Lavalair Mods...

subzero replied

22.08.10, 18:35
COUNT(*), id, name <-- Wrong!
COUNT('id','name') <-- Right
Leave a comment:
kafa replied

22.08.10, 18:12
Originally posted by something else View Post

Try This I havent Tested it:

PHP Code:

$notp = mysql_fetch_array(mysql_query("SELECT COUNT(*), id, name FROM ibwf_topics WHERE fid='".$forum[0]."'")); $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE tid='".$notp[1]."'"));

It does'nt work cus of this part: SELECT COUNT(*), id, name FROM ibwf_topics returns => mysql_fetch_array(): supplied argument is not a valid MySQL result resource
Leave a comment:
something else replied

22.08.10, 17:44
yes it means not equal

oh the original script explodes browser name try:

PHP Code:

$bro = mysql_fetch_array(mysql_query("SELECT browserm FROM ibwf_users WHERE id='".$uid."'")); $brws = $_SERVER['HTTP_USER_AGENT']; $brws = explode(" ", $brws); if($bro[0]!=$brws[0]){ echo "hei 420 site sid proteced lol"; exit; }

Added after 32 minutes:

Originally posted by kafa View Post

I need some advice or help:

how to speed up the function that displays number of topics, number of posts and the last post (nick and time) of the subforum on my web extension of lava (trying to make it phpBB like)?

Try This I havent Tested it:

PHP Code:

$forums = mysql_query("SELECT id, name FROM ibwf_forums WHERE cid='".$cid."' AND clubid='0' ORDER BY position, id, name"); while($forum = mysql_fetch_array($forums)) { if(canaccess(getuid_sid($sid), $forum[0])) { $notp = mysql_fetch_array(mysql_query("SELECT COUNT(*), id, name FROM ibwf_topics WHERE fid='".$forum[0]."'")); $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE tid='".$notp[1]."'")); if($nops[0]==0) { $pinfo = mysql_fetch_array(mysql_query("SELECT authorid FROM ibwf_topics WHERE id='".$notp[1]."'")); }else{ $pinfo = mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_posts WHERE tid='".$notp[1]."'")); } echo "<tr> <td valign=\"middle\" width=\"25\"> <img src=\"images/1.gif\" alt=\"*\"/></td> <td align=\"left\" width=\"200\" class=\"sjena\"> <a href=\"index.php?action=viewfrm&sid=$sid&fid=$forum[0]\">$forum[1]</a></td> <td width=\"50\" align=\"center\" class=\"sjena\">$notp[0]</td> <td width=\"60\" align=\"center\" class=\"sjena\">$nops[0]</td> <td align=\"right\" class=\"style12\"> <a href=\"index.php?action=viewtpc&sid=$sid&tid=$lpt[1]&go=last\">".htmlspecialchars($notp[2])."</a>  <br/> od: <a href=\"index.php?action=viewuser&sid=$sid&who=$pinfo[0]\">".getnick_uid($pinfo[0])."</a>  </td> </tr><tr><td colspan=\"5\"><hr></td></tr>"; } }

Last edited by something else; 22.08.10, 17:44.
Leave a comment:
shakil420 replied

22.08.10, 17:00
@ thank u for the post something else bro ///

PHP Code:

if($bro[0]!=$brws)

in the code (!= ) what it means?? not equal?? when i use the code it always show hei 420 site sid proteced lol though i use same browser.... reply soon thank u
Leave a comment:
kafa replied

22.08.10, 14:16
I need some advice or help:

how to speed up the function that displays number of topics, number of posts and the last post (nick and time) of the subforum on my web extension of lava (trying to make it phpBB like)?

I am using this code:

PHP Code:

$forums = mysql_query("SELECT id, name FROM ibwf_forums WHERE cid='".$cid."' AND clubid='0' ORDER BY position, id, name"); while($forum = mysql_fetch_array($forums)) { if(canaccess(getuid_sid($sid), $forum[0])) { $notp = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_topics WHERE fid='".$forum[0]."'")); $nops = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts a INNER JOIN ibwf_topics b ON a.tid = b.id WHERE b.fid='".$forum[0]."'")); $iml = "<img src=\"images/1.gif\" alt=\"*\"/> "; $lpt = mysql_fetch_array(mysql_query("SELECT id, name FROM ibwf_topics WHERE fid='".$forum[0]."' ORDER BY lastpost DESC LIMIT 0,1")); $nops0 = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_posts WHERE tid='".$lpt[0]."'")); if($nops0[0]==0) { $pinfo = mysql_fetch_array(mysql_query("SELECT authorid FROM ibwf_topics WHERE id='".$lpt[0]."' LIMIT 0,1")); } else { $pinfo = mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_posts WHERE tid='".$lpt[0]."' ORDER BY dtpost DESC LIMIT 0,1")); } $tlnm = htmlspecialchars($lpt[1]); $tlnick = getnick_uid($pinfo[0]); $tpclnk = "<a href=\"index.php?action=viewtpc&sid=$sid&tid=$lpt[0]&go=last\">$tlnm</a>"; $vulnk = "<a href=\"index.php?action=viewuser&sid=$sid&who=$pinfo[0]\">$tlnick</a>"; echo "<tr> <td valign=\"middle\" width=\"25\"> $iml</td> <td align=\"left\" width=\"200\" class=\"sjena\"> <a href=\"index.php?action=viewfrm&sid=$sid&fid=$forum[0]\">$forum[1]</a></td> <td width=\"50\" align=\"center\" class=\"sjena\">$notp[0]</td> <td width=\"60\" align=\"center\" class=\"sjena\">$nops[0]</td> <td align=\"right\" class=\"style12\">$tpclnk <br/>od: $vulnk </td> </tr><tr><td colspan=\"5\"><hr></td></tr>"; } }

and preview how slow it is can be seen here: MERAK.mobi
Leave a comment:
something else replied

21.08.10, 02:17
Originally posted by shakil420

yeah thanx bro....is it possible.....suppose if any user change his browser then his session automatically dropped??? like in opera ----> 420.com/index.php?action=main&sid=420420420420 then when he tried to paste the link with others opera/mozilla browsers like in mozilla -----> 420.com/index.php?action=main&sid=420420420420

then it shows "hei 420 site sid proteced lol"

if u know the code trhen post pls

PHP Code:

$bro = mysql_fetch_array(mysql_query("SELECT browserm FROM ibwf_users WHERE id='".$uid."'")); $brws = $_SERVER['HTTP_USER_AGENT']; if($bro[0]!=$brws){ echo "hei 420 site sid proteced lol"; exit; }
Leave a comment:
opticalpigion replied

06.08.10, 11:38
Sql/Xss injection protection + registration flood protection.

captcha.php

PHP Code:

<? session_start(); header('content-type: image/jpeg'); $text = rand(10000,99999); $_SESSION["vercode"] = $text; $height = 25; $width = 65; $image_p = imagecreate($width, $height); $black = imagecolorallocate($image_p, 0, 0, 0); $white = imagecolorallocate($image_p, 255, 255, 255); $font_size = 14; imagestring($image_p, $font_size, 5, 5, $text, $white); imagejpeg($image_p, null, 80); ?>

register-form.php

PHP Code:

<?php     session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Registration Form</title> <link href="style.css" rel="stylesheet" type="text/css" /> </head> <body> <?php     if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {         echo '<p align=\"center"\>';         echo '<ul class="err">';         foreach($_SESSION['ERRMSG_ARR'] as $msg) {             echo '<li>',$msg,'</li>';         }         echo '</ul>';         echo '</p>';         unset($_SESSION['ERRMSG_ARR']);     } ?> <form id="loginForm" name="loginForm" method="post" action="register-exec.php">   <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">     <tr>       <th>Email Address</th>       <td><input name="email" type="text" class="textfield" id="fname" /></td>     </tr>      <tr>       <th width="124">User ID</th>       <td width="168"><input name="login" type="text" class="textfield" id="login" /></td>     </tr>     <tr>       <th>Password</th>       <td><input name="password" type="password" class="textfield" id="password" /></td>     </tr>     <tr>       <th>Confirm Password </th>       <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>     </tr>     <tr>     <tr>       <th>Human Test</th>      <td><img src="captcha.php"><input type="text" name="vercode" /><br>   </td>  </tr>     <tr>       <td> </td>       <td><input type="submit" name="Submit" value="Register" /></td>     </tr>   </table> </form> </body> </html>

register-exec.php

PHP Code:

<?php     //Start session     session_start();     //Include database connection details     require_once('config.php');          //Array to store validation errors     $errmsg_arr = array();          //Validation error flag     $errflag = false;          //Connect to mysql server     $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);     if(!$link) {         die('Failed to connect to server: ' . mysql_error());     }          //Select database     $db = mysql_select_db(DB_DATABASE);     if(!$db) {         die("Unable to select database");     }          //Function to sanitize values received from the form. Prevents SQL/XSS injection function clean($str) {         $str = @trim($str);         if(get_magic_quotes_gpc()) {             $str=htmlspecialchars($str);                                    $str=stripslashes(trim($str));             $search=array("\\","\0","\n","\r","\x1a","'",'"');             $replace=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"');             $str = str_replace($search,$replace,$str);         }         return mysql_real_escape_string($str);     }          //Sanitize the POST values     $email = clean($_POST['email']);     $login = clean($_POST['login']);     $password = clean($_POST['password']);     $cpassword = clean($_POST['cpassword']);     //Input Validations     if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')  {      $errmsg_arr[] = 'Failed Human Test.';         $errflag = true; }     if($email == '') {         $errmsg_arr[] = 'Email Add is missing';         $errflag = true;     }          if($login == '') {         $errmsg_arr[] = 'Login ID missing';         $errflag = true;     }     if($password == '') {         $errmsg_arr[] = 'Password missing';         $errflag = true;     }     if($cpassword == '') {         $errmsg_arr[] = 'Confirm password missing';         $errflag = true;     }     if( strcmp($password, $cpassword) != 0 ) {         $errmsg_arr[] = 'Passwords do not match';         $errflag = true;     }          //Check for duplicate login ID     if($login != '') {         $qry = "SELECT * FROM ibwf_users WHERE name='$login'";         $result = mysql_query($qry);         if($result) {             if(mysql_num_rows($result) > 0) {                 $errmsg_arr[] = 'Login ID already in use';                 $errflag = true;             }             @mysql_free_result($result);         }         else {             die("Query failed");         }     }          //If there are input validations, redirect back to the registration form     if($errflag) {         $_SESSION['ERRMSG_ARR'] = $errmsg_arr;         session_write_close();         header("location: register-form.php");         exit();     }     //Create INSERT query     $qry = "INSERT INTO ibwf_users(email, validated, name, pass) VALUES('$email','1','$login','".md5($_POST['password'])."')";     $result = @mysql_query($qry);          //Check whether the query was successful or not     if($result) {         header("location: register-success.php");         exit();     }else {         die("Query failed");     } ?>

register-success.php

PHP Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Registration Successful</title> <link href="style.css" rel="stylesheet" type="text/css" /> </head> <body> <h1>Registration Successful</h1> <p><a href="index.php">Click here</a> to login to your account.</p> </body> </html>

to scan more input value u can use this function

PHP Code:

function clean($str) {         $str = @trim($str);         if(get_magic_quotes_gpc()) {             $str=htmlspecialchars($str);                                    $str=stripslashes(trim($str));             $search=array("\\","\0","\n","\r","\x1a","'",'"');             $replace=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"');             $str = str_replace($search,$replace,$str);         }         return mysql_real_escape_string($str);     }

use as

PHP Code:

$email = clean($_POST['email']);
Leave a comment:
subzero replied

06.08.10, 11:03
@nclemale36

Code:

@mysql_query("TRUNCATE TABLE `chat4u_UserPms`");

This will clean users inbox at one hit ....

Also note it will delete all and keeps the sql

But your way it only deletes some but not all best idea for busy site's over 1 MILL users will use this
Leave a comment:
pmbguy replied

06.08.10, 10:23
user avatar function... safe and easy...
////////////////////////////////////////////getavatar///////////////
function useravat($uid)
{
$avat = mysql_fetch_array(mysql_query("SELECT avatar FROM fun_users WHERE id='".$uid."'"));

$avatar = "<img src=\"phpThumb/phpThumb.php?iar=1&w=40&src=$avat[0]\">";
return $avatar;

}
/////////////////////////////////////////////////////////
to use:
echo useravat($who); or $uid or whatever...
Leave a comment:

nclemale36 replied

28.07.10, 18:11

Code:

///////////////////////////////del one persons messages
else if($action=="delonemsg")
{
  $who = $_GET["who"];
  $user = getnick_uid($who);
  echo "<head>";
  echo "<title>Owner Tools</title>";
  echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
  echo "</head>";
  echo "<body>";
  echo "<p align=\"center\">";
  $uid = getuid_sid($sid);
  $perm = mysql_fetch_array(mysql_query("SELECT perm FROM ibwf_users WHERE id='".$uid."'"));
  $trgtperm = mysql_fetch_array(mysql_query("SELECT perm FROM ibwf_users WHERE name='".$user."'"));

  if($trgtperm>$perm){ 
  echo "<b><img src=\"../images/notok.gif\" alt=\"x\"/><br/>Error!!!<br/>permission Denied...</b><br/>";
  echo "<br/>U Cannot Delete $user<br/>";
  echo "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
  echo "</p>";
  }else{

  echo "<br/>";
$res = mysql_query("DELETE FROM ibwf_private WHERE byuid='".$who."'");
  $res = mysql_query("DELETE FROM ibwf_popups WHERE byuid='".$who."'");

 if($res)
  {
  echo "<img src=\"../images/ok.gif\" alt=\"O\"/>Users messages deleted successfully";
mysql_query("INSERT INTO ibwf_mlog SET action='users pms ', details='<b>".getnick_uid(getuid_sid($sid))."</b> $user messages deleted', actdt='".time()."'");
  }else{
  echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Error deleting UGroup";
  }
 
  echo "<b>0 </b><a accesskey=\"0\" href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
  }
  echo "</p></body>";
}

usage

Code:

echo "<a href=\"yourtools.php?action=delonemsg&amp;sid=$sid&amp;who=$who\">Delete All Users Messages</a><br/>";

lets say someone spams your site and no one catches them doing it for ages. they will of spammed alot of users. this can delete just that users sent messages no one elses .the only other way of clesring one persons messages is to delete the user .

Last edited by nclemale36; 11.05.11, 11:21. Reason: seen subzeros subsequent post.

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: