rotoxis
-
Posts
6 -
Joined
-
Last visited
Never
Everything posted by rotoxis
-
i dont know how to do that can u write a code for me please :::)) ty
-
Nothing <?php
-
Well, Im trying download all these Images for my Item Database http://itemdb-rs.runescape.com/2646_obj_sprite.gif?id=9 From id=10 to id = id=2391 and put them into a folder on my FTP Thanks In Advance
-
I have found a tutorial what ive been looking for for Agers The outcome should go to http://itemdb-rs.runescape.com/frontpage.ws Use the search feature and pull the Result for Magic Now i found a tutorial first you have to add the Table Structure CREATE TABLE IF NOT EXISTS `items` ( `itemid` int(255) NOT NULL, `url` varchar(500) NOT NULL, `itemname` varchar(500) NOT NULL, `minprice` varchar(255) NOT NULL, `maxprice` varchar(255) NOT NULL, `midprice` varchar(255) NOT NULL, `updated` time NOT NULL, `7days` varchar(500) NOT NULL, `30days` varchar(500) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; Now for Import.php <?php $user = "pie_root"; $pass = "password" $host = "localhost"; $conn = mysql_connect($host, $user, $pass); mysql_select_db("pie_runescape", $conn) or die(mysql_error()); $i = 0; while($i < 20000) { ini_set('max_execution_time', -1); $file = @fopen("http://itemdb-rs.runescape.com/viewitem.ws?obj=" . $i, "rb"); $contents = ''; while(!feof($file)) { $contents .= fread($file, 8192); } fclose($file); $lines = explode("\n", $contents); if($lines[207] == 'The item you were trying to view could not be found.') { echo $lines[207] . "<br />"; } else { //print_r($lines); $lines[225] = explode(" ", $lines[225]); $day = str_replace(array('class="rise">', "</span>", 'class="drop">', 'class="stay">'), "", $lines[225][3]); $lines[228] = explode(" ", $lines[228]); $days = str_replace(array('class="rise">', '</span>', 'class="drop">', 'class="stay">'), "", $lines[228][3]); $min = explode(" ", $lines[214]); $mid = explode(" ", $lines[217]); $max = explode(" ", $lines[220]); $itemname = addslashes($lines[205]); mysql_query("INSERT INTO `items` VALUES ('$i', 'http://itemdb-rs.runescape.com/viewitem.ws?obj=" . $i . "', '$itemname', '$min[2]', '$max[2]', '$mid[2]', 'NOW()', '$day', '$days')"); } $i++; } ?> WHEN I RAN THIS CODE ON MY WEBHOST 000WEBHOST I GOT IP BANNED FROM MY SITE AND IT DID NOT IMPUT ANYTHING INTO THE DATABASE Now next is Index.php <?php $user = "user"; $pass = "password"; $host = "localhost"; $conn = mysql_connect($host, $user, $pass); mysql_select_db("pie_runescape", $conn) or die(mysql_error()); if(isset($_GET['id'])) { echo "<table border=\"1\" width=\"80%\">\n"; echo "<tr><th>ID</th><th>Name</th><th>Min Price</th><th>Mid Price</th><th>Max Price</th><th>7Days</th><th>30days</th></tr>\n"; $id = mysql_real_escape_string($_GET['id']); $query = mysql_query("SELECT * FROM `items` WHERE `itemid` = '$id'"); while($row = mysql_fetch_array($query)) { echo "<tr><td>" . $row['itemid'] . "</td><td>" . $row['itemname'] . "</td><td>" . $row['minprice'] . "</td><td>" . $row['midprice'] . "</td><td>" . $row['maxprice'] . "</td><td>" . $row['7days'] . "</td><td>" . $row['30days'] . "</td></tr>"; } } else if(isset($_GET['name'])) { echo "<table border=\"1\" width=\"80%\">\n"; echo "<tr><th>ID</th><th>Name</th><th>Min Price</th><th>Mid Price</th><th>Max Price</th><th>7Days</th><th>30days</th></tr>\n"; $name = mysql_real_escape_string($_GET['name']); $query = mysql_query("SELECT * FROM `items` WHERE `itemaname` LIKE '%$name%' DESC"); while($row = mysql_fetch_array($query)) { echo "<tr><td>" . $row['itemid'] . "</td><td>" . $row['itemname'] . "</td><td>" . $row['minprice'] . "</td><td>" . $row['midprice'] . "</td><td>" . $row['maxprice'] . "</td><td>" . $row['7days'] . "</td><td>" . $row['30days'] . "</td></tr>"; } } ?> <form> Search by ID: <input type="text" name="id" /> <input type="submit" value="Search" /><br /> </form> <form> Search by Name(Keywords): <input type="text" name="name" /><input type="submit" value="Search" /> </form> Can anyone find anything rong with this script is so please help Thanks in advanced Feel free to add on msn lassox@live.co.uk if its easyer EDITED BY akitchin: removed the obnoxiously large font - please avoid using ultra-sized fonts in future posts.
-
Cheers mate Ill start fixing the issues How can i fix the XSS ?
-
<? error_reporting(7); $max_file_size="1024"; $max_combined_size="2048"; $file_uploads="2"; $websitename="Security Test."; $random_name=true; $allow_types=array("jpg","gif","png"); $folder="./uploads/"; $full_url="http://www.url.info/uploads/"; $fullpath=""; $password=""; $password_md5=md5($password); If($password) { If($_POST['verify_password']==true) { If(md5($_POST['check_password'])==$password_md5) { setcookie("phUploader",$password_md5,time()+86400); sleep(1); header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit; } } } $password_form=""; If($password) { If($_COOKIE['phUploader']!=$password_md5) { $password_form="<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n"; $password_form.="<table align=\"center\" class=\"table\">\n"; $password_form.="<tr>\n"; $password_form.="<td width=\"100%\" class=\"table_header\" colspan=\"2\">Password Required</td>\n"; $password_form.="</tr>\n"; $password_form.="<tr>\n"; $password_form.="<td width=\"35%\" class=\"table_body\">Enter Password:</td>\n"; $password_form.="<td width=\"65%\" class=\"table_body\"><input type=\"password\" name=\"check_password\" /></td>\n"; $password_form.="</tr>\n"; $password_form.="<td colspan=\"2\" align=\"center\" class=\"table_body\">\n"; $password_form.="<input type=\"hidden\" name=\"verify_password\" value=\"true\">\n"; $password_form.="<input type=\"submit\" value=\" Verify Password \" />\n"; $password_form.="</td>\n"; $password_form.="</tr>\n"; $password_form.="</table>\n"; $password_form.="</form>\n"; } } function get_ext($key) { $key=strtolower(substr(strrchr($key, "."), 1)); $key=str_replace("jpeg","jpg",$key); return $key; } $ext_count=count($allow_types); $i=0; foreach($allow_types AS $extension) { If($i <= $ext_count-2) { $types .="*.".$extension.", "; } Else { $types .="*.".$extension; } $i++; } unset($i,$ext_count); $error=""; $display_message=""; $uploaded==false; If($_POST['submit']==true AND !$password_form) { For($i=0; $i <= $file_uploads-1; $i++) { If($_FILES['file']['name'][$i]) { $ext=get_ext($_FILES['file']['name'][$i]); $size=$_FILES['file']['size'][$i]; $max_bytes=$max_file_size*1024; If($random_name){ $file_name[$i]=time()+rand(0,100000).".".$ext; } Else { $file_name[$i]=$_FILES['file']['name'][$i]; } If(!in_array($ext, $allow_types)) { $error.= "Invalid extension for your file: ".$_FILES['file']['name'][$i].", only ".$types." are allowed.<br />Your file(s) were <b>not</b> uploaded.<br />"; } Elseif($size > $max_bytes) { $error.= "Your file: ".$_FILES['file']['name'][$i]." is to big. Max file size is ".$max_file_size."kb.<br />Your file(s) were <b>not</b> uploaded.<br />"; } Elseif(file_exists($folder.$file_name[$i])) { $error.= "The file: ".$_FILES['file']['name'][$i]." exists on this server, please rename your file.<br />Your file(s) were <b>not</b> uploaded.<br />"; } } } $total_size=array_sum($_FILES['file']['size']); $max_combined_bytes=$max_combined_size*1024; If($total_size > $max_combined_bytes) { $error.="The max size allowed for all your files combined is ".$max_combined_size."kb<br />"; } If($error) { $display_message=$error; } Else { For($i=0; $i <= $file_uploads-1; $i++) { If($_FILES['file']['name'][$i]) { If(@move_uploaded_file($_FILES['file']['tmp_name'][$i],$folder.$file_name[$i])) { $uploaded=true; } Else { $display_message.="Couldn't copy ".$file_name[$i]." to server, please make sure ".$folder." is chmod 777 and the path is correct.\n"; } } } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Language" content="en-us" /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title><?php echo $websitename; ?> - Powered By ?</title> <style type="text/css"> body{ background-color:#FFFFFF; font-family: Verdana, Arial, sans-serif; font-size: 12pt; color: #000000; } .error_message{ font-family: Verdana, Arial, sans-serif; font-size: 11pt; color: #FF0000; } .uploaded_message{ font-family: Verdana, Arial, sans-serif; font-size: 11pt; color: #000000; } a:link{ text-decoration:none; color: #000000; } a:visited{ text-decoration:none; color: #000000; } a:hover{ text-decoration:none; color: #000000; } .table { border-collapse:collapse; border:1px solid #000000; width:450px; } .table_header{ border:1px solid #070707; background-color:#C03738; font-family: Verdana, Arial, sans-serif; font-size: 11pt; font-weight:bold; color: #FFFFFF; text-align:center; padding:2px; } .upload_info{ border:1px solid #070707; background-color:#EBEBEB; font-family: Verdana, Arial, sans-serif; font-size: 8pt; color: #000000; padding:4px; } .table_body{ border:1px solid #070707; background-color:#EBEBEB; font-family: Verdana, Arial, sans-serif; font-size: 10pt; color: #000000; padding:2px; } .table_footer{ border:1px solid #070707; background-color:#C03738; text-align:center; padding:2px; } input,select,textarea { font-family: Verdana, Arial, sans-serif; font-size: 10pt; color: #000000; background-color:#AFAEAE; border:1px solid #000000; } .copyright { border:0px; font-family: Verdana, Arial, sans-serif; font-size: 9pt; color: #000000; text-align:right; } form{ padding:0px; margin:0px; } </style> <? If($password_form) { Echo $password_form; } Elseif($uploaded==true) {?> <table align="center"class="table"> <tr> <td class="table_header" colspan="2"><b>Your file(s) have been uploaded!</b> </td> </tr> <tr> <td class="table_body"> <br /> <? For($i=0; $i <= $file_uploads-1; $i++) { If($_FILES['file']['name'][$i]) { $file=$i+1; Echo("<b>File #".$file.":</b> <a href=\"".$full_url.$file_name[$i]."\" target=\"_blank\">".$full_url.$file_name[$i]."</a><br /><br />\n"); } } ?> <br /> <a href="<?=$_SERVER['PHP_SELF'];?>">Go Back</a> <br /> </td> </tr> </table> <?} Else {?> <?If($display_message){?> <div align="center" class="error_message"><?=$display_message;?></div> <br /> <?}?> <form action="<?=$_SERVER['PHP_SELF'];?>" method="post" enctype="multipart/form-data" name="phuploader"> <table align="center"class="table"> <tr> <td class="table_header" colspan="2"><b><?=$websitename;?></b> </td> </tr> <tr> <td colspan="2" class="upload_info"> <b>Allowed Types:</b> <?=$types?><br /> <b>Max size per file:</b> <?=$max_file_size?>kb.<br /> <b>Max size for all files combined:</b> <?=$max_combined_size?>kb.<br /> </td> </tr> <?For($i=0;$i <= $file_uploads-1;$i++) {?> <tr> <td class="table_body" width="20%"><b>Select File:</b> </td> <td class="table_body" width="80%"><input type="file" name="file[]" size="30" /></td> </tr> <?}?> <tr> <td colspan="2" align="center" class="table_footer"> <input type="hidden" name="submit" value="true" /> <input type="submit" value=" Upload File(s) " /> <input type="reset" name="reset" value=" Reset Form " /> </td> </tr> </table> </form> <?}//Footer?> <table width="703" align="center" class="table" style="border:0px;"> <tr> <td width="695"><div class="copyright">©<a href="http://www.url.info" target="_blank" title="Security">Security Test</a></div></td> </tr> </table> </body> </html> Is that script 100% Secure ? Thanks in Advanced