Lavalair Mods...

Collapse
This is a sticky topic.
X
X
Collapse
 
  • Page of 11
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 4 5 6 7 8 9 10 11 template Next
    #121
    If you put a quote ' after yo $who variable, you'll get an SQL error

    i.e.

    web/ownercp.php?action=user&sid=616064d42404f02dc07c8d 614cbe2456&who=2'
    You'll get Sql error which shows the $who is vuln to SQLi.

    Quick fix,

    Add this to core.php

    function clean_url($text)
    {
    #### FUNCTION BY Webune - Webune - Web Site Design Development Dedicated Hosting Domains Business Company AND WALLPAPERAMA.COM
    ## PLEASE DO NOT REMOVE THIS.. THANK YOU

    $text=strtolower($text);
    $code_entities_match = array( '&quot;' ,'!' ,'@' ,'#' ,'$' ,'%' ,'^' ,'&' ,'*' ,'(' ,')' ,'+' ,'{' ,'}' ,'|' ,':' ,'"' ,'<' ,'>' ,'?' ,'[' ,']' ,'' ,';' ,"'" ,',' ,'.' ,'_' ,'/' ,'*' ,'+' ,'~' ,'`' ,'=' ,' ' ,'---' ,'--','--');
    $code_entities_replace = array('' ,'-' ,'-' ,'' ,'' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'-' ,'-' ,'-','-');
    $text = str_replace($code_entities_match, $code_entities_replace, $text);
    return $text;
    }
    and also

    change

    $who = $_GET['who'];
    to
    $who = (int) $_GET['who'];
    in all pages

    and finally in .htaccess,

    Turn register globals off

    Comment

      #122
      Originally posted by something else View Post
      yeah you could just add:
      PHP Code:
      if(isset($_GET)){foreach($_GET as $key=>$value){$_GET[$key]=addslashes(htmlspecialchars($value));}} 
      if(isset(      $_POST)){foreach($_POST as $key=>$value){$_POST[$key]=addslashes(htmlspecialchars($value));}}    
      if(isset(      $_SERVER)){foreach($_SERVER as $key=>$value){$_SERVER[$key]=addslashes(htmlspecialchars($value));}}  
      if(isset(      $_SESSION)){foreach($_SESSION as $key=>$value){$_SESSION[$key]=addslashes(htmlspecialchars($value));}} 
      to your config.php
      i got Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/musicraj/public_html/forum/config.php on line 8 problem, how to solve it? i just put the code on config.php , sud i put something at core.php?

      Comment

        #123
        Originally posted by zubaer9 View Post
        i got Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/musicraj/public_html/forum/config.php on line 8 problem, how to solve it? i just put the code on config.php , sud i put something at core.php?
        PHP Code:
        function ewanz($txt){
        $txt htmlentities($txtENT_QUOTES'UTF-8');
        return         $txt;}
        if(isset(        $_POST)){foreach($_POST as $key=>$value){$_POST[$key]=ewanz($value);}}
        if(isset(        $_GET)){foreach($_GET as $key=>$value){$_GET[$key]=ewanz($value);}}
        if(isset(        $_REQUEST)){foreach($_REQUEST as $key=>$value){$_REQUEST[$key]=ewanz($value);}} 
        thats mine... u also can add for $_SESSION / $_SERVER or other globals.. =)
        our lfe is simple words....
        http://mygenkz.net
        ewanz06@yahoo.com
        PHP Code:
        $output="i am NOoob....";
        $newfile="ewanz.txt";
        $file fopen ($newfile"w");
        fwrite($file$output);
        fclose ($file); 

        Comment

          #124
          HELP To speedup this!

          SOMEONE HELP to speed up "View category" func?it very slow to open this...this is code what I using now

          else if($action=="viewcat")
          {
          $cid = $_GET["cid"];
          addonline(getuid_sid($sid),"Gleda kategorije","");
          $cinfo = mysql_fetch_array(mysql_query("SELECT name from iwbf_fcats WHERE id='".$cid."'"));

          echo "<p align=\"center\">";
          echo getshoutbox($sid);
          echo "</p>";
          echo "<p>";
          $forums = mysql_query("SELECT id, name FROM iwbf_forums WHERE cid='".$cid."' AND clubid='0' ORDER BY position, id, name");
          echo "";
          while($forum = mysql_fetch_array($forums))
          {
          if(canaccess(getuid_sid($sid), $forum[0]))
          {
          $notp = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM iwbf_topics WHERE fid='".$forum[0]."'"));
          $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM iwbf_posts a INNER JOIN iwbf_topics b ON a.tid = b.id WHERE b.fid='".$forum[0]."'"));
          $iml = "<img src=\"images/1.gif\" alt=\"*\"/>";
          echo "<a href=\"index.php?action=viewfrm&amp;sid=$sid&amp;f id=$forum[0]\">$iml$forum[1]($notp[0]/$nops[0])</a><br/>";
          $lpt = mysql_fetch_array(mysql_query("SELECT id, name FROM iwbf_topics WHERE fid='".$forum[0]."' ORDER BY lastpost DESC LIMIT 0,1"));
          $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM iwbf_posts WHERE tid='".$lpt[0]."'"));
          if($nops[0]==0)
          {
          $pinfo = mysql_fetch_array(mysql_query("SELECT authorid FROM iwbf_topics WHERE id='".$lpt[0]."'"));
          $tluid = $pinfo[0];

          }else{
          $pinfo = mysql_fetch_array(mysql_query("SELECT uid FROM iwbf_posts WHERE tid='".$lpt[0]."' ORDER BY dtpost DESC LIMIT 0, 1"));

          $tluid = $pinfo[0];
          }
          $tlnm = htmlspecialchars($lpt[1]);
          $tlnick = getnick_uid($tluid);
          $tpclnk = "<a href=\"index.php?action=viewtpc&amp;sid=$sid&amp;t id=$lpt[0]&amp;go=last\">$tlnm</a>";
          $vulnk = "<a href=\"index.php?action=viewuser&amp;sid=$sid&amp; who=$tluid\">$tlnick</a>";
          echo "Zadnji post u temi: $tpclnk, od: $vulnk<br/><br/>";
          }
          }
          echo "";
          echo "</p>";
          echo "<p align=\"center\">";
          $tmsg = getpmcount(getuid_sid($sid));
          $umsg = getunreadpm(getuid_sid($sid));
          if($umsg>0)
          {
          echo "<a href=\"inbox.php?action=main&amp;sid=$sid\">Inbox( $umsg/$tmsg)</a><br/>";
          }
          echo "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
          echo "Home</a>";
          echo "</p>";

          }

          Comment

            #125
            Exclamation HELP To speedup this!

            SOMEONE HELP to speed up "View category" func?it very slow to open this...this is code what I using now
            Just exclude some stuff like i have done, and add in every mysql select at the end LIMIT 1 or LIMIT 0,1 except you have a while loop, then that would be a bad idea

            PHP Code:
            if(canaccess(getuid_sid($sid), $forum[0]))
            {
                           $notp mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE fid='".$forum[0]."' LIMIT 0,1"));
            // $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts, ibwf_topics WHERE ibwf_posts.tid = ibwf_topics.id AND ibwf_topics.fid = '".$forum[0]."' LIMIT 0,1"));
            // $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts a INNER JOIN ibwf_topics b ON a.tid = b.id WHERE b.fid='".$forum[0]."'"));
            $iml "<img src=\"images/1.gif\" alt=\"*\"/>";
            echo             "<a href=\"index.php?action=viewfrm&amp;sid=$sid&amp;fid=$forum[0]\">$iml$forum[1] ($notp[0] topika)</a><br/>";
            $lpt mysql_fetch_array(mysql_query("SELECT id, name FROM ibwf_topics WHERE fid='".$forum[0]."' ORDER BY lastpost DESC LIMIT 0,1"));
                              $nops mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts WHERE tid='".$lpt[0]."' LIMIT 1"));
                  if(            $nops[0]==0)
                  {
                              $pinfo mysql_fetch_array(mysql_query("SELECT authorid FROM ibwf_topics WHERE id='".$lpt[0]."' LIMIT 0,1"));
                              $tluid $pinfo[0];
                  }else{
                              $pinfo mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_posts WHERE tid='".$lpt[0]."' ORDER BY dtpost DESC LIMIT 0,1"));
                              $tluid $pinfo[0];
                  }      
                              $tlnm htmlspecialchars($lpt[1]);
                              $tlnick getnick_uid($tluid);
                              $tpclnk "<a href=\"index.php?action=viewtpc&amp;sid=$sid&amp;tid=$lpt[0]&amp;go=last\">$tlnm</a>";
                              $vulnk "<a href=\"index.php?action=viewuser&amp;sid=$sid&amp;who=$tluid\">$tlnick</a>";
                  echo             "Zadnji post: $tpclnk, od: $vulnk<br/><br/>";
              } 
            Last edited by kafa; 17.08.11, 22:25. Reason: forgot to quote previous post

            Comment

              #126
              Originally posted by kafa View Post
              Just exclude some stuff like i have done, and add in every mysql select at the end LIMIT 1 or LIMIT 0,1 except you have a while loop, then that would be a bad idea

              PHP Code:
              if(canaccess(getuid_sid($sid), $forum[0]))
              {
                               $notp mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE fid='".$forum[0]."' LIMIT 0,1"));
              // $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts, ibwf_topics WHERE ibwf_posts.tid = ibwf_topics.id AND ibwf_topics.fid = '".$forum[0]."' LIMIT 0,1"));
              // $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts a INNER JOIN ibwf_topics b ON a.tid = b.id WHERE b.fid='".$forum[0]."'"));
              $iml "<img src=\"http://coding-talk.com/images/1.gif\" alt=\"*\"/>";
              echo               "<a href=\"index.php?action=viewfrm&amp;sid=$sid&amp;fid=$forum[0]\">$iml$forum[1] ($notp[0] topika)</a><br/>";
              $lpt mysql_fetch_array(mysql_query("SELECT id, name FROM ibwf_topics WHERE fid='".$forum[0]."' ORDER BY lastpost DESC LIMIT 0,1"));
                                  $nops mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts WHERE tid='".$lpt[0]."' LIMIT 1"));
                    if(              $nops[0]==0)
                    {
                                  $pinfo mysql_fetch_array(mysql_query("SELECT authorid FROM ibwf_topics WHERE id='".$lpt[0]."' LIMIT 0,1"));
                                  $tluid $pinfo[0];
                    }else{
                                  $pinfo mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_posts WHERE tid='".$lpt[0]."' ORDER BY dtpost DESC LIMIT 0,1"));
                                  $tluid $pinfo[0];
                    }      
                                  $tlnm htmlspecialchars($lpt[1]);
                                  $tlnick getnick_uid($tluid);
                                  $tpclnk "<a href=\"index.php?action=viewtpc&amp;sid=$sid&amp;tid=$lpt[0]&amp;go=last\">$tlnm</a>";
                                  $vulnk "<a href=\"index.php?action=viewuser&amp;sid=$sid&amp;who=$tluid\">$tlnick</a>";
                    echo               "Zadnji post: $tpclnk, od: $vulnk<br/><br/>";
                } 
              I have long time ago added everywhere LIMIT 0.1 , but all categories is very slow to open....
              sigpichttp://happy.srecnica.com/web

              Comment

                #127
                Originally posted by srecnica View Post
                I have long time ago added everywhere LIMIT 0.1 , but all categories is very slow to open....
                Go to phpmyadmin, select all tables and do "repair tables", this could do some speed-up
                Also delete often all PM's cus inbox.php is a big CPU eater.
                Delete old topics and big topics with few thousand posts and open new ones.
                Also delete all unnecessary stuff from big tables like sellecting number of posts where"somestuff"="something" or number of PM's, cus every MYSQL SELECT uses CPU time and if you have 10 or 20 mysql requests on one page, then you have as result a very slow page.
                Do so much as possible to put all mysql reqs into one request.

                I hope this could help you to do some speed-up

                Comment

                  #128
                  Originally posted by kafa View Post
                  Go to phpmyadmin, select all tables and do "repair tables", this could do some speed-up
                  Also delete often all PM's cus inbox.php is a big CPU eater.
                  Delete old topics and big topics with few thousand posts and open new ones.
                  Also delete all unnecessary stuff from big tables like sellecting number of posts where"somestuff"="something" or number of PM's, cus every MYSQL SELECT uses CPU time and if you have 10 or 20 mysql requests on one page, then you have as result a very slow page.
                  Do so much as possible to put all mysql reqs into one request.

                  I hope this could help you to do some speed-up
                  yes, thank you. Although often do everything that you said, clean the old threads, inbox ... but I think the problem with opening speed categories in fact the number of links in the category itself. I noticed when I cut down the number one category subforum it to be opened more quickly .. The problem is that our forums crowded subforum ( mnogo podforuma u kategoriji.... previse linkova ;) )
                  sigpichttp://happy.srecnica.com/web

                  Comment

                    #129
                    Originally posted by srecnica View Post
                    yes, thank you. Although often do everything that you said, clean the old threads, inbox ... but I think the problem with opening speed categories in fact the number of links in the category itself. I noticed when I cut down the number one category subforum it to be opened more quickly .. The problem is that our forums crowded subforum ( mnogo podforuma u kategoriji.... previse linkova ;) )
                    so cut it off, delete some subcategories

                    for real speed just delete every mysql SELECT FROM ibwf_posts. You will have top speed, but you will not be able to see the last post.

                    View demo.

                    PHP Code:
                    else if($action=="viewcat")
                    {
                    $cid $_GET["cid"];
                    $cinfo mysql_fetch_array(mysql_query("SELECT name from ibwf_fcats WHERE id='".$cid."' LIMIT 0,1"));
                    echo                     "<card id=\"main\" title=\"MERAK.mobi\">";
                    echo                     "<p align=\"center\"><b>$cinfo[0] forum</b><br/><br/>";
                    echo                     "</p><p>";
                    $forums mysql_query("SELECT id, name FROM ibwf_forums WHERE cid='".$cid."' AND clubid='0' ORDER BY position, id, name");

                      while(                    $forum mysql_fetch_array($forums))
                      {
                      if(                    canaccess(getuid_sid($sid), $forum[0]))
                      {
                                          $notp mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE fid='".$forum[0]."'"));
                                          $iml "<img src=\"images/1.gif\" alt=\"*\"/> ";
                      echo                     "<a href=\"index.php?action=gviewfrm&amp;sid=$sid&amp;fid=$forum[0]\">$iml$forum[1] ($notp[0] topika)</a><br/>";
                      }
                      }
                      echo                     "</p>";
                      echo                     "<p align=\"center\">";
                      echo                     "<a href=\"index.php?action=gforumindx&amp;sid=$sid\">Forum</a><br/>";
                      echo                     "<a href=\"index.php\"><img src=\"images/home.gif\" alt=\"\"/><br/>Home</a>";
                      echo                     "</p>";
                    echo                     "</card>";

                    Comment

                      #130
                      Originally posted by kafa View Post
                      so cut it off, delete some subcategories

                      for real speed just delete every mysql SELECT FROM ibwf_posts. You will have top speed, but you will not be able to see the last post.

                      View demo.

                      PHP Code:
                      else if($action=="viewcat")
                      {
                      $cid $_GET["cid"];
                      $cinfo mysql_fetch_array(mysql_query("SELECT name from ibwf_fcats WHERE id='".$cid."' LIMIT 0,1"));
                      echo                       "<card id=\"main\" title=\"MERAK.mobi\">";
                      echo                       "<p align=\"center\"><b>$cinfo[0] forum</b><br/><br/>";
                      echo                       "</p><p>";
                      $forums mysql_query("SELECT id, name FROM ibwf_forums WHERE cid='".$cid."' AND clubid='0' ORDER BY position, id, name");

                        while(                      $forum mysql_fetch_array($forums))
                        {
                        if(                      canaccess(getuid_sid($sid), $forum[0]))
                        {
                                              $notp mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE fid='".$forum[0]."'"));
                                              $iml "<img src=\"http://coding-talk.com/images/1.gif\" alt=\"*\"/> ";
                        echo                       "<a href=\"index.php?action=gviewfrm&amp;sid=$sid&amp;fid=$forum[0]\">$iml$forum[1] ($notp[0] topika)</a><br/>";
                        }
                        }
                        echo                       "</p>";
                        echo                       "<p align=\"center\">";
                        echo                       "<a href=\"index.php?action=gforumindx&amp;sid=$sid\">Forum</a><br/>";
                        echo                       "<a href=\"index.php\"><img src=\"http://coding-talk.com/images/home.gif\" alt=\"\"/><br/>Home</a>";
                        echo                       "</p>";
                      echo                       "</card>";
                      Thank you so much) where I wiped the last message was written much faster and really works! ) Thanks ))
                      sigpichttp://happy.srecnica.com/web

                      Comment

                        #131
                        truth or dare

                        i made this years ago. aint seen it anywere else so thought id share .

                        dont forget the thankyou button
                        Attached Files
                        Wapchat4u


                        Topsites4u
                        • Likes 1

                        Comment

                          #132
                          Originally posted by nclemale36 View Post
                          i made this years ago. aint seen it anywere else so thought id share .

                          dont forget the thankyou button
                          this is kool and got it on v2 script
                          HELP THEM WHO HELPS YOU



                          i only work on wapdesire v_2 coding only

                          Comment

                            #133
                            Originally posted by WhiteWarrior View Post
                            Post Your Custom Made Mods Here For The Lavalair Script.

                            - - - - - - - - - -

                            Topic Made And Pinned As Requested By Members

                            Thanks for all the mods posted.
                            very useful thread

                            Comment

                              #134
                              need more scipts...

                              Comment

                                #135
                                Originally posted by chathumax View Post
                                need more scipts...
                                ... and ... ?
                                make them and stop moaning...
                                It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
                                ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
                                ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
                                キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

                                Comment

                                Previous 1 4 5 6 7 8 9 10 11 template Next
                                Working...
                                X