Jump to content

Help

unidox

By unidox
in PHP Coding Help

 Share

Recommended Posts

unidox Advanced Member

unidox

Posted
Posted

Here is my code:

 

class functions {

// Vars
var $user;
var $lvl;
var $group;
var $table;
var $table_id;
var $check;

function mysql_conn() {
	$db_user = "user"; // Username
	$db_pass = "*****"; // Password
	$db_database = "dbname"; // Database Name
	$db_host = "localhost"; // Server Hostname
	$db_connect = mysql_connect ($db_host, $db_user, $db_pass);
	$db_select = mysql_select_db ($db_database);
}

function lvl () {
	$this->mysql_conn();
	$user = $this->user;
	$q = mysql_query("SELECT * FROM `pcp_users` WHERE `username` = '$user'") or die (mysql_error());
	$r = mysql_fetch_array($q);	
	$this->lvl = $r['level'];	 // Find the users level.
	$this->group = $r['group'];
}

function chklvl ($name) {
	$this->mysql_conn();
	$q = mysql_query("SELECT * FROM `pcp_groups` WHERE `name` = '$name'") or die(mysql_error());
	$r = mysql_fetch_array($q);
	$name = $r['level'];
	return $name;
}

function check() {
	$this->mysql_conn();
	if ($this->lvl == 1) {
		$this->check = true;
	} else {
		$this->check = false;
	}
}

function create_log($string, $user_name) {
	$file = "beta/admin/logs/log.txt";
	$open = fopen($file, "ab");
	$ip = $_SERVER["REMOTE_ADDR"];
	$time = date("F j, Y, g:i a");
	$write = "Username: \"" . $user_name . "\" | IP: " . $ip . " | Date: " . $time . " | Action: " . $string . "\n";
	fwrite($open, $write);
	fclose($open);
}

function activeate_num() {
	// Generates 8 Digit Activation Number
        $allow = "abcdefghijkmnpqrstuvwxyz23456789";
        srand((double)microtime()*1000000);
        for($i=0; $i<8; $i++) {
        	$activation .= $allow[rand()%strlen($allow)];
        }
        return $activation;
}

function escape_data($data) { // Prevents SQL Injection
	$this->mysql_conn();
	global $db_connect;
	if (ini_get('magic_quotes_gpc')) {
		$data = stripslashes($data);
	}
	$data = ereg_replace("[\'\")(;|`,<>]", "", $data);
	$data = mysql_real_escape_string(trim($data));
	return stripslashes($data);
}

function delete($id, $link, $log, $name) {
	$this->mysql_conn();
	if (!is_numeric($id)) {
		header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_1" . "");
		exit();
	}
	$table = $this->table;
	$table_id = $this->table_id;
	$lvl = $this->lvl;
	$q = mysql_query("SELECT * FROM `" . $table . "` WHERE `" . $table_id . "` = '$id'") or die (mysql_error());
	$r = mysql_fetch_array($q);

	if ($lvl > $r['level']) {
		header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_2" . "&user=" . $r[$name] . "");
		exit();
	}
	if ($lvl == $r['level']) {
		header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_3" . "&user=" . $r[$name] . "");
		exit();
	}
	$q = mysql_query("SELECT * FROM `" . $table . "` WHERE `" . $table_id . "` = '$id'") or die(mysql_error());
	$r = mysql_fetch_array($q);
	//$this->create_log("Deleted " . $log . ": \"" . $r[$name] . "\"", $this->user);

	mysql_query("DELETE FROM `" . $table . "` WHERE `" . $table_id . "` = '$id'");
	header("Location: index.php?p=success&h=" . $link . "&e=" . $link . "_1" . "&user=" . $r[$name] . "");
	exit();
}

function add($array, $link, $log) {
	$this->mysql_conn();
	foreach ($array as $v) {
		if (preg_match("/password/i", $v)) {
			eval("$" . $v . " = " . md5($_POST[$v]) . ";");
			if ($password == "") {
				header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_4");
				exit();
			}
		} elseif (preg_match("/url/i", $v)) {
			eval("$" . $v . " = " . url($_POST[$v]) . ";");
			if ($url == "") {
				header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_7");
				exit();
			}
		} elseif (preg_match("/level/i", $v)) {
			if ($this->check == true) {
				eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");
				if ($level == 1) {
					$level = $this->chklvl("Users");
				}
				if (!is_numeric($level)) {
					header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_8");
					exit();
				} elseif ($level == "") {
					$level = $this->chklvl("Users");
				}
				$q = mysql_query("SELECT * FROM `pcp_groups` WHERE `level` = '$level'") or die(mysql_error());
		        $r = mysql_fetch_array($q);
		        $group = $r['name'];
			} else {
				$level = $this->chklvl("Users");
			}
		} elseif (preg_match("/active/i", $v)) {
			eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");
			if (!is_numeric($active)) {
				header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_9");
				exit();
			} elseif ($active == "") {
				$active = 2;
			}
		} else {
			eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");
			if (preg_match("/_required/i", $v)) {
				if ("$" . $v . "" == "") {
					header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_10&field=" . $v . "");
					exit();
				}
				eval("$" . $v . " = " . str_replace("_required", "", "$" . $v . "") . ";");
			}
		}
	}

	if (($username != "") || ($email != "")) {
		$q = mysql_query("SELECT * FROM `pcp_users` WHERE `username` = '$username' || `email` = '$email'");
		$r = mysql_fetch_array($q);

		if (($r['username'] == $username_required)) { // If there is already a member in the db
		    header("Location: index.php?p=users&s=add_user&e=6"); // Redirects to error "Sorry, that username/email is already in use, please use forget password to retrieve your account.".
		    exit();
		} elseif (($r['email'] == $email_required)) { // If there is already a member in the db
		    header("Location: index.php?p=users&s=add_user&e=7"); // Redirects to error "Sorry, that username/email is already in use, please use forget password to retrieve your account.".
		}
	}

	$this->create_log("Added " . $log . ": \"" . $username . "\"", $user_name);

	$sql = "INSERT INTO `" . $this->table . "` (";

	$count = count($array);

	$i = 0;
	while ($i < $count) {
		$sql .= $array[$i];
		$i++;
	}

	$sql .= ") VALUES (";
	$i = 0;
	while ($i < $count) {
		$sql .= "'$" . $array[$i] . "',";
		$i++;
	}
	$sql = substr($sql, 0, -1);

	$sql .= ")";

	mysql_query($sql) or die(mysql_error());

	header("Location: index.php?p=success&h=users&e=" . md5("user_3") . "&user=" . $username . "");
	exit();
}
}

 

But everytime I try an submit form data to it, i get the following errors:

 

 

Parse error: syntax error, unexpected ';' in /home/purecp/public_html/class.php(149) : eval()'d code on line 1

 

Parse error: syntax error, unexpected ';' in /home/purecp/public_html/class.php(149) : eval()'d code on line 1

 

Parse error: syntax error, unexpected ';' in /home/purecp/public_html/class.php(149) : eval()'d code on line 1

 

Parse error: syntax error, unexpected T_STRING in /home/purecp/public_html/class.php(111) : eval()'d code on line 1

 

Warning: Cannot modify header information - headers already sent by (output started at /home/purecp/public_html/class.php(149) : eval()'d code:1) in /home/purecp/public_html/class.php on line 113

 

Line 149 is: eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");

 

Line 111 is: eval("$" . $v . " = " . md5($_POST[$v]) . ";");

 

Line 113 is: header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_4");

 

Whats wrong? Thanks

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.