alexrho Posted January 17, 2010 Share Posted January 17, 2010 Hello i have bought a web-based game and i am experiencing problem with two things First At the main page there is a link that says reset password ( if you have forgoten your pass ) You must enter username and email that work ok but the email never arrives i searched and found the php code for this html> <head> <title></title> <link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css"> <script language="javascript"> function showTxt(id) { document.getElementById(id).style.position = "relative"; document.getElementById(id).style.visibility = "visible"; } </script> </head> <body style="margin: 0px; overflow: hidden;"> <table align="center" class="2"> <?php /* ------------------------- */ if($_GET['x'] == "lostpass") { print " <tr><td class=\"subTitle\"><b>Forgot Password</b></td></tr>\n"; if(isset($_GET['id'],$_GET['code'])) { $dbres = mysql_query("SELECT `login` FROM `[temp]` WHERE `id`='{$_GET['id']}' AND `code`='{$_GET['code']}' AND `area`='lostpass'"); if($data = mysql_fetch_object($dbres)) { $dbres = mysql_query("SELECT `login`,`email`,`pass` FROM `[users]` WHERE `login`='{$data->login}'"); $data = mysql_fetch_object($dbres); $newpass = rand(100000,999999); mysql_query("UPDATE `[users]` SET `pass`=MD5('$newpass') WHERE `login`='{$data->login}'"); mysql_query("DELETE FROM `[temp]` WHERE `id`='{$_GET['id']}'"); mail("[email protected]","$page->sitetitle Password","Your password has been reset. You can now login: New Password = $newpass Best Regards The Management ", "From: [ Extreme Mobster ] Services\n"); print " <tr><td class=\"mainTxt\">Your new password has been emailed to {$data->email}</td></tr>\n"; } } else if(isset($_POST['email'],$_POST['login'])) { $dbres = mysql_query("SELECT `login`,`email` FROM `[users]` WHERE `login`='{$_POST['login']}' AND `email`='{$_POST['email']}'AND `activated`=1"); if($data = mysql_fetch_object($dbres)) { $code = rand(100000,999999); mysql_query("INSERT INTO `[temp]`(`login`,`code`,`area`,`time`) values('{$data->login}',$code,'lostpass',NOW())"); $id = mysql_insert_id(); mail("[email protected]","[ Extreme Mobster ] Password","There has been a request to reset your password. If you requested your password resetting, do not ignore this email. Click on the Link:\n$sitelink/login.php?x=lostpass&id=$id&code=$code Want to get a better experience out of The Gangster Game? Why not purchase some VIP Credits from the website and have a look through the Credit Store. Both options can be found in the top right panel of the website once logged in. ¬ Thank You for being part of our website and we wish you success in the game. Best Regards The Management ","From: [ The Gangster Game ] Services"); print " <tr><td class=\"mainTxt\">There has been an email sent to {$data->email} with further intructions, please check your bulk mail</td></tr>\n"; } else print " <tr><td class=\"mainTxt\">There is no such user with that login name and email.</td></tr>\n"; } print <<<ENDHTML <tr><td class="mainTxt" align="center"><br> <form method="post"><table class="2"> <tr><td width=100>Login Name:</td> <td><input type="text" name="login"></td></tr> <tr><td width=100>E-Mail:<td> <td><input style="position: relative; left: -162;" type="text" name="email"></td></tr> <tr><td></td> <td align="right"><input class="2" style="position: relative; left: -48;" type="submit" value="Receive Password" style="width: 100"></td></tr> </form></table></td></tr> ENDHTML; } else if($data) { print " <tr><td class=\"subTitle\"><b>Login</b></td></tr>\n"; if($data->klikmissie == 1) { print " <tr><td class=\"mainTxt\" align=\"center\">You have now logged in!. Click <a href=\"index2.php\" target=\"_parent\"><b>Here</b></a> to enter and play the game, or just to watch. <script language=\"javascript\">setTimeout('parent.window.location.href=\"index2.php\"',1200)</script></td></tr>\n"; } else print " <tr><td class=\"mainTxt\" align=\"center\">You have now logged in!. Click <a href=\"index2.php\" target=\"_parent\"><b>Here</b></a> to enter and play the game, or just to watch.. <script language=\"javascript\">setTimeout('parent.window.location.href=\"index2.php\"',1200)</script></td></tr>\n"; } else { print " <tr><td class=\"subTitle\"><b>Login</b></td></tr>\n"; if(isset($_POST['login'],$_POST['pass'])) print " <tr><td class=\"mainTxt\">Wrong Login Name or Password</td></tr>\n"; print <<<ENDHTML <script language="JavaScript"> <!-- window.location="index.php"; //--> </script> <tr><td class="mainTxt" width="100"> <form method="post"><table align="center" class="2"> <tr><td width=100>Login:</td> <td><input type="text" name="login" maxlength=16 style="width: 150;"></td></tr> <tr><td width=100>Password:</td> <td><input type="password" name="pass" maxlength=16 style="width: 150;"></td></tr> <tr><td></td><td style="position: relative; left: 25;"><input class="2" type="submit" name="submit" style="width: 100;" value="Login"></td></tr> </table></form> </td></tr> <tr><td class="mainTxt" width="100" align="center"><a href="login.php?x=lostpass">Forgot Password?</a></td></tr> ENDHTML; } if($_GET['x'] == "logout") print " <link rel=\"stylesheet\" type=\"text/css\" href=\"<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css\"><tr><td class=\"subTitle\"><b>Logout</b></td></tr>\n <tr><td class=\"mainTxt\">You have now logged out\n <script language=\"javascript\">setTimeout('parent.window.location.href=\"index.php\"',1)</script></td></tr>\n"; /* ------------------------- */ ?> </table> </body> </html> The second is that as an admin i tried to sent mass mail . The email seems to sent but the email to the reciepents never get there <?php set_time_limit(0); include('../_include-config.php'); if($data->login != $admin1 && $data->login != $admin2) { exit; } if (isset($_POST['mailing'])) { $rMember = mysql_query("SELECT login, email FROM `[users]`"); while ($aMember = mysql_fetch_assoc($rMember)) { $sBericht = str_replace('{naam}', $aMember['login'], $_POST['mailing']); @mail($aMember['email'], $_POST['titel'], $sBericht, 'From: [EuroGangster] <[email protected]>'); echo 'Sent!!..'; } } else { ?> <link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css"> <table align="center" width=100%> <tr><td class="subTitle">Mass Email - Sent to all Members</b></td></tr> <tr><td class="mainTxt"> <form method="post" action="" name=""> Subject: <input type="text" name="titel" value="<? echo $title ?> Email Subject"> Email:<br> <textarea cols=40 rows=10 name="mailing"> Dear {naam} </textarea><p /> <input type="submit" value="Send Email" name="submit"> </form> </table> <? if($_GET['killed']) { mysql_query("UPDATE `[users]` SET `vermoord`='0' WHERE `login`='naamnaarkeuze'"); } ?> <?php } mysql_close($db); ?> Please help me fix that because i ve some money for this i also found this file mail.php in the admin maybe it helps <?php ob_start(); include("../_include-config.php"); if(! check_login()) { header("Location: ../login.php"); exit; } if($data->login != $admin1 && $data->login != $admin2 && $data->login != botchecker) { exit; } ?> <title><?php echo $page->sitetitle; ?></title> <link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css"> <? $sql=mysql_query("SELECT email FROM `[users]` "); while($arr=mysql_fetch_array($sql)) { echo $arr['email'] . '<br/>'; } ?> and here is the include file <?php error_reporting(0); include("settings.php"); function quote_smart($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if(version_compare(phpversion(),"4.3.0") == "-1") { return mysql_escape_string($value); } else { return mysql_real_escape_string($value); } } if(!(@mysql_connect("$host","$user","$pass") && @mysql_select_db("$tablename"))) { print <<<ENDHTML <html> <head> <title><?php echo $page->sitetitle; ?></title> <link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css"> <script language="javascript"> function showTxt(id) { document.getElementById(id).style.position = "relative"; document.getElementById(id).style.visibility = "visible"; } </script> </head> <table width=50%> <tr><td class="subTitle"><b>Game is offline</b></td></tr> <tr><td class="mainTxt"> <center>There has been a temporary disturbance. This will be corrected as soon as possible. Thank you for your understanding and patience! </center> </td></tr> </table> </body> </html> ENDHTML; exit; } error_reporting ( 0 ); session_start(); include("_include-funcs2.php"); if(isset($_SESSION['login'])) { $dbres = mysql_query("SELECT *,UNIX_TIMESTAMP(`signup`) AS `signup`,UNIX_TIMESTAMP(`online`) AS `online` FROM `[users]` WHERE `login`='{$_SESSION['login']}'"); $data = mysql_fetch_object($dbres); if($data->ip == '') { $IP = $_SERVER['REMOTE_ADDR']; mysql_query("UPDATE `[users]` SET `IP`='$IP' WHERE `login`='$data->login'"); } } foreach($_POST as $key => $value) { if(gettype($_POST[$key]) == "array") foreach($_POST[$key] as $key2 => $value2) $_POST[$key][$key2] = addslashes($_POST[$key][$key2]); else $_POST[$key] = addslashes($_POST[$key]); } foreach($_GET as $key => $value) { if(gettype($_GET[$key]) == "array") foreach($_GET[$key] as $key2 => $value2) $_GET[$key][$key2] = addslashes($_GET[$key][$key2]); else $_GET[$key] = addslashes($_GET[$key]); } foreach($_COOKIE as $key => $value) { if(gettype($_COOKIE[$key]) == "array") foreach($_COOKIE[$key] as $key2 => $value2) $_COOKIE[$key][$key2] = addslashes($_COOKIE[$key][$key2]); else $_COOKIE[$key] = addslashes($_COOKIE[$key]); } $clientIP = $_SERVER['REMOTE_ADDR']; $forwardedFor = ($_SERVER['HTTP_X_FORWARDED_FOR'] != "") ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['HTTP_CLIENT_IP']; $forwardedFor = preg_replace('/, .+/','',$forwardedFor); $dbres = mysql_query("SELECT `id` FROM `[users]` WHERE `level`='-1' AND `login`='{$data->login}'"); if(mysql_num_rows($dbres) == 1) { print " <html> <head> <title><?php echo $page->sitetitle; ?></title> <link rel=\"stylesheet\" type=\"text/css\" href=\"<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css\"> </head> <body> <center><table align=\"center\" width=\"50%\"> <tr><td class=\"subTitle\"><b>Unbanned</b></td></tr> <tr><td class=\"mainTxt\">You are unbanned. If you want to re-enter The Gangster Game, Click on this Link:<br> <center><a href=\"klikmissiebanned.php\" target=\"_new\"><img style=\"border; 1px solid #000000;\" src=\"images/stem.gif\" width=\"100\" height=\"20\"></a></center></td></tr> </table> </body> </html> "; mysql_query("UPDATE `[users]` SET `IP`='$clientIP' WHERE `login`='$data->login'"); exit; } if(isset($UPDATE_DB)) { $dbres = mysql_query("SELECT UNIX_TIMESTAMP(`time`) AS `time`,`name` FROM `[cron]`"); while($x = mysql_fetch_object($dbres)) $update[$x->name] = $x->time; if(floor($update['hour']/3600) != floor(time()/3600)) { $dbres = mysql_query("SELECT GET_LOCK('hour_update',0)"); if(mysql_result($dbres,0) == 1) { $cron_pass = "secretcronpassword"; mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='hour'"); include("_cron_hour.php"); mysql_query("SELECT RELEASE_LOCK('hour_update')"); } } if(floor($update['day']/86400) != floor(time()/86400)) { $dbres = mysql_query("SELECT GET_LOCK('day_update',0)"); if(mysql_result($dbres,0) == 1) { $cron_pass = "secretcronpassword"; mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='day'"); include("_cron_day.php"); mysql_query("SELECT RELEASE_LOCK('day_update')"); } } if(floor($update['week']/604800) != floor(time()/604800)) { $dbres = mysql_query("SELECT GET_LOCK('week_update',0)"); if(mysql_result($dbres,0) == 1) { $cron_pass = "secretcronpassword"; mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='week'"); include("_cron_week.php"); mysql_query("SELECT RELEASE_LOCK('week_update')"); } } if(date('n',$update['month']) != date('n',time())) { $dbres = mysql_query("SELECT GET_LOCK('month_update',0)"); if(mysql_result($dbres,0) == 1) { $cron_pass = "secretcronpassword"; mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='month'"); include("_cron_month.php"); mysql_query("SELECT RELEASE_LOCK('month_update')"); } } if((date('G',time()) >= 16 && date('z',time()) != date('z',$update['horserace'])) || (date('G',time()) >= 21 && date('G',$update['horserace']) < 21)) { $dbres = mysql_query("SELECT GET_LOCK('horserace_update',0)"); if(mysql_result($dbres,0) == 1) { $cron_pass = "secretcronpassword"; mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='horserace'"); include("_cron_horserace.php"); mysql_query("SELECT RELEASE_LOCK('horserace_update')"); } } } mysql_query("UPDATE `[users]` SET `online2`='ja' WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(`online`) < 300"); mysql_query("UPDATE `[users]` SET `online2`='nee' WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(`online`) >= 300"); $dbres = mysql_query("SELECT *,UNIX_TIMESTAMP(`signup`) AS `signup`,UNIX_TIMESTAMP(`online`) AS `online` FROM `[users]` WHERE `login`='{$_SESSION['login']}'"); $data = mysql_fetch_object($dbres); if($data->rankvord >= 100 && $data->rank <17) { $rank = array("Cafone","LowLife","Pickpocket","Shoplifter","Mugger","Thief","WiseGuy","Associate","Mobster","Gangster","Assassin","Good Fella","Mob Boss","The Don","The Lengendary Don","The Godfather","The Legendary Godfather"); $rank = $rank[$data->rank]; mysql_query("UPDATE `[users]` SET `rank`=`rank`+'1',`rankvord`=`rankvord`-'100' WHERE `login`='".$data->login."'"); mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) VALUES(NOW(),'**Note**','".$data->login."','Rank Increased','You have been promted to ".$rank.".')"); } if($data->rijbewijsmissie == 10 AND $data->rijbewijsauto > 4){ mysql_query("UPDATE `tunegarage` SET `banden`=`banden`+'$rand1',`motor`=`motor`+'$rand8',`interieur`=`interieur`+'$rand2',`uitlaat`=`uitlaat`+'$rand3',`remmen`=`remmen`+'$rand4',`body`=`body`+'$rand5',`velgen`=`velgen`+'$rand6',`nitro`=`nitro`+'$rand7' WHERE `eigenaar`='{$data->login}' AND `rijbewijs`='1'"); mysql_query("UPDATE `[users]` SET `rijbewijsmissie`='11' WHERE `login`='{$data->login}'"); mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) values(NOW(),'TGGame Staff','{$data->login}','Driving License','<center><b>Congratulations</b><br>You have received your drivers license!<br>You pimped car has<br> <b>{$rand1}</b> Link levels<br> <b>{$rand8}</b> Engine levels<br> <b>{$rand2}</b> Interieur levels<br> <b>{$rand3}</b> Exhaust levels<br> <b>{$rand4}</b> Brake levels<br> <b>{$rand5}</b> Body levels<br> <b>{$rand6}</b> Rim levels<br> <b>{$rand7}</b> Nitro levels!<br><br><b>We congratulate you on behalf of the staff</b></center> ')"); } $gelderaf = $data->werknemers*50+$data->bewakers*50; if($data->fabrieksgeld < $gelderaf AND $data->staking == 0 AND $data->nietstaken == 0){ mysql_query("UPDATE `[users]` SET `staking`='3' WHERE `login`='{$data->login}'"); mysql_query("UPDATE `[users]` SET `fabrieksgeld`='0' WHERE `login`='{$data->login}'"); mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) values(NOW(),'Your employees','{$data->login}','Strike','We are striking for 3 days, you have to pay up because nobody else will make you any cash. ')"); } if($data->dagenwerken == 1){ mysql_query("UPDATE `[users]` SET `werklevel`=`werklevel`+1 WHERE `login`='{$data->login}'"); mysql_query("UPDATE `[users]` SET `baan`='0' WHERE `login`='{$data->login}'"); mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) values(NOW(),'Your Boss','{$data->login}','You have been promoted','Congratulations, you have stuck at it for these 5 days and so you worklevel has increased by 1.')"); mysql_query("UPDATE `[users]` SET `dagenwerken`='0' WHERE `login`='{$data->login}'"); } $dbres = mysql_query("SELECT `id` FROM `rechtbankusers` WHERE `leven`<'1' AND `login`='{$data->login}'"); if(mysql_num_rows($dbres) == 1) { echo 'You have been murdered, you can no longer play for 2 hours.'; exit; } $ipban1 = mysql_query("SELECT * FROM `[ipbanz]` WHERE IP='{$_SERVER['REMOTE_ADDR']}'"); $ipban = mysql_num_rows($ipban1); if($ipban != 0){ $ipa = mysql_fetch_object($ipban1); print 'You have been banned via your IP.<br> Reason:'.$ipa->reden.''; exit; } // $locatie = $_SERVER['REQUEST_URI']; $array = Array(); $array[] = "mysql"; $array[] = ")"; $array[] = ";"; $array[] = "}"; $array[] = "INSERT"; $array[] = "DROPTABLE"; $array[] = "TRUNCATE"; $array[] = "DROP"; $array[] = "UPDATE"; $array[] = "COOKIE"; $array[] = "ENV"; $array[] = "FILES"; $array[] = "GET"; $array[] = "POST"; $array[] = "REQUEST"; $array[] = "SERVER"; foreach($array As $foutbezig) { if(eregi($foutbezig,$locatie)) { exit("Dont use sql injections."); } } $type = array("","DrugDealer","Thug","Pretty Boy","Officer","Gangster Wanabee","Hired Gun","Ho","Hustler","Playa","Original Gangster","Rude Boy","PeaceKeeper","Street Doll","Gangster Bitch","Drug Runner","Hoodie","Criminal","Lady Bitch","Real Thug","Avenger","Mugger","Capone","Thief","PIMP","Pretty Women","WiseGuy","Mobster","Fella","Gangster Girl","The Daddy" ); $ctype = $type[$data->ctype]; # $select = mysql_query("SELECT * FROM `instellingen`"); # $page = mysql_fetch_object($select); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='1'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='2'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='3'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='4'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='5'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE`ctype`='6'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='7'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='8'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='9'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE`ctype`='10'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='11'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='12'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='13'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='14'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='15'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='16'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='17'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='18'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='19'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='20'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='21'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='22'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='23'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='24'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='25'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='26'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='27'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='28'"); mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='29'"); mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='30'"); /* ------------------------- */ ?> Link to comment https://forums.phpfreaks.com/topic/188812-php-coding-help/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.