Jump to content

Help

unidox

By unidox
in PHP Coding Help

Recommended Posts

unidox Advanced Member

unidox

Posted
Posted

Here is my code:

 

class functions {

// Vars
var $user;
var $lvl;
var $group;
var $table;
var $table_id;
var $check;

function mysql_conn() {
	$db_user = "user"; // Username
	$db_pass = "*****"; // Password
	$db_database = "dbname"; // Database Name
	$db_host = "localhost"; // Server Hostname
	$db_connect = mysql_connect ($db_host, $db_user, $db_pass);
	$db_select = mysql_select_db ($db_database);
}

function lvl () {
	$this->mysql_conn();
	$user = $this->user;
	$q = mysql_query("SELECT * FROM `pcp_users` WHERE `username` = '$user'") or die (mysql_error());
	$r = mysql_fetch_array($q);	
	$this->lvl = $r['level'];	 // Find the users level.
	$this->group = $r['group'];
}

function chklvl ($name) {
	$this->mysql_conn();
	$q = mysql_query("SELECT * FROM `pcp_groups` WHERE `name` = '$name'") or die(mysql_error());
	$r = mysql_fetch_array($q);
	$name = $r['level'];
	return $name;
}

function check() {
	$this->mysql_conn();
	if ($this->lvl == 1) {
		$this->check = true;
	} else {
		$this->check = false;
	}
}

function create_log($string, $user_name) {
	$file = "beta/admin/logs/log.txt";
	$open = fopen($file, "ab");
	$ip = $_SERVER["REMOTE_ADDR"];
	$time = date("F j, Y, g:i a");
	$write = "Username: \"" . $user_name . "\" | IP: " . $ip . " | Date: " . $time . " | Action: " . $string . "\n";
	fwrite($open, $write);
	fclose($open);
}

function activeate_num() {
	// Generates 8 Digit Activation Number
        $allow = "abcdefghijkmnpqrstuvwxyz23456789";
        srand((double)microtime()*1000000);
        for($i=0; $i<8; $i++) {
        	$activation .= $allow[rand()%strlen($allow)];
        }
        return $activation;
}

function escape_data($data) { // Prevents SQL Injection
	$this->mysql_conn();
	global $db_connect;
	if (ini_get('magic_quotes_gpc')) {
		$data = stripslashes($data);
	}
	$data = ereg_replace("[\'\")(;|`,<>]", "", $data);
	$data = mysql_real_escape_string(trim($data));
	return stripslashes($data);
}

function delete($id, $link, $log, $name) {
	$this->mysql_conn();
	if (!is_numeric($id)) {
		header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_1" . "");
		exit();
	}
	$table = $this->table;
	$table_id = $this->table_id;
	$lvl = $this->lvl;
	$q = mysql_query("SELECT * FROM `" . $table . "` WHERE `" . $table_id . "` = '$id'") or die (mysql_error());
	$r = mysql_fetch_array($q);

	if ($lvl > $r['level']) {
		header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_2" . "&user=" . $r[$name] . "");
		exit();
	}
	if ($lvl == $r['level']) {
		header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_3" . "&user=" . $r[$name] . "");
		exit();
	}
	$q = mysql_query("SELECT * FROM `" . $table . "` WHERE `" . $table_id . "` = '$id'") or die(mysql_error());
	$r = mysql_fetch_array($q);
	//$this->create_log("Deleted " . $log . ": \"" . $r[$name] . "\"", $this->user);

	mysql_query("DELETE FROM `" . $table . "` WHERE `" . $table_id . "` = '$id'");
	header("Location: index.php?p=success&h=" . $link . "&e=" . $link . "_1" . "&user=" . $r[$name] . "");
	exit();
}

function add($array, $link, $log) {
	$this->mysql_conn();
	foreach ($array as $v) {
		if (preg_match("/password/i", $v)) {
			eval("$" . $v . " = " . md5($_POST[$v]) . ";");
			if ($password == "") {
				header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_4");
				exit();
			}
		} elseif (preg_match("/url/i", $v)) {
			eval("$" . $v . " = " . url($_POST[$v]) . ";");
			if ($url == "") {
				header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_7");
				exit();
			}
		} elseif (preg_match("/level/i", $v)) {
			if ($this->check == true) {
				eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");
				if ($level == 1) {
					$level = $this->chklvl("Users");
				}
				if (!is_numeric($level)) {
					header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_8");
					exit();
				} elseif ($level == "") {
					$level = $this->chklvl("Users");
				}
				$q = mysql_query("SELECT * FROM `pcp_groups` WHERE `level` = '$level'") or die(mysql_error());
		        $r = mysql_fetch_array($q);
		        $group = $r['name'];
			} else {
				$level = $this->chklvl("Users");
			}
		} elseif (preg_match("/active/i", $v)) {
			eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");
			if (!is_numeric($active)) {
				header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_9");
				exit();
			} elseif ($active == "") {
				$active = 2;
			}
		} else {
			eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");
			if (preg_match("/_required/i", $v)) {
				if ("$" . $v . "" == "") {
					header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_10&field=" . $v . "");
					exit();
				}
				eval("$" . $v . " = " . str_replace("_required", "", "$" . $v . "") . ";");
			}
		}
	}

	if (($username != "") || ($email != "")) {
		$q = mysql_query("SELECT * FROM `pcp_users` WHERE `username` = '$username' || `email` = '$email'");
		$r = mysql_fetch_array($q);

		if (($r['username'] == $username_required)) { // If there is already a member in the db
		    header("Location: index.php?p=users&s=add_user&e=6"); // Redirects to error "Sorry, that username/email is already in use, please use forget password to retrieve your account.".
		    exit();
		} elseif (($r['email'] == $email_required)) { // If there is already a member in the db
		    header("Location: index.php?p=users&s=add_user&e=7"); // Redirects to error "Sorry, that username/email is already in use, please use forget password to retrieve your account.".
		}
	}

	$this->create_log("Added " . $log . ": \"" . $username . "\"", $user_name);

	$sql = "INSERT INTO `" . $this->table . "` (";

	$count = count($array);

	$i = 0;
	while ($i < $count) {
		$sql .= $array[$i];
		$i++;
	}

	$sql .= ") VALUES (";
	$i = 0;
	while ($i < $count) {
		$sql .= "'$" . $array[$i] . "',";
		$i++;
	}
	$sql = substr($sql, 0, -1);

	$sql .= ")";

	mysql_query($sql) or die(mysql_error());

	header("Location: index.php?p=success&h=users&e=" . md5("user_3") . "&user=" . $username . "");
	exit();
}
}

 

But everytime I try an submit form data to it, i get the following errors:

 

 

Parse error: syntax error, unexpected ';' in /home/purecp/public_html/class.php(149) : eval()'d code on line 1

 

Parse error: syntax error, unexpected ';' in /home/purecp/public_html/class.php(149) : eval()'d code on line 1

 

Parse error: syntax error, unexpected ';' in /home/purecp/public_html/class.php(149) : eval()'d code on line 1

 

Parse error: syntax error, unexpected T_STRING in /home/purecp/public_html/class.php(111) : eval()'d code on line 1

 

Warning: Cannot modify header information - headers already sent by (output started at /home/purecp/public_html/class.php(149) : eval()'d code:1) in /home/purecp/public_html/class.php on line 113

 

Line 149 is: eval("$" . $v . " = " . $this->escape_data($_POST[$v]) . ";");

 

Line 111 is: eval("$" . $v . " = " . md5($_POST[$v]) . ";");

 

Line 113 is: header("Location: index.php?p=error&h=" . $link . "&e=" . $link . "_4");

 

Whats wrong? Thanks

Link to comment
https://forums.phpfreaks.com/topic/108052-help/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.