LinkBack URL
About LinkBacks
Reply With Quotefrom what i can see ur sessions are hidden u are using cookies and SESSION nothing apart from page data is being transfered thru url the url is also being check for sql_injection u shouldnt be having any problems
i have this in my site core..help... how can i hide my site sessi0ns if this is my core??
PHP Code:<?php
/*
(dont removed this copyrights)
*/
include("iconfig.php");
//include("gmprc.php");
//session_start();
ini_set("display_errors", "0");
if(!get_magic_quotes_gpc())
{
$_GET = array_map('trim', $_GET);
$_POST = array_map('trim', $_POST);
$_COOKIE = array_map('trim', $_COOKIE);
$_GET = array_map('addslashes', $_GET);
$_POST = array_map('addslashes', $_POST);
$_COOKIE = array_map('addslashes', $_COOKIE);
$_GET = array_map('addslashes', $_GET);
$_POST = array_map('addslashes', $_POST);
$_COOKIE = array_map('addslashes', $_COOKIE);
}
function cleanInput($text) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
);
$output = preg_replace($search, '', $text);
return $output;
}
function sanitize($text) {
if (is_array($text)) {
foreach($text as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
$text = cleanInput($text);
$output = mysql_real_escape_string($text);
}
return $output;
}
function connectdb()
{
global $dbname, $dbuser, $dbhost, $dbpass;
$conms = @mysql_connect($dbhost,$dbuser,$dbpass); //connect mysql
if(!$conms) return false;
$condb = @mysql_select_db($dbname);
if(!$condb) return false;
return true;
}
function safe($text)
{
$safe = stripslashes($text);
if(function_exists("mysql_real_escape_string"))
{
$safe = mysql_real_escape_string($safe);
}else if(function_exists("mysql_escape_string"))
{
$safe = mysql_escape_string($safe);
}
return $safe;
}
//protect against sql injections and remove $ sign
if( !get_magic_quotes_gpc() )
{
if( is_array($_GET) )
{
while( list($k, $v) = each($_GET) )
{
if( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$_GET[$k][$k2] = addslashes($v2);
}
@reset($_GET[$k]);
}
else
{
$_GET[$k] = addslashes($v);
}
}
@reset($_GET);
}
if( is_array($_POST) )
{
while( list($k, $v) = each($_POST) )
{
if( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$_POST[$k][$k2] = addslashes($v2);
}
@reset($_POST[$k]);
}
else
{
$_POST[$k] = addslashes($v);
}
}
@reset($_POST);
}
}
/////register form
function findcard($tcode)
{
$st =strpos($tcode,"[card=");
if ($st === false)
{
return $tcode;
}else
{
$ed =strpos($tcode,"[/card]");
if($ed=== false)
{
return $tcode;
}
}
$texth = substr($tcode,0,$st);
$textf = substr($tcode,$ed+7);
$msg = substr($tcode,$st+10,$ed-$st-10);
$cid = substr($tcode,$st+6,3);
$words = explode(' ',$msg);
$msg = implode('+',$words);
return "$texth<br/><img src=\"pmcard.php?cid=$cid&msg=$msg\" alt=\"$cid\"/><br/>$textf";
}
function saveuinfo($sid)
{
$headers = apache_request_headers();
$alli = "";
foreach ($headers as $header => $value)
{
$alli .= "$header: $value <br />\n";
}
$alli .= "IP: ".$_SERVER['REMOTE_ADDR']."<br/>";
$alli .= "REFERRER: ".$_SERVER['HTTP_REFERER']."<br/>";
$alli .= "REMOTE HOST: ".getenv('REMOTE_HOST')."<br/>";
$alli .= "PROX: ".$_SERVER['HTTP_X_FORWARDED_FOR']."<br/>";
$alli .= "HOST: ".getenv('HTTP_X_FORWARDED_HOST')."<br/>";
$alli .= "SERV: ".getenv('HTTP_X_FORWARDED_SERVER')."<br/>";
if(trim($sid)!="")
{
$uid = getuid_sid($sid);
$fname = "tmp/".getnick_uid($uid).".rwi";
$out = fopen($fname,"w");
fwrite($out,$alli);
fclose($out);
}
//return 0;
}
function registerform($ef)
{
$ref = safe(cleanInput($_GET["r"]));
$ref2 = safe(cleanInput($_POST["r2"]));
$ue = $errl = $pe = $ce = "";
switch($ef)
{
case 1:
$errl = "! Please Type Your Screename";
$ue = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 2:
$errl = "! Please Type Your Password";
$pe = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 3:
$errl = "! Please Type Your Password Again";
$ce = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 4:
$errl = "! Screename Is Invalid";
$ue = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 5:
$errl = "! Password Is Invalid";
$pe = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 6:
$errl = "! Passwords Doesn't Match";
$ce = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 7:
$errl = "! Screename Must Be 4 Characters Or More";
$ue = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 8:
$errl = "! Password Must Be 4 Characters Or More";
$pe = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 9:
$errl = "! Screename Already Registered, Choose A Different One";
$ue = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 10:
$errl = "! Unknown Mysql Error, Please Try To Register Later";
break;
case 11:
$errl = "! Screename Must Start With Letter From A-Z";
$ue = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 12:
$errl = "Screename Is Reserved For Admin/Owner Of This Site";
$ue = "<img src=\"../images/point.gif\" alt=\"!\"/>";
break;
case 13:
$errl = "! Please Choose An Appropriate Nickname";
$ue = "";
break;
case 14:
$errl = "! You Must Enter An Email Address";
$ue = "";
break;
case 15:
$errl = "! Email Address Already In Use";
$ue = "";
break;
case 16:
$errl = "! Email Address Is Invalid";
$ue = "";
break;
}
$rform = "<br/>";
$rform .= "<form action=\"register.php\" method=\"post\">";
$rform .= "<b>Username:</b><br/><input name=\"uid\" format=\"*x\" maxlength=\"15\"/><br/>";
$rform .= "$pe <b>Password:</b><br/><input type=\"password\" name=\"pwd\" format=\"*x\" maxlength=\"30\"/><br/>";
$rform .= "$ce <b>Re-type Password:</b><br/><input type=\"password\" name=\"cpw\" format=\"*x\" maxlength=\"30\"/><br/>";
$rform .= "<b>Date Of Birth:</b><br/>";
$rform .= "<select name=\"day\" value=\"01\">";
$rform .= "<option value=\"01\">1</option>";
$rform .= "<option value=\"02\">2</option>";
$rform .= "<option value=\"03\">3</option>";
$rform .= "<option value=\"04\">4</option>";
$rform .= "<option value=\"05\">5</option>";
$rform .= "<option value=\"06\">6</option>";
$rform .= "<option value=\"07\">7</option>";
$rform .= "<option value=\"08\">8</option>";
$rform .= "<option value=\"09\">9</option>";
$rform .= "<option value=\"10\">10</option>";
$rform .= "<option value=\"11\">11</option>";
$rform .= "<option value=\"12\">12</option>";
$rform .= "<option value=\"13\">13</option>";
$rform .= "<option value=\"14\">14</option>";
$rform .= "<option value=\"15\">15</option>";
$rform .= "<option value=\"16\">16</option>";
$rform .= "<option value=\"17\">17</option>";
$rform .= "<option value=\"18\">18</option>";
$rform .= "<option value=\"19\">19</option>";
$rform .= "<option value=\"20\">20</option>";
$rform .= "<option value=\"21\">21</option>";
$rform .= "<option value=\"22\">22</option>";
$rform .= "<option value=\"23\">23</option>";
$rform .= "<option value=\"24\">24</option>";
$rform .= "<option value=\"25\">25</option>";
$rform .= "<option value=\"26\">26</option>";
$rform .= "<option value=\"27\">27</option>";;
$rform .=
Last edited by arnage; 28-07-12 at 08:14.
from what i can see ur sessions are hidden u are using cookies and SESSION nothing apart from page data is being transfered thru url the url is also being check for sql_injection u shouldnt be having any problems
Owner And Creator of [Only registered and activated users can see links. Click Here To Register...] Something New!
hi_jakkk (24-07-12)
ah my site is ok even i didnt change anything?but how about if i want to hide that hash in url of my site?i want to become this [Only registered and activated users can see links. Click Here To Register...]Originally Posted by Loony [Only registered and activated users can see links. Click Here To Register...]
re then ud have to edit the $action= $_GET"action";
to something like $do = $_GET"do";
then ud have to edit all your links
like this home.php?do=viewuser
and
if($action=="main")
{
}else{
}
will become
if($do=="main")
{
}else{
}
Last edited by ozziemale31; 25-07-12 at 04:49.
Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
can i do that if this my login page?
PHP Code:include("iconfig.php");
include("icore.php");
header("Content-type: text/html; charset=ISO-8859-1");
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
echo "<html>";
echo "<head>";
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />
<meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>
<meta name=\"description\" content=\"mobile interactive community that can be access wherever you are in the world. It is made to connect people and to establish unity with tones of new exciting features like Scrembox, Forums, Articles, Chatrooms, Downloads, Clubs, Photo Gallery, Blogs, Polls, Chappel, Rpg Game, Lucky9, Jack En Poy, Spin The Wheel, Virtual Pets, Wap Jueteng And More Options That Entertain You And Makes You Busy\"/>
<meta name=\"keywords\" content=\"free community, forums, chat, wap, communicate, free sms, mp3, scandals, videos, games, downloads, scripts, ringtones, porn, xxx, hot, new, latest\"/>
<link rel=\"shortcut icon\" href=\"pgsm.ico\" type=\"image/x-icon\"/>
<link rel=\"stylesheet\" type=\"text/css\" href=\"gsmstyle.css\"/>";
echo "</head>";
echo "<body>";
connectdb();
$bcon = connectdb();
if (!$bcon)
{
echo "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>";
echo "Cant connect to database<br/>";
echo "This error happens usually when backing up the database, please be patient, The site will be up any minute<br/>";
echo "Thank You Very Much<br/><a href=\"index.php\">Home</a><br/>";
echo "<br/><div class=\"foot\">";
echo "$mysite";
echo "<br/>Page Took ";
$load = microtime();
print (number_format($load,2));
echo " Seconds </div>";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
$ubr = $_SERVER['HTTP_USER_AGENT'];
$uid = sanitize(cleanInput($_GET["u"]));
$lname = getnick_lick($uid);
$pwd = sanitize(cleanInput($_GET["p"]));
$myid = getuid_lick($uid);
$gsmstyle = mysql_fetch_array(mysql_query("SELECT mystyle FROM jusaytb_users WHERE id='".$myid."'"));
$tolog = false;
echo "<head>";
echo "<title>$lname@$mysite</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
echo "</head>";
echo "<div align=\"center\">";
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."'"));
if($uinf[0]==0)
{
//Check for user ID
echo "<div class=\"t2\">Error.!!</div><br/>User Does Not Exist Or Error Login Name<br/><a href=\"terms.php\">Register It Now</a><br/>";
}else{
//check for pwd
$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<div class=\"t2\">Error.!!</div><br/>Are You Trying To Guess Your Password Or What?<br/>Please Type It Correctly<br/>";
}else{
//is user already logged in?
$logedin = mysql_fetch_array(mysql_query("SELECT uid FROM jusaytb_ses WHERE uid='".getuid_lick($uid)."'"));
mysql_query("DELETE FROM jusaytb_ses WHERE uid='".$uid."'");
mysql_query("DELETE FROM jusaytb_online WHERE userid='".$uid."'");
$rndsid = rand(111,999);
$tm = time();
$xtm = $tm + (getsxtm()*50);
$did = $tm.$rndsid;
$res = mysql_query("INSERT INTO jusaytb_ses SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_lick($uid)."', expiretm='".$xtm."'");
echo "<head>";
echo "<title>$uid@$mysite</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
echo "</head>";
echo "<div class=\"head\">Welcome $lname!</div><br/>";
$idn = getuid_lick($uid);
$sid = safe(cleanInput(md5($did)));
echo "[<a href=\"index.php?do=main&sid=$sid\">Enter Now</a>]<br/><br/>";
$tmsg = getpmcount(getuid_sid($sid));
$umsg = getunreadpm(getuid_sid($sid));
$unreadinbox=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE unread='1' AND touid='".$myid."'"));
$pmtotl=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE touid='".$myid."'"));
$unrd="".$unreadinbox[0]."";
if ($unreadinbox[0]>0)
{
echo "<a href=\"inbox.php?do=main&sid=$sid\">$unrd New Message(s)</a><br/>";
}else{
echo "You have 0 New Message<br/>";
}
echo "<br/>Bookmark This Page!<br/>
For Auto-Login References.<br/>";
include("ads.php");
echo"<hr color=\"blue\" width=\"50%\">";
$xfile = @file("randomlogin.txt");
$random_num = rand (0,count($xfile)-1);
$udata = explode("::",$xfile[$random_num]);
echo "$udata[1]";
}
}
$rndsid = rand(111,999);
$tm = time();
$xtm = $tm + (getsxtm()*50);
$did = $tm.$rndsid;
$res = mysql_query("INSERT INTO jusaytb_ases SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");
$sid = safe(cleanInput(md5($did)));
echo "<br/><a href=\"index.php?do=sesreset&sid=$sid\">";
echo "Reset My Session</a><br/>";
echo "<br/><div class=\"foot\">";
echo "$mysite";
echo "<br/>Page Took ";
$load = microtime();
print (number_format($load,2));
echo " Seconds </div>";
echo "</div>";
echo "</body>";
exit();
?>
</html>
Last edited by metulj; 28-07-12 at 21:09.
re try usingat the top of you home pagePHP Code:<?php
include("iconfig.php");
include("icore.php");
session_name("PHPSESSID");
session_start();
header("Content-type: text/html; charset=ISO-8859-1");
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
echo "<html>";
echo "<head>";
echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />
<meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>
<meta name=\"description\" content=\"mobile interactive community that can be access wherever you are in the world. It is made to connect people and to establish unity with tones of new exciting features like Scrembox, Forums, Articles, Chatrooms, Downloads, Clubs, Photo Gallery, Blogs, Polls, Chappel, Rpg Game, Lucky9, Jack En Poy, Spin The Wheel, Virtual Pets, Wap Jueteng And More Options That Entertain You And Makes You Busy\"/>
<meta name=\"keywords\" content=\"free community, forums, chat, wap, communicate, free sms, mp3, scandals, videos, games, downloads, scripts, ringtones, porn, xxx, hot, new, latest\"/>
<link rel=\"shortcut icon\" href=\"pgsm.ico\" type=\"image/x-icon\"/>
<link rel=\"stylesheet\" type=\"text/css\" href=\"gsmstyle.css\"/>";
echo "</head>";
echo "<body>";
connectdb();
$bcon = connectdb();
if (!$bcon)
{
echo "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>";
echo "Cant connect to database<br/>";
echo "This error happens usually when backing up the database, please be patient, The site will be up any minute<br/>";
echo "Thank You Very Much<br/><a href=\"index.php\">Home</a><br/>";
echo "<br/><div class=\"foot\">";
echo "$mysite";
echo "<br/>Page Took ";
$load = microtime();
print (number_format($load,2));
echo " Seconds </div>";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
$ubr = $_SERVER['HTTP_USER_AGENT'];
$_SESSION['sid'] = md5($did);
$uid = getuid_sid($sid);
//$uid = sanitize(cleanInput($_GET["u"]));
$lname = getnick_lick($uid);
$pwd = sanitize(cleanInput($_GET["p"]));
$myid = getuid_lick($uid);
$gsmstyle = mysql_fetch_array(mysql_query("SELECT mystyle FROM jusaytb_users WHERE id='".$myid."'"));
$tolog = false;
echo "<head>";
echo "<title>$lname@$mysite</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
echo "</head>";
echo "<div align=\"center\">";
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."'"));
if($uinf[0]==0)
{
//Check for user ID
echo "<div class=\"t2\">Error.!!</div><br/>User Does Not Exist Or Error Login Name<br/><a href=\"terms.php\">Register It Now</a><br/>";
}else{
//check for pwd
$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<div class=\"t2\">Error.!!</div><br/>Are You Trying To Guess Your Password Or What?<br/>Please Type It Correctly<br/>";
}else{
//is user already logged in?
$logedin = mysql_fetch_array(mysql_query("SELECT uid FROM jusaytb_ses WHERE uid='".getuid_lick($uid)."'"));
mysql_query("DELETE FROM jusaytb_ses WHERE uid='".$uid."'");
mysql_query("DELETE FROM jusaytb_online WHERE userid='".$uid."'");
$rndsid = rand(111,999);
$tm = time();
$xtm = $tm + (getsxtm()*50);
$did = $tm.$rndsid;
$res = mysql_query("INSERT INTO jusaytb_ses SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_lick($uid)."', expiretm='".$xtm."'");
echo "<head>";
echo "<title>$uid@$mysite</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
echo "</head>";
echo "<div class=\"head\">Welcome $lname!</div><br/>";
$idn = getuid_lick($uid);
$sid = safe(cleanInput(md5($did)));
echo "[<a href=\"index.php?do=main&sid=$sid\">Enter Now</a>]<br/><br/>";
$tmsg = getpmcount(getuid_sid($sid));
$umsg = getunreadpm(getuid_sid($sid));
$unreadinbox=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE unread='1' AND touid='".$myid."'"));
$pmtotl=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE touid='".$myid."'"));
$unrd="".$unreadinbox[0]."";
if ($unreadinbox[0]>0)
{
echo "<a href=\"inbox.php?do=main\">$unrd New Message(s)</a><br/>";
}else{
echo "You have 0 New Message<br/>";
}
echo "<br/>Bookmark This Page!<br/>
For Auto-Login References.<br/>";
include("ads.php");
echo"<hr color=\"blue\" width=\"50%\">";
$xfile = @file("randomlogin.txt");
$random_num = rand (0,count($xfile)-1);
$udata = explode("::",$xfile[$random_num]);
echo "$udata[1]";
}
}
$rndsid = rand(111,999);
$tm = time();
$xtm = $tm + (getsxtm()*50);
$did = $tm.$rndsid;
$res = mysql_query("INSERT INTO jusaytb_ases SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");
$sid = safe(cleanInput(md5($did)));
echo "<br/><a href=\"index.php?do=sesreset&sid=$sid\">";
echo "Reset My Session</a><br/>";
echo "<br/><div class=\"foot\">";
echo "$mysite";
echo "<br/>Page Took ";
$load = microtime();
print (number_format($load,2));
echo " Seconds </div>";
echo "</div>";
echo "</body>";
exit();
?>
</html>
u will need to add following
and changePHP Code:session_name("PHPSESSID");
session_start();
but just seeing your login page u may want to cover yourPHP Code:$_SESSION['sid'] = md5($did);
$uid = getuid_sid($sid);
with mysql escape string comand as your browser code will be vulnerable to injectionPHP Code:$ubr = $_SERVER['HTTP_USER_AGENT'];
to do that simply use
PHP Code:$HTTP_USER_AGENT = mysql_escape_string($HTTP_USER_AGENT);
$HTTP_USER_AGENT = getenv("HTTP_USER_AGENT");
$brws = $_SERVER['HTTP_USER_AGENT'];
$ubr = $brws;
Last edited by metulj; 28-07-12 at 21:12.
Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
when i click ENTER NOW my sessi0n is expired? I do that sir ozzie as u post
Added after 12 minutes:
i also have this in my index sir ozzie i have to change it?or it is ok?
PHP Code:if(($do != "") && ($do!="terms") && ($action!="gonline") && ($action!="gviewuser"))
{
$uid = getuid_sid($sid);
if((islogged($sid)==false)||($uid==0))
{
echo "<head>";
echo "<title>$toptitle-Error!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
echo "</head>";
echo "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>You are not logged in<br/>";
echo "Or Your session has been expired<br/>";
echo "<a href=\"index.php\">Login</a> first to have access.<br/><br/>";
echo "<br/><div class=\"foot\">$mysite";
echo "<br/>Page Took ";
$load = microtime();
print (number_format($load,2));
echo " Seconds</div>";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
}
Last edited by metulj; 28-07-12 at 21:13.
re ud need to make a home.php page like then edit the link in your login.php
this is just a example page how yours should look
PHP Code:<?php
/*
your site script name
*/
session_name("PHPSESSID");
session_start();
header("Content-type: text/html; charset=ISO-8859-1");
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
?>
<meta name="description" content="www.yoursite.com Social Community on Mobile" />
<meta name="keywords" content="games, wallpapers, animations, android apps, iphone apps, wapsite hosting, chatsite hosting"/>
<link rel="shortcut icon" href="images/favicon.ico" />
<link rel="icon" href="images/favicon.gif" type="image/gif" />
<?php
include("config.php");
include("core.php");
$bcon = connectdb();
$uid = getuid_sid($sid);
if (!$bcon)
{
echo "<head>";
echo "<title>Data Base Error!</title>";
echo "</head>";
echo "<body>";
echo "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
echo "<b><strong>Error! Cannot Connect To Database...</strong></b><br/>";
echo "</div>";
echo "<center>This Usually Happens When Backing Up The Database Or The Site IS Going Thru Maitenece.</center>";
echo "</body>";
echo "</html>";
exit();
}
$sid = $_SESSION['sid'];
$page = $_GET["page"];
$ubr = $_SERVER["HTTP_USER_AGENT"];
$uip = get_real_ip();
$do = $_GET["do"];
echo gettheme($sid);
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
cleardata();
if(isipbanned($uip,$ubr))
{
if(!isshield(getuid_sid($sid)))
{
echo "<head>";
echo "<title>Ip Block!</title>";
echo "</head>";
echo "<body>";
echo "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
echo "<b><strong>Error! Ip Is Blocked ...</strong></b><br/><br/>";
echo "</div>";
echo "<p align=\"center\">";
$banto = mysql_fetch_array(mysql_query("SELECT timeto FROM ibwf_penalties WHERE penalty='2' AND ipadd='".$uip."' AND browserm='".$ubr."' LIMIT 1 "));
$remain = $banto[0] - time();
$rmsg = gettimemsg($remain);
echo "<b>Time Left: </b>$rmsg<br/>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
}
if(($do!= "") && ($do!="terms"))
{
$uid = getuid_sid($sid);
if((islogged($sid)==false)||($uid==0))
{
echo "<head>";
echo "<title>Error!!!</title>";
echo "</head>";
echo "<body>";
echo "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
echo "<b><strong>You Are Not Logged In</strong></b>";
echo "</div>";
echo "</body>";
echo "</html>";
exit();
}
}
if(isbanned($uid))
{
echo "<head>";
echo "<title>Error!!!</title>";
echo "</head>";
echo "<body>";
echo "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
echo "<b><strong>You Are Banned </strong></b>";
echo "</div>";
$banto = mysql_fetch_array(mysql_query("SELECT timeto, pnreas, exid FROM ibwf_penalties WHERE uid='".$uid."' AND penalty='1' OR uid='".$uid."' AND penalty='2'"));
$banres = mysql_fetch_array(mysql_query("SELECT lastpnreas FROM ibwf_users WHERE id='".$uid."'"));
$remain = $banto[0]- time();
$rmsg = gettimemsg($remain);
echo "<b>Time Left: </b>$rmsg<br/>";
$nick = getnick_uid($banto[2]);
echo "<b>By: </b>$nick<br/>";
echo "<b>Reason: </b>$banto[1]";
echo "<a href=\"index.php\">Home</a>";
echo "<br/>";
echo "</body>";
echo "</html>";
exit();
}
$HTTP_USER_AGENT = mysql_escape_string($HTTP_USER_AGENT);
$agent ="$HTTP_USER_AGENT";
$res = mysql_query("UPDATE ibwf_users SET browserm='".mysql_real_escape_string($agent)."', ipadd='".mysql_real_escape_string($uip)."' WHERE id='".getuid_sid($sid)."'");
//$lang = mysql_fetch_array(mysql_query("SELECT lang FROM ibwf_users WHERE id='".$uid."'"));
//include("language.php");
////////////////////////////////////////MAIN PAGE
if($do=="main")
{
echo "<head>";
echo "<title>main</title>";
echo "</head>";
echo "<body>";
echo "<center>You Are On The Main Page</center>";
echo "< href=\"home.php?do=page2\">This Is A Link</a>";
echo "</body>";
}
else if($do=="page2")
{
echo "<head>";
echo "<title>Page 2</title>";
echo "</head>";
echo "<body>";
echo "<center>You Are On Page 2</center>";
echo "< href=\"home.php?do=main\">This Is A Link</a>";
echo "</body>";
}else
echo "<head>";
echo "<title>Error!</title>";
echo "</head>";
echo "<body>";
echo "<center>are you lost</center>";
echo "</body>";
echo "</html>";
}
?>
Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
lmao at do=main .
i think he just wants the url not to have the session hash in it .
you need to take out all the $sid=sid from all the links .
as thats whats carrying the session id from page to page .
test this first before removing all lol .
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
re ive already showed him how he just needs to study his code more and break it down
ive removed sessions on the new script im working on atm
Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Bookmarks