Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2

Thread: Help Please

  1. #1
    New to the CF scene
    Join Date
    Nov 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help Please

    <?php
    session_start();
    include_once("includes/db_connect.php");
    if (strip_tags($_GET['logout']) == "yes"){
    session_destroy();
    }elseif (isset($_SESSION['real_name'])){
    header("Location: Updates.php");
    exit();
    }


    if ($_POST['Submit'] && strip_tags($_POST['username']) && strip_tags($_POST['password'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    $username = strip_tags($username);
    $password = strip_tags($password);
    $ip = $REMOTE_ADDR;


    $date = gmdate('Y-m-d h:i:s');


    ///check INFO
    $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
    $login_check = mysql_num_rows($sql);
    $inf = mysql_fetch_object($sql);

    if ($login_check > "0"){
    if ($inf->status == "Dead"){
    include_once"dead.php";
    exit();

    $timenow=time();
    $online = time() - 300; //the current time minus 300 seconds
    $select = mysql_query("SELECT * FROM users WHERE onlinetime2 >='$online' AND online='Online' ORDER by id ASC");
    $num = mysql_num_rows($select);
    $numfor=number_format($num);

    }
    session_register('username');
    $_SESSION['real_name'] = $inf->username;
    $_SESSION["userlevel"] = $inf->userlevel;
    $_SESSION["crewlevel"] = $inf->crewlevel;


    $realip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
    $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

    $time2 = time();

    $timestamp = time()+60;

    mysql_query("UPDATE users SET online='Online', onlinetime2='$time2' WHERE username='$username'");

    mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` , `ip` ) VALUES ('', '$username', 'Logged In!', '$date', '$realip')");

    header("Location: News.php");

    } else {
    $message= "You could not be logged in.<br />";

    }}
    ?>

    <html>
    <head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
    <link REL="SHORTCUT ICON" type="image/ico" HREF="icon here">
    <meta name="author" content="Bigharry">
    <title>Mafia-Assassins</title>
    <link href="site_css.css" rel="stylesheet" type="text/css">
    <script src="clienthint.js"></script>
    </head>

    <body bgcolor="black" OnLoad="document.login.mail.focus();">
    <div align="center">

    <strong><font color='red' face='verdana' size='1'> <br>
    <br>
    </font></strong>
    <table width="965" border="0" cellspacing="0" cellpadding="0">
    <tr>
    <td valign="bottom">
    <table width="965" border="0" cellspacing="0" cellpadding="0">
    <tr>

    <td width="349" valign="bottom">
    <table width="349" border="0" cellspacing="0" cellpadding="0">
    <tr>
    <td width="23"><div align="center"></div></td>

    </tr>
    </table>
    </td>


    </tr>
    </table></td>
    </tr>

    <tr>
    <td>
    <table width="965" border="0" cellspacing="0" cellpadding="0">
    <tr>
    <td width="200" valign="top" class="home-side">
    <br>
    <br>
    <div class="brown"><center>Major Updates</center></div>
    <div align="left" class="mafia-game">
    <li>Refferal System has been fixed and updated.<br><br>

    <li>The game layout has been slightly updated.<br><br>
    <li>A blackjack casino is being made.<br><br>
    </div>




    <div align="left" class="mafia-game">
    </div></td>
    <td valign="top">
    <table border="0" cellspacing="0" cellpadding="0" width="565" height="302" class="home-pic1">
    <tr>

    <td height="270" valign="top">
    <table width="100%" border="0" cellpadding="0" cellspacing="0">
    <tr>
    <td height="168" valign="top"> <br>
    <p class="home-text"><br>
    <br>
    <a href="Register2.php"><strong></strong></a>
    <font size="-2"></font></p>
    <strong><font color='red' face='verdana' size='1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font></strong></td>

    </tr>
    <tr>
    <td valign="bottom">

    <table width="100%" border="0" cellspacing="0" cellpadding="0">
    <tr>
    <td>

    <form id="form1" name="form1" method="post" action="index.php">



    <div style="padding: 10px 0 0 400px;">

    <input name="username" type="text" class="input-home" id="username" size="15" maxlength="35">

    <br>
    <br>
    <input name="password" type="password" id="password2" class="input-home" size="15" maxlength="35">
    <br>
    <input type="submit" name="Submit" value="Login">
    </div>

    </form> </td>

    </tr>
    </table></td>
    </tr>

    </table>
    <br>
    <br>
    <br>
    <br>
    <br>
    <center>
    <body style="margin: 0px" bgcolor="black" vlink="black" alink="black">

    </body></center>
    </td></tr></table>


    <td width="200" valign="top" class="home-side">


    <div class="mafia-game">
    <br>

    <div class="brown">Need help playing?</div><br>
    We have added a guide to help new users to the game or users that are new to the mafia life.<br>

    <strong><br>
    </strong><br>
    </div></td>
    </tr><div align="center" class="style"><a href="lost_pass.php">Lost Password </a><label> :: </label><a href="Register2.php"> Register </a><label> :: </label><a href="tos.php"> Terms of Service </a>

    <br>
    <br>
    <br>
    <font color="lime"><b>Mafia-Assassins is Open.</b></font></div></center>
    </table>







    </td>
    </tr>
    <tr>
    <td>


    </script></body>
    </html>

    I have this script how can i make this more secure from mysql injections


    These are disabled fuctions i cant use
    Disabled Functions:
    apache_note
    apache_setenv
    closelog
    define_syslog_variables
    dl
    escapeshellarg
    escapeshellcmd
    exec
    fsockopen
    leak
    link
    openlog
    passthru
    pcntl_exec
    pfsockopen
    popen
    proc_close
    proc_get_status
    proc_nice
    proc_open
    proc_terminate
    register_shutdown_function
    register_tick_function
    shell_exec
    socket_accept
    socket_bind
    socket_connect
    socket_create
    socket_create_listen
    socket_listen
    socket_read
    socket_send
    socket_write
    stream_socket_client
    stream_socket_recvfrom
    stream_socket_server
    symlink
    syslog
    system

    Please help
    Last edited by mech123; 11-28-2009 at 12:15 PM.

  • #2
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    OK, I'll help. For starters, try this:

    1: Edit your post to wrap your code in either [CODE][/CODE] or [PHP][/PHP] tags to make reading it in the forum easier for everyone else.
    2: Contact a moderator and ask them to move your thread into the PHP forum since this is not a question related to HTML/CSS at all.
    3: Read the posting guidelines and make sure you understand them fully.
    4: Edit your post to comply with the posting guidelines. In particular, you have violated item 2 from the list...
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. –G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •