Jump to content

MOVED: PHP injecting into SQL database problem

fallen00sniper

By fallen00sniper
in Third Party Scripts

 Share

Recommended Posts

fallen00sniper Newbie

fallen00sniper

Posted
Posted

having a problem with this code and getting it to work properly with my database, someone else coded it up and gave it out freely, but i need to make one change to it and also it isn't communicating with my database properly with one table ExtWareHouse. Thanks to anyone that can help. Edit: no error it just doesn't copy the warehouse table to extwarehouse, this is for a MMORPG game MuOnline. thanks brian for letting me know to put it here in 3rd party you can del the other post if you want.

 

My Alteration

<table align="center" width="450" border="0" class="text_little">
  <tr>
    <td align="center"><?php
echo "Still debugging. :smile:";
?></td>
  </tr>
</table>
<form id="form1" name="form1" method="post" action="">
<table align="center" width="450" border="0" cellspacing="0" cellpadding="0" style="visibility:collapse;">
  <tr>
    <td>
<table align="center" width="450" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td align="center" width="450" class="text_little">For security purposes please verify your account.</td>
  </tr>
  <tr>
    <td height="5px"></td>
  </tr>
</table>
<table align="center" width="135" border="0" cellspacing="0" cellpadding="0" class="text_little">
  <tr>
    <td class="text_little">Anti-Dupe System:</td>
    <td style="color:#00ff00;">Enabled</td>
    <td class="text_little">.</td>
  </tr>
</table>
<table align="center" width="150" border="0" class="text">
  <tr>
    <td align="left">Username</td>
  </tr>
    <td align="left"><div><input name="id" type="text"  class="field" size="20" /></div></td>
  </tr>
  <tr>
    <td align="left">Password</td>
  </tr>
    <td align="left"><div><input name="clave" type="password" class="field" size="20" /></div></td>
  </tr>
  <tr>
    <td align="left"><div><input name="Submit" type="submit" value="Change Vault" class="button" /></div></td>
  </tr>
</table>
<table align="center" width="450" border="0" class="text_little">
  <tr>
    <td align="center"><?php
$conection = mssql_connect("127.0.0.1","sa","28772877") or die("SQL connection fail, verify your connection config.");
mssql_select_db("MuOnline",$conection);
function anti_injection( $mensaje )
{
$banlist = array
("insert","select","drop","update","delete","distinct","having","truncate","replace",
"handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-");
if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) )
{
$mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) );
}
else
{
$mensaje = NULL;
}
return $mensaje;
}
if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "")
{
$sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'";
$result = mssql_query($sql);
if($row = mssql_fetch_array($result))
{
  $sqlexiste = "SELECT AccountID FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'";
  $resultexiste = mssql_query($sqlexiste);
  if($rowexiste = mssql_fetch_array($resultexiste))
  {
   $sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'");
   $rschar = mssql_fetch_array($sqlchar);
   if(($rschar['ConnectStat'])==0)
   {
    $sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'");
    $rsbaul = mssql_fetch_array($sqlbaul);
    if(($rsbaul['number'])==1)
    {
     /* If I want my original vault */
     /* Save 2nd vault in extwarehouse table */
     $sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Update main vault to original content */
     $sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Clean main vault last data  */
     $sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    if(($rsbaul['number'])==0)
    {
     /* If I want 2nd vault */
     /* Save main vault data into charbaul table */
     $sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')";
     mssql_query($sql);
     /* Update main vault to 2nd vault data */
     $sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    echo "Your vault was changed successfully to";
   if(($rsbaul['number'])==0) echo " Vault 2.";
   if(($rsbaul['number'])==1) echo " Vault 1.";
   }
   else
   {
    echo "You must be offline to do this. vault change did not proceed!";
   }
  }
  else
  {
   echo "You don't have extravault, Please contact your Administrator!";
  }
}
else
{
  echo "Invalid Username or Password!";
}
mssql_free_result($result);
}
else
{
echo "You must complete all fields to change vault.";
}
mssql_close();
?></td>
  </tr>
</table>
    </td>
  </tr>
</table>
</form>

Original Script

<?
$conection = mssql_connect("127.0.0.1","sa","28772877") or die("SQL connection fail, verify your connection config.");
mssql_select_db("MuOnline",$conection);
function anti_injection( $mensaje )
{
$banlist = array
("insert","select","drop","update","delete","distinct","having","truncate","replace",
"handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-");
if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) )
{
$mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) );
}
else
{
$mensaje = NULL;
}
return $mensaje;
}
if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "")
{
$sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'";
$result = mssql_query($sql);
if($row = mssql_fetch_array($result))
{
  $sqlexiste = "SELECT AccountID FROM EXTWAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'";
  $resultexiste = mssql_query($sqlexiste);
  if($rowexiste = mssql_fetch_array($resultexiste))
  {
   $sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'");
   $rschar = mssql_fetch_array($sqlchar);
   if(($rschar['ConnectStat'])==0)
   {
    $sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'");
    $rsbaul = mssql_fetch_array($sqlbaul);
    if(($rsbaul['number'])==1)
    {
     /* If I want my original vault */
     /* Save 2nd vault in extwarehouse table */
     $sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Update main vault to original content */
     $sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Clean main vault last data  */
     $sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    if(($rsbaul['number'])==0)
    {
     /* If I want 2nd vault */
     /* Save main vault data into charbaul table */
     $sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')";
     mssql_query($sql);
     /* Update main vault to 2nd vault data */
     $sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    echo "-".anti_injection($HTTP_POST_VARS["id"])." vault changed successfully!";
   }
   else
   {
    echo "You must be offline, vault change did not proceed!";
   }
  }
  else
  {
   echo "You don't have extravault, contact your administrator!";
  }
}
else
{
  echo "Login fail!";
}
mssql_free_result($result);
}
else
{
echo "You must to complete all field to login!";
}
mssql_close();
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.