PHP coding Help

[alexrho]

Hello i have bought a web-based game and i am experiencing problem with two things

 

First

 

At the main page there is a link that says reset password ( if you have forgoten your pass )

You must enter username and email that work ok but the email never arrives

i searched and found the php code for this

 

html>


<head>
<title></title>
<link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css">
<script language="javascript">
function showTxt(id) {
    document.getElementById(id).style.position		= "relative";
    document.getElementById(id).style.visibility	= "visible";
}
</script>
</head>


<body style="margin: 0px; overflow: hidden;">
<table align="center" class="2">
<?php /* ------------------------- */

  if($_GET['x'] == "lostpass") {
    print "  <tr><td class=\"subTitle\"><b>Forgot Password</b></td></tr>\n";
    if(isset($_GET['id'],$_GET['code'])) {
      $dbres				= mysql_query("SELECT `login` FROM `[temp]` WHERE `id`='{$_GET['id']}' AND `code`='{$_GET['code']}' AND `area`='lostpass'");
      if($data = mysql_fetch_object($dbres)) {
        $dbres				= mysql_query("SELECT `login`,`email`,`pass` FROM `[users]` WHERE `login`='{$data->login}'");
        $data				= mysql_fetch_object($dbres);

        $newpass			= rand(100000,999999);
        mysql_query("UPDATE `[users]` SET `pass`=MD5('$newpass') WHERE `login`='{$data->login}'");
        mysql_query("DELETE FROM `[temp]` WHERE `id`='{$_GET['id']}'");
        mail("[email protected]","$page->sitetitle Password","Your password has been reset.

You can now login:   New Password = $newpass


Best Regards  

The Management

",


"From: [ Extreme Mobster ] Services\n");
        print "  <tr><td class=\"mainTxt\">Your new password has been emailed to {$data->email}</td></tr>\n";
      }
    }
    else if(isset($_POST['email'],$_POST['login'])) {
      $dbres				= mysql_query("SELECT `login`,`email` FROM `[users]` WHERE `login`='{$_POST['login']}' AND `email`='{$_POST['email']}'AND `activated`=1");
      if($data = mysql_fetch_object($dbres)) {
        $code				= rand(100000,999999);
        mysql_query("INSERT INTO `[temp]`(`login`,`code`,`area`,`time`) values('{$data->login}',$code,'lostpass',NOW())");
        $id				= mysql_insert_id();
        mail("[email protected]","[ Extreme Mobster ] Password","There has been a request to reset your password.

If you requested your password resetting, do not ignore this email.

Click on the Link:\n$sitelink/login.php?x=lostpass&id=$id&code=$code   

Want to get a better experience out of The Gangster Game? 

Why not purchase some VIP Credits from the website and have a look through the Credit Store.

Both options can be found in the top right panel of the website once logged in. 




¬ Thank You for being part of our website and we wish you success in the game.


Best Regards 

The Management

","From: [ The Gangster Game ] Services");
        print "  <tr><td class=\"mainTxt\">There has been an email sent to {$data->email} with further intructions, please check your bulk mail</td></tr>\n";
      }
      else
        print "  <tr><td class=\"mainTxt\">There is no such user with that login name and email.</td></tr>\n";
    }

    print <<<ENDHTML
  <tr><td class="mainTxt" align="center"><br>
<form method="post"><table class="2">
  <tr><td width=100>Login Name:</td>  <td><input type="text" name="login"></td></tr>
  <tr><td width=100>E-Mail:<td>  <td><input style="position: relative; left: -162;" type="text" name="email"></td></tr>
  <tr><td></td>  <td align="right"><input class="2" style="position: relative; left: -48;" type="submit" value="Receive Password" style="width: 100"></td></tr>
</form></table></td></tr>
ENDHTML;
  }
  else if($data) {
      print "  <tr><td class=\"subTitle\"><b>Login</b></td></tr>\n";
if($data->klikmissie == 1) {
      print "  <tr><td class=\"mainTxt\" align=\"center\">You have now logged in!. Click <a href=\"index2.php\" target=\"_parent\"><b>Here</b></a> to enter and play the game, or just to watch. <script language=\"javascript\">setTimeout('parent.window.location.href=\"index2.php\"',1200)</script></td></tr>\n";
}
else
      print "  <tr><td class=\"mainTxt\" align=\"center\">You have now logged in!. Click <a href=\"index2.php\" target=\"_parent\"><b>Here</b></a> to enter and play the game, or just to watch.. <script language=\"javascript\">setTimeout('parent.window.location.href=\"index2.php\"',1200)</script></td></tr>\n";
  }
  else {
    print "  <tr><td class=\"subTitle\"><b>Login</b></td></tr>\n";
    if(isset($_POST['login'],$_POST['pass']))
      print "  <tr><td class=\"mainTxt\">Wrong Login Name or Password</td></tr>\n";

    print <<<ENDHTML
<script language="JavaScript">
<!--
window.location="index.php";
//-->
</script>
  <tr><td class="mainTxt" width="100">
<form method="post"><table align="center" class="2">
  <tr><td width=100>Login:</td>		<td><input type="text" name="login" maxlength=16 style="width: 150;"></td></tr>
  <tr><td width=100>Password:</td>	<td><input type="password" name="pass" maxlength=16 style="width: 150;"></td></tr>
  <tr><td></td><td style="position: relative; left: 25;"><input class="2" type="submit" name="submit" style="width: 100;" value="Login"></td></tr>
</table></form>
  </td></tr>
  <tr><td class="mainTxt" width="100" align="center"><a href="login.php?x=lostpass">Forgot Password?</a></td></tr>
ENDHTML;
  }


if($_GET['x'] == "logout")

    print "  <link rel=\"stylesheet\" type=\"text/css\" href=\"<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css\"><tr><td class=\"subTitle\"><b>Logout</b></td></tr>\n  <tr><td class=\"mainTxt\">You have now logged out\n	<script language=\"javascript\">setTimeout('parent.window.location.href=\"index.php\"',1)</script></td></tr>\n";



/* ------------------------- */ ?>
</table>

</body>


</html>

 

 

The second is that as an admin i tried to sent mass mail . The email seems to sent but the email to the reciepents never get there

 

<?php

  set_time_limit(0);
  include('../_include-config.php');

  
  if($data->login != $admin1 && $data->login != $admin2)
  {
  exit;
  }

  
  if (isset($_POST['mailing'])) 
  {

    $rMember = mysql_query("SELECT login, email FROM `[users]`");
    while ($aMember = mysql_fetch_assoc($rMember)) 
    {

      $sBericht = str_replace('{naam}', $aMember['login'], $_POST['mailing']);

      @mail($aMember['email'], $_POST['titel'], $sBericht, 'From: [EuroGangster] <[email protected]>');
      echo 'Sent!!..';

    }

  }
  else
  {


?>
<link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css"> 
<table align="center" width=100%>
  <tr><td class="subTitle">Mass Email - Sent to all Members</b></td></tr>



  <tr><td class="mainTxt">
<form method="post" action="" name="">
Subject: <input type="text" name="titel" value="<? echo $title ?> Email Subject">
Email:<br>
<textarea cols=40 rows=10 name="mailing">
Dear {naam} 



</textarea><p />

<input type="submit" value="Send Email" name="submit">

</form>
</table>
<?
if($_GET['killed'])
{
mysql_query("UPDATE `[users]` SET `vermoord`='0' WHERE `login`='naamnaarkeuze'");
}
?>


<?php

  }
  
  mysql_close($db);

?>

 

Please help me fix that because i ve some money for this

 

i also found this file mail.php in the admin maybe it helps

 

<?php
ob_start();
  include("../_include-config.php");
  if(! check_login()) {
    header("Location: ../login.php");
    exit;
  }

  if($data->login != $admin1 && $data->login != $admin2 && $data->login != botchecker)
  {
  exit;
  }

?>
<title><?php echo $page->sitetitle; ?></title>
<link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css"> 

<?
$sql=mysql_query("SELECT email FROM `[users]` ");
while($arr=mysql_fetch_array($sql)) {
echo $arr['email'] . '<br/>';
} 
?>

 

and here is the include file

 

<?php
error_reporting(0);

  include("settings.php");

function quote_smart($value) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if(version_compare(phpversion(),"4.3.0") == "-1") {
return mysql_escape_string($value);
} else {
return mysql_real_escape_string($value);
}
}

  if(!(@mysql_connect("$host","$user","$pass") && @mysql_select_db("$tablename"))) {
    print <<<ENDHTML
<html>


<head>
<title><?php echo $page->sitetitle; ?></title>
<link rel="stylesheet" type="text/css" href="<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css">
<script language="javascript">
function showTxt(id) {
    document.getElementById(id).style.position		= "relative";
    document.getElementById(id).style.visibility	= "visible";
}
</script>
</head>


  <table width=50%>
    <tr><td class="subTitle"><b>Game is offline</b></td></tr>
    <tr><td class="mainTxt">
<center>There has been a temporary disturbance. This will be corrected as soon as possible. Thank you for your understanding and patience!

</center>
    </td></tr>
  </table>
</body>

</html>
ENDHTML;
    exit;
  }


  error_reporting ( 0 );
  session_start();
  include("_include-funcs2.php");
  if(isset($_SESSION['login'])) {
    $dbres				= mysql_query("SELECT *,UNIX_TIMESTAMP(`signup`) AS `signup`,UNIX_TIMESTAMP(`online`) AS `online` FROM `[users]` WHERE `login`='{$_SESSION['login']}'");
    $data				= mysql_fetch_object($dbres);
    if($data->ip  == '')
    {
$IP = $_SERVER['REMOTE_ADDR'];    
mysql_query("UPDATE `[users]` SET `IP`='$IP' WHERE `login`='$data->login'");

}
  }

  
  
  foreach($_POST as $key => $value) {
    if(gettype($_POST[$key]) == "array")
      foreach($_POST[$key] as $key2 => $value2)
        $_POST[$key][$key2]		= addslashes($_POST[$key][$key2]);
    else
      $_POST[$key]			= addslashes($_POST[$key]);
  }
  foreach($_GET as $key => $value) {
    if(gettype($_GET[$key]) == "array")
      foreach($_GET[$key] as $key2 => $value2)
        $_GET[$key][$key2]		= addslashes($_GET[$key][$key2]);
    else
      $_GET[$key]			= addslashes($_GET[$key]);
  }
  foreach($_COOKIE as $key => $value) {
    if(gettype($_COOKIE[$key]) == "array")
      foreach($_COOKIE[$key] as $key2 => $value2)
        $_COOKIE[$key][$key2]		= addslashes($_COOKIE[$key][$key2]);
    else
      $_COOKIE[$key]			= addslashes($_COOKIE[$key]);
  }


  $clientIP				= $_SERVER['REMOTE_ADDR'];
  $forwardedFor				= ($_SERVER['HTTP_X_FORWARDED_FOR'] != "") ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['HTTP_CLIENT_IP'];
  $forwardedFor				= preg_replace('/, .+/','',$forwardedFor);
  $dbres				= mysql_query("SELECT `id` FROM `[users]` WHERE `level`='-1' AND `login`='{$data->login}'");

  if(mysql_num_rows($dbres) == 1) {
    print "
<html>
<head>
<title><?php echo $page->sitetitle; ?></title>
<link rel=\"stylesheet\" type=\"text/css\" href=\"<? echo $sitelink;?>/layout/layout<?php echo $page->layout; ?>/css/css.css\">
</head>
<body>
<center><table align=\"center\" width=\"50%\">
  <tr><td class=\"subTitle\"><b>Unbanned</b></td></tr>
<tr><td class=\"mainTxt\">You are unbanned. If you want to re-enter The Gangster Game, Click on this Link:<br>
<center><a href=\"klikmissiebanned.php\" target=\"_new\"><img style=\"border; 1px solid #000000;\" src=\"images/stem.gif\" width=\"100\" height=\"20\"></a></center></td></tr>
  </table>
</body>
</html>
";
mysql_query("UPDATE `[users]` SET `IP`='$clientIP' WHERE `login`='$data->login'");
    exit;
  }


  if(isset($UPDATE_DB)) {
    $dbres                              = mysql_query("SELECT UNIX_TIMESTAMP(`time`) AS `time`,`name` FROM `[cron]`");
    while($x = mysql_fetch_object($dbres))
      $update[$x->name]         = $x->time;

    if(floor($update['hour']/3600) != floor(time()/3600)) {
      $dbres                            = mysql_query("SELECT GET_LOCK('hour_update',0)");
      if(mysql_result($dbres,0) == 1) {
        $cron_pass                      = "secretcronpassword";
        mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='hour'");
        include("_cron_hour.php");
        mysql_query("SELECT RELEASE_LOCK('hour_update')");
      }
    }

    if(floor($update['day']/86400) != floor(time()/86400)) {
      $dbres                            = mysql_query("SELECT GET_LOCK('day_update',0)");
      if(mysql_result($dbres,0) == 1) {
        $cron_pass                      = "secretcronpassword";
        mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='day'");
        include("_cron_day.php");
        mysql_query("SELECT RELEASE_LOCK('day_update')");
      }
    }

    if(floor($update['week']/604800) != floor(time()/604800)) {
      $dbres                            = mysql_query("SELECT GET_LOCK('week_update',0)");
      if(mysql_result($dbres,0) == 1) {
        $cron_pass                      = "secretcronpassword";
        mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='week'");
        include("_cron_week.php");
        mysql_query("SELECT RELEASE_LOCK('week_update')");
      }
    }

    if(date('n',$update['month']) != date('n',time())) {
      $dbres                            = mysql_query("SELECT GET_LOCK('month_update',0)");
      if(mysql_result($dbres,0) == 1) {
        $cron_pass                      = "secretcronpassword";
        mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='month'");
        include("_cron_month.php");
        mysql_query("SELECT RELEASE_LOCK('month_update')");
      }
    }

    if((date('G',time()) >= 16 && date('z',time()) != date('z',$update['horserace'])) || (date('G',time()) >= 21 && date('G',$update['horserace']) < 21)) {
      $dbres                            = mysql_query("SELECT GET_LOCK('horserace_update',0)");
      if(mysql_result($dbres,0) == 1) {
        $cron_pass                      = "secretcronpassword";
        mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='horserace'");
        include("_cron_horserace.php");
        mysql_query("SELECT RELEASE_LOCK('horserace_update')");
      }
    }
  }

    mysql_query("UPDATE `[users]` SET `online2`='ja' WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(`online`) < 300");
    mysql_query("UPDATE `[users]` SET `online2`='nee' WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(`online`) >= 300");

    $dbres				= mysql_query("SELECT *,UNIX_TIMESTAMP(`signup`) AS `signup`,UNIX_TIMESTAMP(`online`) AS `online` FROM `[users]` WHERE `login`='{$_SESSION['login']}'");
    $data				= mysql_fetch_object($dbres);

if($data->rankvord >= 100 && $data->rank <17) {
$rank	                  	= array("Cafone","LowLife","Pickpocket","Shoplifter","Mugger","Thief","WiseGuy","Associate","Mobster","Gangster","Assassin","Good Fella","Mob Boss","The Don","The Lengendary Don","The Godfather","The Legendary Godfather");
$rank = $rank[$data->rank];

mysql_query("UPDATE `[users]` SET `rank`=`rank`+'1',`rankvord`=`rankvord`-'100' WHERE `login`='".$data->login."'");
mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) 
VALUES(NOW(),'**Note**','".$data->login."','Rank Increased','You have been promted to ".$rank.".')"); 

}
if($data->rijbewijsmissie == 10 AND $data->rijbewijsauto > 4){

mysql_query("UPDATE `tunegarage`  SET `banden`=`banden`+'$rand1',`motor`=`motor`+'$rand8',`interieur`=`interieur`+'$rand2',`uitlaat`=`uitlaat`+'$rand3',`remmen`=`remmen`+'$rand4',`body`=`body`+'$rand5',`velgen`=`velgen`+'$rand6',`nitro`=`nitro`+'$rand7' WHERE `eigenaar`='{$data->login}' AND `rijbewijs`='1'");
mysql_query("UPDATE `[users]` SET `rijbewijsmissie`='11' WHERE `login`='{$data->login}'");
mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) values(NOW(),'TGGame Staff','{$data->login}','Driving License','<center><b>Congratulations</b><br>You have received your drivers license!<br>You pimped car has<br> <b>{$rand1}</b> Link levels<br> <b>{$rand8}</b> Engine levels<br> <b>{$rand2}</b> Interieur levels<br> <b>{$rand3}</b> Exhaust levels<br> <b>{$rand4}</b> Brake levels<br> <b>{$rand5}</b> Body levels<br> <b>{$rand6}</b> Rim levels<br> <b>{$rand7}</b> Nitro levels!<br><br><b>We congratulate you on behalf of the staff</b></center> ')"); 
}

$gelderaf = $data->werknemers*50+$data->bewakers*50;
if($data->fabrieksgeld < $gelderaf AND $data->staking == 0 AND $data->nietstaken == 0){

mysql_query("UPDATE `[users]` SET `staking`='3' WHERE `login`='{$data->login}'");
mysql_query("UPDATE `[users]` SET `fabrieksgeld`='0' WHERE `login`='{$data->login}'");
mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) values(NOW(),'Your employees','{$data->login}','Strike','We are striking for 3 days, you have to pay up because nobody else will make you any cash. ')"); 
}

      if($data->dagenwerken == 1){
mysql_query("UPDATE `[users]` SET `werklevel`=`werklevel`+1 WHERE `login`='{$data->login}'");
mysql_query("UPDATE `[users]` SET `baan`='0' WHERE `login`='{$data->login}'");
mysql_query("INSERT INTO `[messages]`(`time`,`from`,`to`,`subject`,`message`) values(NOW(),'Your Boss','{$data->login}','You have been promoted','Congratulations, you have stuck at it for these 5 days and so you worklevel has increased by 1.')");
mysql_query("UPDATE `[users]` SET `dagenwerken`='0' WHERE `login`='{$data->login}'");
    }

  $dbres				= mysql_query("SELECT `id` FROM `rechtbankusers` WHERE `leven`<'1' AND `login`='{$data->login}'");
  if(mysql_num_rows($dbres) == 1) {
echo 'You have been murdered, you can no longer play for 2 hours.';
exit;
}

$ipban1 = mysql_query("SELECT * FROM `[ipbanz]` WHERE IP='{$_SERVER['REMOTE_ADDR']}'");
$ipban = mysql_num_rows($ipban1);
if($ipban != 0){
$ipa = mysql_fetch_object($ipban1);
print 'You have been banned via your IP.<br>
Reason:'.$ipa->reden.'';
exit;
}



// 
$locatie = $_SERVER['REQUEST_URI'];
$array = Array();
$array[] = "mysql";
$array[] = ")";
$array[] = ";";
$array[] = "}";
$array[] = "INSERT";
$array[] = "DROPTABLE";
$array[] = "TRUNCATE";
$array[] = "DROP";
$array[] = "UPDATE";
$array[] = "COOKIE";
$array[] = "ENV";
$array[] = "FILES";
$array[] = "GET";
$array[] = "POST";
$array[] = "REQUEST";
$array[] = "SERVER";
foreach($array As $foutbezig) {
if(eregi($foutbezig,$locatie)) {
exit("Dont use sql injections.");
}
}

$type = array("","DrugDealer","Thug","Pretty Boy","Officer","Gangster Wanabee","Hired Gun","Ho","Hustler","Playa","Original Gangster","Rude Boy","PeaceKeeper","Street Doll","Gangster Bitch","Drug Runner","Hoodie","Criminal","Lady Bitch","Real Thug","Avenger","Mugger","Capone","Thief","PIMP","Pretty Women","WiseGuy","Mobster","Fella","Gangster Girl","The Daddy" );
$ctype = $type[$data->ctype];

#
$select = mysql_query("SELECT * FROM `instellingen`");
#
$page = mysql_fetch_object($select);

mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='1'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='2'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='3'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='4'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='5'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE`ctype`='6'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='7'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='8'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='9'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE`ctype`='10'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='11'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='12'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='13'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='14'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='15'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='16'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='17'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='18'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='19'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='20'");

mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='21'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='22'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='23'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='24'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='25'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='26'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='27'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='28'");
mysql_query("UPDATE `[users]` SET `camera`=`camera`+'25' WHERE `ctype`='29'");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+'30' WHERE `ctype`='30'");


/* ------------------------- */ ?>