr($k, 4); //-- mod_sec_update_131 end if ( $k == 'INFO' ) { continue; } if( is_array($HTTP_GET_VARS[$k]) ) { while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ) { $return[$k][ $this->clean_key($k2) ] = $this->clean_value($v2); } } else { $return[$k] = $this->clean_value($v); } } } // Overwrite GET data with post data if( is_array($HTTP_POST_VARS) ) { while( list($k, $v) = each($HTTP_POST_VARS) ) { if ( is_array($HTTP_POST_VARS[$k]) ) { while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ) { $return[$k][ $this->clean_key($k2) ] = $this->clean_value($v2); } } else { $return[$k] = $this->clean_value($v); } } } //---------------------------------------- // Sort out the accessing IP // (Thanks to Cosmos and schickb) //---------------------------------------- $addrs = array(); foreach( array_reverse( explode( ',', $HTTP_X_FORWARDED_FOR ) ) as $x_f ) { $x_f = trim($x_f); if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $x_f ) ) { $addrs[] = $x_f; } } $addrs[] = $_SERVER['REMOTE_ADDR']; $addrs[] = $HTTP_PROXY_USER; $addrs[] = $REMOTE_ADDR; //header("Content-type: text/plain"); print_r($addrs); print $_SERVER['HTTP_X_FORWARDED_FOR']; exit(); $return['IP_ADDRESS'] = $this->select_var( $addrs ); // Make sure we take a valid IP address $return['IP_ADDRESS'] = preg_replace( "/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/", "\\1.\\2.\\3.\\4", $return['IP_ADDRESS'] ); $return['request_method'] = ( $_SERVER['REQUEST_METHOD'] != "" ) ? strtolower($_SERVER['REQUEST_METHOD']) : strtolower($REQUEST_METHOD); return $return; } Now see $ibforums->input is a cleaned value? But is that query still vulnerable? this is the class for $DB->query: function query($the_query, $bypass=0) { //-------------------------------------- // Change the table prefix if needed //-------------------------------------- if ($bypass != 1) { if ($this->obj['sql_tbl_prefix'] != "ibf_") { $the_query = preg_replace("/ibf_(\S+?)([\s\.,]|$)/", $this->obj['sql_tbl_prefix']."\\1\\2", $the_query); } } if ($this->obj['debug']) { global $Debug, $ibforums; $Debug->startTimer(); } $this->query_id = mysql_query($the_query, $this->connection_id); if (! $this->query_id ) { $this->fatal_error("mySQL query error: $the_query"); } if ($this->obj['debug']) { $endtime = $Debug->endTimer(); if ( preg_match( "/^select/i", $the_query ) ) { $eid = mysql_query("EXPLAIN $the_query", $this->connection_id); $ibforums->debug_html .= "<table width='95%' border='1' cellpadding='6' cellspacing='0' bgcolor='#FFE8F3' align='center'> <tr> <td colspan='8' style='font-size:14px' bgcolor='#FFC5Cb'><b>Select Query</b></td> </tr> <tr> <td colspan='8' style='font-family:courier, monaco, arial;font-size:14px;color:black'>$the_query</td> </tr> <tr bgcolor='#FFC5Cb'> <td><b>table</b></td><td><b>type</b></td><td><b>possible_keys</b></td> <td><b>key</b></td><td><b>key_len</b></td><td><b>ref</b></td> <td><b>rows</b></td><td><b>Extra</b></td> </tr>\n"; while( $array = mysql_fetch_array($eid) ) { $type_col = '#FFFFFF'; if ($array['type'] == 'ref' or $array['type'] == 'eq_ref' or $array['type'] == 'const') { $type_col = '#D8FFD4'; } else if ($array['type'] == 'ALL') { $type_col = '#FFEEBA'; } $ibforums->debug_html .= "<tr bgcolor='#FFFFFF'> <td>$array[table] </td> <td bgcolor='$type_col'>$array[type] </td> <td>$array[possible_keys] </td> <td>$array[key] </td> <td>$array[key_len] </td> <td>$array[ref] </td> <td>$array[rows] </td> <td>$array[Extra] </td> </tr>\n"; } if ($endtime > 0.1) { $endtime = "<span style='color:red'><b>$endtime</b></span>"; } $ibforums->debug_html .= "<tr> <td colspan='8' bgcolor='#FFD6DC' style='font-size:14px'><b>mySQL time</b>: $endtime</b></td> </tr> </table>\n<br />\n"; } else { $ibforums->debug_html .= "<table width='95%' border='1' cellpadding='6' cellspacing='0' bgcolor='#FEFEFE' align='center'> <tr> <td style='font-size:14px' bgcolor='#EFEFEF'><b>Non Select Query</b></td> </tr> <tr> <td style='font-family:courier, monaco, arial;font-size:14px'>$the_query</td> </tr> <tr> <td style='font-size:14px' bgcolor='#EFEFEF'><b>mySQL time</b>: $endtime</span></td> </tr> </table><br />\n\n"; } } $this->query_count++; $this->obj['cached_queries'][] = $the_query; return $this->query_id; } I have these queries like this all over my board , tons of them..... I know it's probably so vulnerable, any "eye" noticable fixes that are vulnerable off the bat? Is there any way I can add the mysql_real_escape string to the global $DB->query function?

and doing sql injections i have enabled mysql logging and i can find where they did the query, but it only shows the query, it doesn't show what location or what url or how they did it so how can i fix it? thx also lighttpd logs doesn't show... this sucks

if (ltrim($ibforums->input['TopicTitle'])) { $std->Error2("Stop being Nawty"); } fixed!!

people on my forum (speakwhatsreal.com) submitting blank spaces like they just copy/paste the blank space in the textarea and how do I check input on that, does strlen work?

if ($ibforums->input['amount'] < 0){ $std->Error2("Stop being nawty"); } thanks pikachu topic solved

ok, my bad overlooked it. I need to check now if it's negative tho, so I can echo out "Stop being Nawty" is there a php function that helps and protects all - inputs and turns them positive? I have a lot of fixing up to do.. he hacked everything

if (isset($ibforums->input['star'])) { if ($ibforums->input['star'] > $this->member['max_stars']){ //They trying to hack my stars... $std->Error2("You cannot choose a star you don't have access to..."); }else{ $DB->query("UPDATE ibf_members set star='{$ibforums->input['star']}' WHERE id='".$this->member['id']."'"); } Max stars is set at as 0 I put my tamper data plugin to try to perform how the hacker hacked, and put -125 or any - number and it worked. how does it work thougih? when the -1235 is not greater then 0? Max_stars is at 0

we have a hacker on my forum using -1424 values as inputs how do i block and make sure the input is not anything negative?

Call to undefined method skin_register::show_lostpass_form() in /var/www/sources/reg.php on line 1042 1042: $this->output = $this->html->show_lostpass_form(); my html function show_lostpass_form(); is function show_lostpass_form_manual() { global $ibforums; return <<<EOF <div class="tablepad">{$ibforums->lang['dumb_text']}</div> <div class="pformstrip">{$ibforums->lang['complete_form']}</div> <table class="tablebasic"> <tr> <td class="pformleft"><strong>{$ibforums->lang['user_id']}</strong></td> <td class="pformright"><input type='text' size='32' maxlength='32' name='uid' class='forminput' /></td> </tr> <tr> <td class="pformleft"><strong>{$ibforums->lang['val_key']}</strong></td> <td class="pformright"><input type='text' size='32' maxlength='50' name='aid' class='forminput' /></td> </tr> EOF; } why this error not going away?

My code to Generate my data dynamically: $DB->query("SELECT g_title,g_id from ibf_groups where g_title NOT IN ('Validating','Guests') order by rank ASC"); while ($group = $DB->fetch_row()) { $data[$group['g_id']] = $group['g_title']; } $letters2 = $data; //var_dump($data); $group=(empty($group))?'':$group; $group.='<center><div class=pages>Group: '; foreach ($letters2 as $letter2 => $ids) { $group .= '<a href="?a=(^_-)&filter='.$letter2.'">'; if (isset($_GET['filter']) && $_GET['filter'] == $letter2){ $group .="<b>{$data[$letter2]}</b>"; }else{ $group .="{$data[$letter2]}"; } $group .= '</a>'; if ($data[$letter2]!="Loser"){ $group .=" • "; } } MY code so I can use to filter the groups with my database if ( isset( $_GET['filter'] ) AND in_array($_GET['filter'], $letters2 ) ){ echo "hey"; exit; // CONNECT TO DATABASE AND QUERY $q_extra .= " AND m.mgroup IN($_GET['filter'])"; // DO QUERY AND CHURN OUT RESULTS } something is wrong, because in my original foreach I am using the => And it's not reading through my $letters2 correctly? (I will use mysql_escape once done) but I cannot even bring up the echo "hey" on a &filter=XXX I am stumped

There is nothing stupid about getting an error when you try to use a variable that isn't defined. In fact it makes perfect sense that it would cause an error. What would be stupid would be if php where to simply overlook poor programming. well im fixing them now.. i think i learned my mistake, i mean i am learning the hard way.. going through and fixing them... that's a good punishment imo

there just stupid unidentified error's because i never used ISSET..... bcz i thought it wouldn't matter, until I read somewhere that if you fix all the errors it does make php process faster by ms's so im down to do w/e to help it go faster

And I fixed literally probably over couple hundrend by now, But i got like 200 more I need to fix, but is there a way so I can set a SETTINGS IN PHP.INI to make the error's come out by Lowest to highest LINE? Cuz I get error in filename.php on LINE 50 then I fix it, then the last error is like LINE 1 or line 2500..... so I have to scroll all the way up again, it get's annoying is there a way to order the error's so it's easy lowest line to highest line? Cuz I got so many to fix Ternary operator has been my best friend lately! :-* :-*

Session star is my code where that users starts the game. session_start(); $_SESSION['Yahtzee']['start_time'] = time(); if (isset($_GET['ez'])){ $total_time = time() - $_SESSION['Yahtzee']['start_time'] = time(); echo $total_time; exit; } So he starts the game, then I will be using $_GET or $_POST to update there value, I wait 5seconds on main page, go to ?ez=1 on URL to activate my $_GET['ez'] to show the time spent and it still shows 0? I am obviously doing something wrong because your code usually never fails

session_start(); $_SESSION['Yahtzee']['time'] = time(); if (isset($_GET['ez'])){ echo "hey"; $time2 = $_SESSION['Yahtzee']['time2']=time(); $totalTime = $_SESSION['Yahtzee']['time'] - $time2; echo $totalTime; exit; } This doesn't work? Any idea

$_SESSION['Yahtzee']['totaltime'] = time(); $starttime = $_SESSION['Yahtzee']['totaltime']; $totaltime = time() - $starttime; echo $totaltime; still showing 0 hmmmmmmmm

I have a Yahtzee system session_start(); $_SESSION['Yahtzee']['totaltime'] =time(); echo $_SESSION['Yahtzee']['totaltime']; Now, Long STORY Short when somone finishes playing the Yahtzee, I update there username with the score they had, and I want to update how long they have been playing, and it will be for "Total Time Playing globally" no matter how many games. If I do this session and echo it out, it echo's out the time, but I need it to echo out seconds instead so I can just add that to my totaltime field in my database each time they finished a game.

Finally some Tough love Coding!!!! foreach ($letters2 as $letter2 => $lol) { $group .= '<a href="?a=(^_-)&group='.$letter2.'">'; if (isset($_GET['group']) && $_GET['group'] == $letter2){ echo $letter2; $group .="<b>$letter2</b>"; }else{ $group .= ''.$letters2[$letter2].''; } $group .= '</a>'; if ($letter2!="Loser"){ $group .=" • "; } } GOt it working! Man these arrays/foreachs are so awesome ! I am so hapy I am actually coding myself now, lol feel sgreat

$DB->query("SELECT g_title,g_id from ibf_groups where g_title NOT IN ('Validating','Guests') order by rank ASC"); while ($group = $DB->fetch_row()) { $data[$group['g_id']] = $group['g_title']; } $letters2 = $data; var_dump($data); $group=(empty($group))?'':$group; $group.='<center><div class=pages>Group: '; foreach ($letters2 as $letter2) { $group .= '<a href="?a=(^_-)&group='.$letter2.'">'; if (isset($_GET['group']) && $_GET['group'] == $letter2){ echo $letter2; $group .="<b>$letter2</b>"; }else{ $group .="$letter2"; } $group .= '</a>'; if ($letter2!="Loser"){ $group .=" • "; } } var dump: 4 => string 'Admin' (length=5) 8 => string 'Senior Moderator' (length=16) 6 => string 'Moderator' (length=9) 9 => string 'Members+' (length= 7 => string 'Donor' (length=5) 3 => string 'Members' (length=7) 5 => string 'Loser' (length=5) I need the first ARRAY 4, 8,6,9,7,3,5 to be put ontop my link $group .= '<a href="?a=(^_-)&group='.$letters2.'">'; I tried $letter2[$data] and everything for some reason cant get the id there

Okay, I looked at more Code above I guess some other code was using my variable $group... maybe next time I should use better/unique variable names... Thanks for the help thorpe, lol Saved the day again! Topic SOLVED!!

That's the nicest way to call me Retarded, (I Was asking for it in the title I guess? ) Lol okay here var_dump(array_shift($data)); returns back only 1 array string 'Validating' (length=10) I have g_icon as a field row in my ibf_groups Thorpe, but im not Calling it with my query, but it seems to be seen with the array? How if I am only selecting g_title? I checked any code above, i have nothing

$DB->query("SELECT g_title from ibf_groups where g_title NOT IN ('Validating','Guests') order by g_title"); while($group = $DB->fetch_row()){ $data[] = $group['g_title']; } echo $data[0]; var_dump($data); var dump 'TITLE' => string 'Validating' (length=10) 'ICON' => null 0 => string 'Admin' (length=5) 1 => string 'Donor' (length=5) 2 => string 'Loser' (length=5) 3 => string 'Members' (length=7) 4 => string 'Members+' (length= 5 => string 'Moderator' (length=9) 6 => string 'Senior Moderator' (length=16) how do I get rid of Validating? and ICON?

Hey, that works good. Quick question though, so I can understand what you did, How did u make the $letter only show once instead of each time, since it's on the same variable $menu? (and in the foreach??) (Im just trying to understand the code so I can learn it, Idon't want to steal code)