Lavalair Mods...

Collapse
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #91
    turning php errors on is ok if your site isnt up and running ....

    a better way is to use a file like
    eg: example.php
    PHP Code:
    <?php
    $page 
    $_GET["page"];
    if(
    $page==""$page "index.php";
    error_reporting  (E_ALL);
    ini_set ('display_errors'true);
    include(
    "$page");
    ?>
    Then goto it in your browser:
    http://yoursitename.com/example.php?..._page_name.php

    Comment


    • #92
      its been posted many times before:
      core.php
      PHP Code:
      ////////////////////////anti sql injection
      function antisi($str){ 
      return 
      mysql_real_escape_string($str); 

      then on top of every other page:
      PHP Code:
      if(isset($_GET)){foreach($_GET as $key=>$value){$_GET[$key]=antisi($value);}} 
      if(isset(
      $_POST)){foreach($_POST as $key=>$value){$_POST[$key]=antisi($value);}} 
      Last edited by something else; 21.07.10, 07:57.

      Comment


      • #93
        thinking about above post ... migfht be better having a file:
        antiinjection.php
        PHP Code:
        <?php
        if(isset($_REQUEST)){foreach($_REQUEST as $key=>$value){$_REQUEST[$key]=mysql_real_escape_string(htmlspecialchars($value));}} 
        if(isset(
        $_SERVER)){foreach($_SERVER as $key=>$value){$_SERVER[$key]=mysql_real_escape_string(htmlspecialchars($value));}}
        if(isset(
        $_SESSION)){foreach($_SESSION as $key=>$value){$_SESSION[$key]=mysql_real_escape_string(htmlspecialchars($value));}}
        ?>
        then just using:
        PHP Code:
        include 'antiinjection.php'
        at the top of every page

        Comment


        • #94
          somthing else wont it work if u just add
          Code:
          include 'antiinjection.php';
          in config or core?just once

          Comment


          • #95
            yeah you could just add:
            PHP Code:
            if(isset($_GET)){foreach($_GET as $key=>$value){$_GET[$key]=addslashes(htmlspecialchars($value));}} 
            if(isset(
            $_POST)){foreach($_POST as $key=>$value){$_POST[$key]=addslashes(htmlspecialchars($value));}}    
            if(isset(
            $_SERVER)){foreach($_SERVER as $key=>$value){$_SERVER[$key]=addslashes(htmlspecialchars($value));}}  
            if(isset(
            $_SESSION)){foreach($_SESSION as $key=>$value){$_SESSION[$key]=addslashes(htmlspecialchars($value));}} 
            to your config.php
            Last edited by something else; 21.08.10, 02:10.

            Comment


            • #96
              dont work when i add that in confic it show error msges saying no password
              Code:
              for user '..........'@'localhost' (using password: NO) in /home/............./public_html/config.php on line 16

              Comment


              • #97
                Originally posted by something else View Post
                thinking about above post ... migfht be better having a file:
                antiinjection.php
                PHP Code:
                <?php
                if(isset($_REQUEST)){foreach($_REQUEST as $key=>$value){$_REQUEST[$key]=mysql_real_escape_string(htmlspecialchars($value));}} 
                if(isset(
                $_SERVER)){foreach($_SERVER as $key=>$value){$_SERVER[$key]=mysql_real_escape_string(htmlspecialchars($value));}}
                if(isset(
                $_SESSION)){foreach($_SESSION as $key=>$value){$_SESSION[$key]=mysql_real_escape_string(htmlspecialchars($value));}}
                ?>
                then just using:
                PHP Code:
                include 'antiinjection.php'
                at the top of every page
                I you do that, some value will not work. like intejer, numeric value..bla bla bla

                Comment


                • #98
                  Originally posted by riderz View Post
                  dont work when i add that in confic it show error msges saying no password
                  Code:
                  for user '..........'@'localhost' (using password: NO) in /home/............./public_html/config.php on line 16
                  Place it below your database connection :P

                  Comment


                  • #99
                    Code:
                    ///////////////////////////////del one persons messages
                    else if($action=="delonemsg")
                    {
                      $who = $_GET["who"];
                      $user = getnick_uid($who);
                      echo "<head>";
                      echo "<title>Owner Tools</title>";
                      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
                      echo "</head>";
                      echo "<body>";
                      echo "<p align=\"center\">";
                      $uid = getuid_sid($sid);
                      $perm = mysql_fetch_array(mysql_query("SELECT perm FROM ibwf_users WHERE id='".$uid."'"));
                      $trgtperm = mysql_fetch_array(mysql_query("SELECT perm FROM ibwf_users WHERE name='".$user."'"));
                    
                      if($trgtperm>$perm){ 
                      echo "<b><img src=\"../images/notok.gif\" alt=\"x\"/><br/>Error!!!<br/>permission Denied...</b><br/>";
                      echo "<br/>U Cannot Delete $user<br/>";
                      echo "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
                      echo "</p>";
                      }else{
                    
                      echo "<br/>";
                    $res = mysql_query("DELETE FROM ibwf_private WHERE byuid='".$who."'");
                      $res = mysql_query("DELETE FROM ibwf_popups WHERE byuid='".$who."'");
                    
                     if($res)
                      {
                      echo "<img src=\"../images/ok.gif\" alt=\"O\"/>Users messages deleted successfully";
                    mysql_query("INSERT INTO ibwf_mlog SET action='users pms ', details='<b>".getnick_uid(getuid_sid($sid))."</b> $user messages deleted', actdt='".time()."'");
                      }else{
                      echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Error deleting UGroup";
                      }
                     
                      echo "<b>0 </b><a accesskey=\"0\" href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
                      }
                      echo "</p></body>";
                    }
                    usage
                    Code:
                    echo "<a href=\"yourtools.php?action=delonemsg&amp;sid=$sid&amp;who=$who\">Delete All Users Messages</a><br/>";
                    lets say someone spams your site and no one catches them doing it for ages. they will of spammed alot of users. this can delete just that users sent messages no one elses .the only other way of clesring one persons messages is to delete the user .
                    Last edited by nclemale36; 11.05.11, 11:21. Reason: seen subzeros subsequent post.

                    Comment


                    • user avatar function... safe and easy...
                      ////////////////////////////////////////////getavatar///////////////
                      function useravat($uid)
                      {
                      $avat = mysql_fetch_array(mysql_query("SELECT avatar FROM fun_users WHERE id='".$uid."'"));

                      $avatar = "<img src=\"phpThumb/phpThumb.php?iar=1&w=40&src=$avat[0]\">";
                      return $avatar;

                      }
                      /////////////////////////////////////////////////////////
                      to use:
                      echo useravat($who); or $uid or whatever...

                      Comment


                      • @nclemale36

                        Code:
                        @mysql_query("TRUNCATE TABLE `chat4u_UserPms`");
                        This will clean users inbox at one hit ....

                        Also note it will delete all and keeps the sql

                        But your way it only deletes some but not all best idea for busy site's over 1 MILL users will use this

                        Comment


                        • Sql/Xss injection protection + registration flood protection.


                          captcha.php
                          PHP Code:
                          <?
                          session_start
                          ();
                          header('content-type: image/jpeg');
                          $text rand(10000,99999);
                          $_SESSION["vercode"] = $text;

                          $height 25;
                          $width 65;

                          $image_p imagecreate($width$height);
                          $black imagecolorallocate($image_p000);
                          $white imagecolorallocate($image_p255255255);
                          $font_size 14
                          imagestring($image_p$font_size55$text$white);
                          imagejpeg($image_pnull80);
                          ?>
                          register-form.php
                          PHP Code:
                          <?php
                              session_start
                          ();
                          ?>
                          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                          <html xmlns="http://www.w3.org/1999/xhtml">
                          <head>
                          <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
                          <title>Registration Form</title>
                          <link href="style.css" rel="stylesheet" type="text/css" />
                          </head>
                          <body>
                          <?php
                              
                          if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >) {
                                  echo 
                          '<p align=\"center"\>';
                                  echo 
                          '<ul class="err">';
                                  foreach(
                          $_SESSION['ERRMSG_ARR'] as $msg) {
                                      echo 
                          '<li>',$msg,'</li>'
                                  }
                                  echo 
                          '</ul>';
                                  echo 
                          '</p>';
                                  unset(
                          $_SESSION['ERRMSG_ARR']);
                              }
                          ?>
                          <form id="loginForm" name="loginForm" method="post" action="register-exec.php">
                            <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
                              <tr>
                                <th>Email Address</th>
                                <td><input name="email" type="text" class="textfield" id="fname" /></td>
                              </tr>
                               <tr>
                                <th width="124">User ID</th>
                                <td width="168"><input name="login" type="text" class="textfield" id="login" /></td>
                              </tr>
                              <tr>
                                <th>Password</th>
                                <td><input name="password" type="password" class="textfield" id="password" /></td>
                              </tr>
                              <tr>
                                <th>Confirm Password </th>
                                <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
                              </tr>
                              <tr>
                              <tr>
                                <th>Human Test</th>
                               <td><img src="captcha.php"><input type="text" name="vercode" /><br>   </td>  </tr>
                              <tr>
                                <td>&nbsp;</td>
                                <td><input type="submit" name="Submit" value="Register" /></td>
                              </tr>
                            </table>
                          </form>
                          </body>
                          </html>

                          register-exec.php
                          PHP Code:
                          <?php
                              
                          //Start session
                              
                          session_start();

                              
                          //Include database connection details
                              
                          require_once('config.php');
                              
                              
                          //Array to store validation errors
                              
                          $errmsg_arr = array();
                              
                              
                          //Validation error flag
                              
                          $errflag false;
                              
                              
                          //Connect to mysql server
                              
                          $link mysql_connect(DB_HOSTDB_USERDB_PASSWORD);
                              if(!
                          $link) {
                                  die(
                          'Failed to connect to server: ' mysql_error());
                              }
                              
                              
                          //Select database
                              
                          $db mysql_select_db(DB_DATABASE);
                              if(!
                          $db) {
                                  die(
                          "Unable to select database");
                              }
                              
                              
                          //Function to sanitize values received from the form. Prevents SQL/XSS injection
                          function clean($str) {
                                  
                          $str = @trim($str);
                                  if(
                          get_magic_quotes_gpc()) {
                                      
                          $str=htmlspecialchars($str);                       
                                      
                          $str=stripslashes(trim($str));
                                      
                          $search=array("\\","\0","\n","\r","\x1a","'",'"');
                                      
                          $replace=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"');
                                      
                          $str str_replace($search,$replace,$str);
                                  }
                                  return 
                          mysql_real_escape_string($str);
                              }
                              
                              
                          //Sanitize the POST values
                              
                          $email clean($_POST['email']);
                              
                          $login clean($_POST['login']);
                              
                          $password clean($_POST['password']);
                              
                          $cpassword clean($_POST['cpassword']);

                              
                          //Input Validations
                              
                          if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')  { 
                               
                          $errmsg_arr[] = 'Failed Human Test.';
                                  
                          $errflag true;

                              if(
                          $email == '') {
                                  
                          $errmsg_arr[] = 'Email Add is missing';
                                  
                          $errflag true;
                              }
                              
                              if(
                          $login == '') {
                                  
                          $errmsg_arr[] = 'Login ID missing';
                                  
                          $errflag true;
                              }
                              if(
                          $password == '') {
                                  
                          $errmsg_arr[] = 'Password missing';
                                  
                          $errflag true;
                              }
                              if(
                          $cpassword == '') {
                                  
                          $errmsg_arr[] = 'Confirm password missing';
                                  
                          $errflag true;
                              }
                              if( 
                          strcmp($password$cpassword) != ) {
                                  
                          $errmsg_arr[] = 'Passwords do not match';
                                  
                          $errflag true;
                              }
                              
                              
                          //Check for duplicate login ID
                              
                          if($login != '') {
                                  
                          $qry "SELECT * FROM ibwf_users WHERE name='$login'";
                                  
                          $result mysql_query($qry);
                                  if(
                          $result) {
                                      if(
                          mysql_num_rows($result) > 0) {
                                          
                          $errmsg_arr[] = 'Login ID already in use';
                                          
                          $errflag true;
                                      }
                                      @
                          mysql_free_result($result);
                                  }
                                  else {
                                      die(
                          "Query failed");
                                  }
                              }
                              
                              
                          //If there are input validations, redirect back to the registration form
                              
                          if($errflag) {
                                  
                          $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
                                  
                          session_write_close();
                                  
                          header("location: register-form.php");
                                  exit();
                              }

                              
                          //Create INSERT query
                              
                          $qry "INSERT INTO ibwf_users(email, validated, name, pass) VALUES('$email','1','$login','".md5($_POST['password'])."')";
                              
                          $result = @mysql_query($qry);
                              
                              
                          //Check whether the query was successful or not
                              
                          if($result) {
                                  
                          header("location: register-success.php");
                                  exit();
                              }else {
                                  die(
                          "Query failed");
                              }
                          ?>
                          register-success.php
                          PHP Code:
                          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                          <
                          html xmlns="http://www.w3.org/1999/xhtml">
                          <
                          head>
                          <
                          meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
                          <
                          title>Registration Successful</title>
                          <
                          link href="style.css" rel="stylesheet" type="text/css" />
                          </
                          head>
                          <
                          body>
                          <
                          h1>Registration Successful</h1>
                          <
                          p><a href="index.php">Click here</ato login to your account.</p>
                          </
                          body>
                          </
                          html
                          to scan more input value u can use this function
                          PHP Code:
                          function clean($str) {
                                  
                          $str = @trim($str);
                                  if(
                          get_magic_quotes_gpc()) {
                                      
                          $str=htmlspecialchars($str);                       
                                      
                          $str=stripslashes(trim($str));
                                      
                          $search=array("\\","\0","\n","\r","\x1a","'",'"');
                                      
                          $replace=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"');
                                      
                          $str str_replace($search,$replace,$str);
                                  }
                                  return 
                          mysql_real_escape_string($str);
                              } 
                          use as
                          PHP Code:
                          $email clean($_POST['email']); 

                          Comment


                          • Originally posted by shakil420
                            yeah thanx bro....is it possible.....suppose if any user change his browser then his session automatically dropped??? like in opera ----> 420.com/index.php?action=main&sid=420420420420 then when he tried to paste the link with others opera/mozilla browsers like in mozilla -----> 420.com/index.php?action=main&sid=420420420420

                            then it shows "hei 420 site sid proteced lol"

                            if u know the code trhen post pls
                            PHP Code:
                            $bro mysql_fetch_array(mysql_query("SELECT browserm FROM ibwf_users WHERE id='".$uid."'"));
                            $brws $_SERVER['HTTP_USER_AGENT'];
                            if(
                            $bro[0]!=$brws){
                            echo 
                            "hei 420 site sid proteced lol";
                            exit;

                            Comment


                            • I need some advice or help:

                              how to speed up the function that displays number of topics, number of posts and the last post (nick and time) of the subforum on my web extension of lava (trying to make it phpBB like)?

                              I am using this code:

                              PHP Code:
                              $forums mysql_query("SELECT id, name FROM ibwf_forums WHERE cid='".$cid."' AND clubid='0' ORDER BY position, id, name");

                                  while(
                              $forum mysql_fetch_array($forums))
                                  {
                                    if(
                              canaccess(getuid_sid($sid), $forum[0]))
                                    {
                                    
                              $notp mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE fid='".$forum[0]."'"));
                                    
                              $nops mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts a INNER JOIN ibwf_topics b ON a.tid = b.id WHERE b.fid='".$forum[0]."'"));
                                    
                              $iml "<img src=\"images/1.gif\" alt=\"*\"/> ";

                                    
                              $lpt mysql_fetch_array(mysql_query("SELECT id, name FROM ibwf_topics WHERE fid='".$forum[0]."' ORDER BY lastpost DESC LIMIT 0,1"));
                                    
                              $nops0 mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts WHERE tid='".$lpt[0]."'"));
                                    if(
                              $nops0[0]==0)
                                    {
                                    
                              $pinfo mysql_fetch_array(mysql_query("SELECT authorid FROM ibwf_topics WHERE id='".$lpt[0]."' LIMIT 0,1"));
                                    }
                                    else
                                    {
                                    
                              $pinfo mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_posts WHERE tid='".$lpt[0]."' ORDER BY dtpost DESC LIMIT 0,1"));
                                    }
                                    
                              $tlnm htmlspecialchars($lpt[1]);
                                    
                              $tlnick getnick_uid($pinfo[0]);
                                    
                              $tpclnk "<a href=\"index.php?action=viewtpc&amp;sid=$sid&amp;tid=$lpt[0]&amp;go=last\">$tlnm</a>";
                                    
                              $vulnk "<a href=\"index.php?action=viewuser&amp;sid=$sid&amp;who=$pinfo[0]\">$tlnick</a>";
                                    
                                  echo 
                              "<tr>
                                  <td valign=\"middle\" width=\"25\">&nbsp;
                              $iml</td>
                                  <td align=\"left\" width=\"200\" class=\"sjena\">&nbsp;<a href=\"index.php?action=viewfrm&amp;sid=
                              $sid&amp;fid=$forum[0]\">$forum[1]</a></td>
                                  <td width=\"50\" align=\"center\" class=\"sjena\">
                              $notp[0]</td>
                                  <td width=\"60\" align=\"center\" class=\"sjena\">
                              $nops[0]</td>
                                  <td align=\"right\" class=\"style12\">
                              $tpclnk&nbsp;<br/>od: $vulnk&nbsp;</td>
                                  </tr><tr><td colspan=\"5\"><hr></td></tr>"
                              ;
                                  }
                                  } 
                              and preview how slow it is can be seen here: MERAK.mobi

                              Comment


                              • @ thank u for the post something else bro ///
                                PHP Code:
                                if($bro[0]!=$brws
                                in the code (!= ) what it means?? not equal?? when i use the code it always show hei 420 site sid proteced lol though i use same browser.... reply soon thank u

                                Comment

                                Working...
                                X