i have this in my site core..help...

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    i have this in my site core..help...

    how can i hide my site sessi0ns if this is my core??

    PHP Code:
    <?php
    /*
    (dont removed this copyrights) 
    */
    include("iconfig.php");
    //include("gmprc.php");
    //session_start();

    ini_set("display_errors""0");

    if(!    get_magic_quotes_gpc())
    {
    $_GET array_map('trim'$_GET);
    $_POST array_map('trim'$_POST);
    $_COOKIE array_map('trim'$_COOKIE);
    $_GET array_map('addslashes'$_GET);
    $_POST array_map('addslashes'$_POST);
    $_COOKIE array_map('addslashes'$_COOKIE);
    $_GET array_map('addslashes'$_GET);
    $_POST array_map('addslashes'$_POST);
    $_COOKIE array_map('addslashes'$_COOKIE);
    }

    function     cleanInput($text) {
     
    $search = array(
            '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
            '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
            '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
            '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
    );
     
            $output preg_replace($search''$text);
        return     $output;
    }
    function     sanitize($text) {
        if (    is_array($text)) {
            foreach(    $text as $var=>$val) {
                    $output[$var] = sanitize($val);
            }
        }
        else {
            if (    get_magic_quotes_gpc()) {
                    $text stripslashes($text);
            }
                $text  cleanInput($text);
                $output mysql_real_escape_string($text);
        }
        return     $output;
    }
    function     connectdb()
    {
        global     $dbname$dbuser$dbhost$dbpass;
            $conms = @mysql_connect($dbhost,$dbuser,$dbpass); //connect mysql
            if(!$conms) return false;
            $condb = @mysql_select_db($dbname);
        if(!    $condb) return false;
        return     true;
    }
    function     safe($text)
    {
    $safe stripslashes($text);
    if(    function_exists("mysql_real_escape_string"))
    {
    $safe mysql_real_escape_string($safe);
    }else if(    function_exists("mysql_escape_string"))
    {
    $safe mysql_escape_string($safe);
    }
    return     $safe;
    }
    //protect against sql injections and remove $ sign
    if( !get_magic_quotes_gpc() )
    {
        if(     is_array($_GET) )
        {
            while( list(    $k$v) = each($_GET) )
            {
                if(     is_array($_GET[$k]) )
                {
                    while( list(    $k2$v2) = each($_GET[$k]) )
                    {
                            $_GET[$k][$k2] = addslashes($v2);
                    }
                    @    reset($_GET[$k]);
                }
                else
                {
                        $_GET[$k] = addslashes($v);
                }
            }
            @    reset($_GET);
        }

        if(     is_array($_POST) )
        {
            while( list(    $k$v) = each($_POST) )
            {
                if(     is_array($_POST[$k]) )
                {
                    while( list(    $k2$v2) = each($_POST[$k]) )
                    {
                            $_POST[$k][$k2] = addslashes($v2);
                    }
                    @    reset($_POST[$k]);
                }
                else
                {
                        $_POST[$k] = addslashes($v);
                }
            }
            @    reset($_POST);
        }
    }
    /////register form
    function findcard($tcode)
    {
            $st =strpos($tcode,"[card=");
        if (    $st === false)
        {
          return     $tcode;
        }else
        {
              $ed =strpos($tcode,"[/card]");
          if(    $ed=== false)
          {
            return     $tcode;
          }
        }
            $texth substr($tcode,0,$st);
            $textf substr($tcode,$ed+7);
            $msg substr($tcode,$st+10,$ed-$st-10);
            $cid substr($tcode,$st+6,3);
            $words explode(' ',$msg);
            $msg implode('+',$words);
      return     "$texth<br/><img src=\"pmcard.php?cid=$cid&amp;msg=$msg\" alt=\"$cid\"/><br/>$textf";
    }
    function     saveuinfo($sid)
    {

            $headers apache_request_headers();
            $alli "";
        foreach (    $headers as $header => $value)
        {
                $alli .= "$header$value <br />\n";
        }
            $alli .= "IP: ".$_SERVER['REMOTE_ADDR']."<br/>";
            $alli .= "REFERRER: ".$_SERVER['HTTP_REFERER']."<br/>";
            $alli .= "REMOTE HOST: ".getenv('REMOTE_HOST')."<br/>";
            $alli .= "PROX: ".$_SERVER['HTTP_X_FORWARDED_FOR']."<br/>";
            $alli .= "HOST: ".getenv('HTTP_X_FORWARDED_HOST')."<br/>";
            $alli .= "SERV: ".getenv('HTTP_X_FORWARDED_SERVER')."<br/>";
        if(    trim($sid)!="")
        {
                $uid getuid_sid($sid);
                $fname "tmp/".getnick_uid($uid).".rwi";
                $out fopen($fname,"w");
                fwrite($out,$alli);
                fclose($out);
        }

            //return 0;
    }
    function     registerform($ef)
    {
    $ref safe(cleanInput($_GET["r"]));
    $ref2 safe(cleanInput($_POST["r2"]));

          $ue $errl $pe $ce "";
      switch(    $ef)
      {
        case     1:
                $errl "! Please Type Your Screename";
                $ue "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     2:
                $errl "! Please Type Your Password";
                $pe "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     3:
                $errl "! Please Type Your Password Again";
                $ce "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     4:
                $errl "! Screename Is Invalid";
                $ue "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     5:
                $errl "! Password Is Invalid";
                $pe "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     6:
                $errl "! Passwords Doesn't Match";
                $ce "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     7:
                $errl "! Screename Must Be 4 Characters Or More";
                $ue "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     8:
                $errl "! Password Must Be 4 Characters Or More";
                $pe "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     9:
                $errl "! Screename Already Registered, Choose A Different One";
                $ue "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     10:
                $errl "! Unknown Mysql Error, Please Try To Register Later";

            break;
        case     11:
                $errl "! Screename Must Start With Letter From A-Z";
                $ue "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     12:
                $errl "Screename Is Reserved For Admin/Owner Of This Site";
                $ue "<img src=\"../images/point.gif\" alt=\"!\"/>";
            break;
        case     13:
                $errl "! Please Choose An Appropriate Nickname";
                $ue "";
            break;
        case     14:
                $errl "! You Must Enter An Email Address";
                $ue "";
            break;
        case     15:
                $errl "! Email Address Already In Use";
                $ue "";
            break;
       case     16:
                $errl "! Email Address Is Invalid";
                $ue "";
            break;
      }
          $rform "<br/>";
          $rform .= "<form action=\"register.php\" method=\"post\">";
          $rform .= "<b>Username:</b><br/><input name=\"uid\" format=\"*x\" maxlength=\"15\"/><br/>";
          $rform .= "$pe <b>Password:</b><br/><input type=\"password\" name=\"pwd\" format=\"*x\" maxlength=\"30\"/><br/>";
          $rform .= "$ce <b>Re-type Password:</b><br/><input type=\"password\" name=\"cpw\" format=\"*x\" maxlength=\"30\"/><br/>";
          $rform .= "<b>Date Of Birth:</b><br/>";
          $rform .= "<select name=\"day\" value=\"01\">";
          $rform .= "<option value=\"01\">1</option>";
          $rform .= "<option value=\"02\">2</option>";
          $rform .= "<option value=\"03\">3</option>";
          $rform .= "<option value=\"04\">4</option>";
          $rform .= "<option value=\"05\">5</option>";
          $rform .= "<option value=\"06\">6</option>";
          $rform .= "<option value=\"07\">7</option>";
          $rform .= "<option value=\"08\">8</option>";
          $rform .= "<option value=\"09\">9</option>";
          $rform .= "<option value=\"10\">10</option>";
          $rform .= "<option value=\"11\">11</option>";
          $rform .= "<option value=\"12\">12</option>";
          $rform .= "<option value=\"13\">13</option>";
          $rform .= "<option value=\"14\">14</option>";
          $rform .= "<option value=\"15\">15</option>";
          $rform .= "<option value=\"16\">16</option>";
          $rform .= "<option value=\"17\">17</option>";
          $rform .= "<option value=\"18\">18</option>";
          $rform .= "<option value=\"19\">19</option>";
          $rform .= "<option value=\"20\">20</option>";
          $rform .= "<option value=\"21\">21</option>";
          $rform .= "<option value=\"22\">22</option>";
          $rform .= "<option value=\"23\">23</option>";
          $rform .= "<option value=\"24\">24</option>";
          $rform .= "<option value=\"25\">25</option>";
          $rform .= "<option value=\"26\">26</option>";
          $rform .= "<option value=\"27\">27</option>";;
          $rform .=
    Last edited by arnage; 28.07.12, 08:14.
    Tags: None
    #2
    from what i can see ur sessions are hidden u are using cookies and SESSION nothing apart from page data is being transfered thru url the url is also being check for sql_injection u shouldnt be having any problems
    Creator of
    Epix.Mobi

    Keep an Eye on us Big things coming soon!!!!
    Need something for your site hit me up here
    http://coding-talk.com/forum/main-fo...r-your-wapsite

    Comment

      #3
      Originally posted by Loony View Post
      from what i can see ur sessions are hidden u are using cookies and SESSION nothing apart from page data is being transfered thru url the url is also being check for sql_injection u shouldnt be having any problems
      ah my site is ok even i didnt change anything?but how about if i want to hide that hash in url of my site?i want to become this www.mysite.com/index.php?do=main

      Comment

        #4
        re

        Originally posted by hi_jakkk View Post
        ah my site is ok even i didnt change anything?but how about if i want to hide that hash in url of my site?i want to become this www.mysite.com/index.php?do=main
        then ud have to edit the $action= $_GET"action";
        to something like $do = $_GET"do";

        then ud have to edit all your links
        like this home.php?do=viewuser

        and
        if($action=="main")
        {
        }else{
        }
        will become
        if($do=="main")
        {
        }else{
        }
        Last edited by ozziemale31; 25.07.12, 04:49.









        Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
        Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

        Comment

          #5
          Originally posted by ozziemale31 View Post
          then ud have to edit the $action= $_GET"action";
          to something like $do = $_GET"do";

          then ud have to edit all your links
          like this home.php?do=viewuser

          and
          if($action=="main")
          {
          }else{
          }
          will become
          if($do=="main")
          {
          }else{
          }
          can i do that if this my login page?
          PHP Code:
          include("iconfig.php");
          include("icore.php");

          header("Content-type: text/html; charset=ISO-8859-1");
          echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
          echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
          echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
          echo "<html>";
          echo "<head>";
          echo "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />
          <meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>
          <meta name=\"description\" content=\"mobile interactive community that can be access wherever you are in the world. It is made to connect people and to establish unity with tones of new exciting features like Scrembox, Forums, Articles, Chatrooms, Downloads, Clubs, Photo Gallery, Blogs, Polls, Chappel, Rpg Game, Lucky9, Jack En Poy, Spin The Wheel, Virtual Pets, Wap Jueteng And More Options That Entertain You And Makes You Busy\"/>
          <meta name=\"keywords\" content=\"free community, forums, chat, wap, communicate, free sms, mp3, scandals, videos, games, downloads, scripts, ringtones, porn, xxx, hot, new, latest\"/>
          <link rel=\"shortcut icon\" href=\"pgsm.ico\" type=\"image/x-icon\"/>
          <link rel=\"stylesheet\" type=\"text/css\" href=\"gsmstyle.css\"/>";
          echo "</head>";
          echo "<body>";

          connectdb();
          $bcon = connectdb();
          if (!$bcon)
          {
           
              echo "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>";
              echo "Cant connect to database<br/>";
              echo "This error happens usually when backing up the database, please be patient, The site will be up any minute<br/>";
              echo "Thank You Very Much<br/><a href=\"index.php\">Home</a><br/>";
              
          echo "<br/><div class=\"foot\">";
           echo "$mysite";

            echo "<br/>Page Took ";
          $load = microtime();
          print (number_format($load,2));
          echo " Seconds </div>";

           echo "</div>";
              echo "</body>";
              echo "</html>";
              exit();
          }
          $ubr = $_SERVER['HTTP_USER_AGENT'];
          $uid = sanitize(cleanInput($_GET["u"]));
          $lname = getnick_lick($uid);
          $pwd = sanitize(cleanInput($_GET["p"]));
          $myid = getuid_lick($uid);
          $gsmstyle = mysql_fetch_array(mysql_query("SELECT mystyle FROM jusaytb_users WHERE id='".$myid."'"));

          $tolog = false;
            echo "<head>";
            echo "<title>$lname@$mysite</title>";
            echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
            echo "</head>";
           echo "<div align=\"center\">";
           
            
            $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."'"));
            if($uinf[0]==0)
            {
              //Check for user ID
              echo "<div class=\"t2\">Error.!!</div><br/>User Does Not Exist Or Error Login Name<br/><a href=\"terms.php\">Register It Now</a><br/>";
            }else{
              //check for pwd
              $epwd = md5($pwd);
              $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."' AND pass='".$epwd."'"));
              if($uinf[0]==0)
              {
                echo "<div class=\"t2\">Error.!!</div><br/>Are You Trying To Guess Your Password Or What?<br/>Please Type It Correctly<br/>";
              }else{
                  //is user already logged in?
                  $logedin = mysql_fetch_array(mysql_query("SELECT uid FROM jusaytb_ses WHERE uid='".getuid_lick($uid)."'"));
            mysql_query("DELETE FROM jusaytb_ses WHERE uid='".$uid."'");
            mysql_query("DELETE FROM jusaytb_online WHERE userid='".$uid."'");
                $rndsid = rand(111,999);
                $tm = time();
                $xtm = $tm + (getsxtm()*50);
                $did = $tm.$rndsid;
                $res = mysql_query("INSERT INTO jusaytb_ses SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_lick($uid)."', expiretm='".$xtm."'");
                
                
            echo "<head>";
            echo "<title>$uid@$mysite</title>";
            echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
            echo "</head>";
          echo "<div class=\"head\">Welcome $lname!</div><br/>";
                  $idn = getuid_lick($uid);
                   $sid = safe(cleanInput(md5($did)));
                  echo "[<a href=\"index.php?do=main&amp;sid=$sid\">Enter Now</a>]<br/><br/>";
          $tmsg = getpmcount(getuid_sid($sid));
            $umsg = getunreadpm(getuid_sid($sid));
           $unreadinbox=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE unread='1' AND touid='".$myid."'"));
                  $pmtotl=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE touid='".$myid."'"));
                  $unrd="".$unreadinbox[0]."";
                  if ($unreadinbox[0]>0)
                  {
                  echo "<a href=\"inbox.php?do=main&amp;sid=$sid\">$unrd New Message(s)</a><br/>";
              }else{
            echo "You have 0 New Message<br/>";
            }
          echo "<br/>Bookmark This Page!<br/>
          For Auto-Login References.<br/>";
                include("ads.php");
                echo"<hr color=\"blue\" width=\"50%\">";

          $xfile = @file("randomlogin.txt");

          $random_num = rand (0,count($xfile)-1);

          $udata = explode("::",$xfile[$random_num]);

          echo "$udata[1]";


                    
                  }
                  
                } 
                 
                

                $rndsid = rand(111,999);
                $tm = time();
                $xtm = $tm + (getsxtm()*50);
                $did = $tm.$rndsid;
                $res = mysql_query("INSERT INTO jusaytb_ases SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");
                
                
           $sid = safe(cleanInput(md5($did)));
          echo "<br/><a href=\"index.php?do=sesreset&amp;sid=$sid\">";
          echo "Reset My Session</a><br/>";


          echo "<br/><div class=\"foot\">";
           echo "$mysite";

            echo "<br/>Page Took ";
          $load = microtime();
          print (number_format($load,2));
          echo " Seconds </div>";

           echo "</div>";
            echo "</body>";
            exit();
          ?>
          </html>
          Last edited by metulj; 28.07.12, 21:09.

          Comment

            #6
            re

            try using
            PHP Code:
            <?php
                            include("iconfig.php");
            include(            "icore.php");
            session_name("PHPSESSID");
            session_start();
            header("Content-type: text/html; charset=ISO-8859-1");
            echo             "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
            echo             "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
            echo             "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
            echo             "<html>";
            echo             "<head>";
            echo             "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />
            <meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>
            <meta name=\"description\" content=\"mobile interactive community that can be access wherever you are in the world. It is made to connect people and to establish unity with tones of new exciting features like Scrembox, Forums, Articles, Chatrooms, Downloads, Clubs, Photo Gallery, Blogs, Polls, Chappel, Rpg Game, Lucky9, Jack En Poy, Spin The Wheel, Virtual Pets, Wap Jueteng And More Options That Entertain You And Makes You Busy\"/>
            <meta name=\"keywords\" content=\"free community, forums, chat, wap, communicate, free sms, mp3, scandals, videos, games, downloads, scripts, ringtones, porn, xxx, hot, new, latest\"/>
            <link rel=\"shortcut icon\" href=\"pgsm.ico\" type=\"image/x-icon\"/>
            <link rel=\"stylesheet\" type=\"text/css\" href=\"gsmstyle.css\"/>"            ;
            echo             "</head>";
            echo             "<body>";

            connectdb();
            $bcon connectdb();
            if (!            $bcon)
            {

            echo             "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>";
            echo             "Cant connect to database<br/>";
            echo             "This error happens usually when backing up the database, please be patient, The site will be up any minute<br/>";
            echo             "Thank You Very Much<br/><a href=\"index.php\">Home</a><br/>";

            echo             "<br/><div class=\"foot\">";
            echo             "$mysite";

            echo             "<br/>Page Took ";
            $load microtime();
            print (            number_format($load,2));
            echo             " Seconds </div>";

            echo             "</div>";
            echo             "</body>";
            echo             "</html>";
            exit();
            }
            $ubr $_SERVER['HTTP_USER_AGENT'];
                          $_SESSION['sid'] = md5($did);
                          $uid getuid_sid($sid);


            //$uid = sanitize(cleanInput($_GET["u"]));
            $lname getnick_lick($uid);
            $pwd sanitize(cleanInput($_GET["p"]));
            $myid getuid_lick($uid);
            $gsmstyle mysql_fetch_array(mysql_query("SELECT mystyle FROM jusaytb_users WHERE id='".$myid."'"));

            $tolog false;
            echo             "<head>";
            echo             "<title>$lname@$mysite</title>";
            echo             "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
            echo             "</head>";
            echo             "<div align=\"center\">";


            $uinf mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."'"));
            if(            $uinf[0]==0)
            {
            //Check for user ID
            echo "<div class=\"t2\">Error.!!</div><br/>User Does Not Exist Or Error Login Name<br/><a href=\"terms.php\">Register It Now</a><br/>";
            }else{
            //check for pwd
            $epwd md5($pwd);
            $uinf mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_users WHERE logname='".$uid."' AND pass='".$epwd."'"));
            if(            $uinf[0]==0)
            {
            echo             "<div class=\"t2\">Error.!!</div><br/>Are You Trying To Guess Your Password Or What?<br/>Please Type It Correctly<br/>";
            }else{
            //is user already logged in?
            $logedin mysql_fetch_array(mysql_query("SELECT uid FROM jusaytb_ses WHERE uid='".getuid_lick($uid)."'"));
            mysql_query("DELETE FROM jusaytb_ses WHERE uid='".$uid."'");
            mysql_query("DELETE FROM jusaytb_online WHERE userid='".$uid."'");
            $rndsid rand(111,999);
            $tm time();
            $xtm $tm + (getsxtm()*50);
            $did $tm.$rndsid;
            $res mysql_query("INSERT INTO jusaytb_ses SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_lick($uid)."', expiretm='".$xtm."'");


            echo             "<head>";
            echo             "<title>$uid@$mysite</title>";
            echo             "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
            echo             "</head>";
            echo             "<div class=\"head\">Welcome $lname!</div><br/>";
            $idn getuid_lick($uid);
            $sid safe(cleanInput(md5($did)));
            echo             "[<a href=\"index.php?do=main&amp;sid=$sid\">Enter Now</a>]<br/><br/>";
            $tmsg getpmcount(getuid_sid($sid));
            $umsg getunreadpm(getuid_sid($sid));
            $unreadinbox=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE unread='1' AND touid='".$myid."'"));
            $pmtotl=mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM jusaytb_private WHERE touid='".$myid."'"));
            $unrd="".$unreadinbox[0]."";
            if (            $unreadinbox[0]>0)
            {
            echo             "<a href=\"inbox.php?do=main\">$unrd New Message(s)</a><br/>";
            }else{
            echo             "You have 0 New Message<br/>";
            }
            echo             "<br/>Bookmark This Page!<br/>
            For Auto-Login References.<br/>"            ;
            include(            "ads.php");
            echo            "<hr color=\"blue\" width=\"50%\">";

            $xfile = @file("randomlogin.txt");

            $random_num rand (0,count($xfile)-1);

            $udata explode("::",$xfile[$random_num]);

            echo             "$udata[1]";



            }

            }



            $rndsid rand(111,999);
            $tm time();
            $xtm $tm + (getsxtm()*50);
            $did $tm.$rndsid;
            $res mysql_query("INSERT INTO jusaytb_ases SET id='".safe(cleanInput(md5($did)))."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");


            $sid safe(cleanInput(md5($did)));
            echo             "<br/><a href=\"index.php?do=sesreset&amp;sid=$sid\">";
            echo             "Reset My Session</a><br/>";


            echo             "<br/><div class=\"foot\">";
            echo             "$mysite";

            echo             "<br/>Page Took ";
            $load microtime();
            print (            number_format($load,2));
            echo             " Seconds </div>";

            echo             "</div>";
            echo             "</body>";
            exit();
            ?>
            </html>
            at the top of you home page

            u will need to add following
            PHP Code:
            session_name("PHPSESSID");
            session_start(); 
            and change
            PHP Code:
              $_SESSION['sid'] = md5($did); 
                         $uid getuid_sid($sid); 
            but just seeing your login page u may want to cover your

            PHP Code:
            $ubr $_SERVER['HTTP_USER_AGENT']; 
            with mysql escape string comand as your browser code will be vulnerable to injection

            to do that simply use
            PHP Code:
            $HTTP_USER_AGENT mysql_escape_string($HTTP_USER_AGENT);
            $HTTP_USER_AGENT getenv("HTTP_USER_AGENT");
            $brws $_SERVER['HTTP_USER_AGENT'];
            $ubr $brws
            Last edited by metulj; 28.07.12, 21:12.









            Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
            Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

            Comment

              #7
              when i click ENTER NOW my sessi0n is expired? I do that sir ozzie as u post

              Added after 12 minutes:

              i also have this in my index sir ozzie i have to change it?or it is ok?
              PHP Code:
              if(($do != "") && ($do!="terms") && ($action!="gonline") && ($action!="gviewuser"))
              {
                                $uid getuid_sid($sid);
                  if((              islogged($sid)==false)||($uid==0))
                  {
                    
                echo               "<head>";
                echo               "<title>$toptitle-Error!</title>";
                echo               "<link rel=\"stylesheet\" type=\"text/css\" href=\"$gsmstyle[0]\"/>";
                echo               "</head>";
                    echo               "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>You are not logged in<br/>";
                    echo               "Or Your session has been expired<br/>";
                    echo               "<a href=\"index.php\">Login</a> first to have access.<br/><br/>";
                  
               echo               "<br/><div class=\"foot\">$mysite";
                echo               "<br/>Page Took ";
              $load microtime();
              print (              number_format($load,2));
              echo               " Seconds</div>";

               echo               "</div>";
                    echo               "</body>";
                    echo               "</html>";
                    exit();
                  } 

              Last edited by metulj; 28.07.12, 21:13.

              Comment

                #8
                re

                ud need to make a home.php page like then edit the link in your login.php
                this is just a example page how yours should look
                PHP Code:
                <?php
                /*
                  your site script name
                */
                session_name("PHPSESSID");
                session_start();
                header("Content-type: text/html; charset=ISO-8859-1");
                echo                 "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>";
                echo                 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
                ?>
                <meta name="description" content="www.yoursite.com Social Community on Mobile" />
                <meta name="keywords" content="games, wallpapers, animations, android apps, iphone apps, wapsite hosting, chatsite hosting"/>
                <link rel="shortcut icon" href="images/favicon.ico" />
                <link rel="icon" href="images/favicon.gif" type="image/gif" />
                <?php
                include("config.php");
                include(                "core.php");

                $bcon connectdb();
                $uid getuid_sid($sid);

                if (!                $bcon)
                {

                  echo                 "<head>";
                  echo                 "<title>Data Base Error!</title>";
                  echo                 "</head>";
                  echo                 "<body>";

                    echo                 "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
                                echo                 "<b><strong>Error! Cannot Connect To Database...</strong></b><br/>";
                         echo                 "</div>";
                         echo                 "<center>This Usually Happens When Backing Up The Database Or The Site IS Going Thru Maitenece.</center>";

                    echo                 "</body>";
                    echo                 "</html>";
                      exit();
                }
                $sid $_SESSION['sid'];
                $page $_GET["page"];
                $ubr $_SERVER["HTTP_USER_AGENT"];
                $uip get_real_ip();
                $do $_GET["do"];
                echo                 gettheme($sid);
                $sitename mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
                $sitename $sitename[0];
                cleardata();


                if(                isipbanned($uip,$ubr))
                    {
                      if(!                isshield(getuid_sid($sid)))
                      {

                  echo                 "<head>";
                  echo                 "<title>Ip Block!</title>";
                  echo                 "</head>";
                  echo                 "<body>";

                  echo                 "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
                                echo                 "<b><strong>Error! Ip Is Blocked ...</strong></b><br/><br/>";
                         echo                 "</div>";

                  echo                 "<p align=\"center\">";

                                  $banto mysql_fetch_array(mysql_query("SELECT  timeto FROM ibwf_penalties WHERE  penalty='2' AND ipadd='".$uip."' AND browserm='".$ubr."' LIMIT 1 "));
                                  $remain =  $banto[0] - time();
                                  $rmsg gettimemsg($remain);
                  echo                 "<b>Time Left: </b>$rmsg<br/>";
                  echo                 "</p>";

                  echo                 "</body>";
                  echo                 "</html>";

                      exit();
                      }
                    }
                if((                $do!= "") && ($do!="terms"))
                {
                                    $uid getuid_sid($sid);
                    if((                islogged($sid)==false)||($uid==0))
                    {
                        echo                 "<head>";
                      echo                 "<title>Error!!!</title>";
                      echo                 "</head>";
                      echo                 "<body>";
                  echo                 "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
                                echo                 "<b><strong>You  Are Not Logged In</strong></b>";
                         echo                 "</div>";
                      echo                 "</body>";
                      echo                 "</html>";
                      exit();
                    }
                }

                if(                isbanned($uid))
                    {

                 echo                 "<head>";
                      echo                 "<title>Error!!!</title>";
                      echo                 "</head>";
                      echo                 "<body>";
                  echo                 "<div class=\"error\"><img src=\"images/no.jpg\" alt=\"-\"/>";
                                echo                 "<b><strong>You  Are Banned </strong></b>";
                         echo                 "</div>";
                                          $banto mysql_fetch_array(mysql_query("SELECT timeto, pnreas, exid FROM ibwf_penalties WHERE uid='".$uid."' AND penalty='1' OR uid='".$uid."' AND penalty='2'"));
                                    $banres mysql_fetch_array(mysql_query("SELECT lastpnreas FROM ibwf_users WHERE id='".$uid."'"));
                                      $remain $banto[0]- time();
                                      $rmsg gettimemsg($remain);
                      echo                 "<b>Time Left: </b>$rmsg<br/>";
                                      $nick getnick_uid($banto[2]);
                    echo                 "<b>By: </b>$nick<br/>";
                    echo                 "<b>Reason: </b>$banto[1]";
                         echo                 "<a href=\"index.php\">Home</a>";
                         echo                 "<br/>";

                      echo                 "</body>";
                      echo                 "</html>";
                      exit();
                    }
                $HTTP_USER_AGENT mysql_escape_string($HTTP_USER_AGENT);
                $agent ="$HTTP_USER_AGENT";

                $res mysql_query("UPDATE ibwf_users SET browserm='".mysql_real_escape_string($agent)."', ipadd='".mysql_real_escape_string($uip)."' WHERE id='".getuid_sid($sid)."'");

                //$lang = mysql_fetch_array(mysql_query("SELECT lang FROM ibwf_users WHERE id='".$uid."'"));
                //include("language.php");

                ////////////////////////////////////////MAIN PAGE
                                 if($do=="main")
                {
                     echo                 "<head>";
                  echo                 "<title>main</title>";
                  echo                 "</head>";
                  echo                 "<body>";


                         echo                 "<center>You Are On The Main Page</center>";
                            echo                 "< href=\"home.php?do=page2\">This Is A Link</a>";
                    echo                 "</body>";
                }
                else if(                $do=="page2")
                {
                      echo                 "<head>";
                  echo                 "<title>Page 2</title>";
                  echo                 "</head>";
                  echo                 "<body>";


                         echo                 "<center>You Are On Page 2</center>";
                         echo                 "< href=\"home.php?do=main\">This Is A Link</a>";

                    echo                 "</body>";
                }else
                  echo                 "<head>";
                  echo                 "<title>Error!</title>";
                  echo                 "</head>";
                  echo                 "<body>";


                         echo                 "<center>are you lost</center>";

                    echo                 "</body>";
                    echo                 "</html>";
                }
                ?>









                Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                Comment

                  #9
                  lmao at do=main .

                  i think he just wants the url not to have the session hash in it .

                  you need to take out all the $sid=sid from all the links .
                  as thats whats carrying the session id from page to page .

                  test this first before removing all lol .
                  Wapchat4u


                  Topsites4u

                  Comment

                    #10
                    re

                    Originally posted by nclemale36 View Post
                    lmao at do=main .

                    i think he just wants the url not to have the session hash in it .

                    you need to take out all the $sid=sid from all the links .
                    as thats whats carrying the session id from page to page .

                    test this first before removing all lol .
                    ive already showed him how he just needs to study his code more and break it down

                    ive removed sessions on the new script im working on atm









                    Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
                    Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

                    Comment

                      #11
                      i cant hide as of n0w...i nid m0re tym to study my lava script.

                      Comment

                      Previous template Next
                      Working...
                      X