...

View Full Version : Help Please



mech123
11-28-2009, 11:06 AM
<?php
session_start();
include_once("includes/db_connect.php");
if (strip_tags($_GET['logout']) == "yes"){
session_destroy();
}elseif (isset($_SESSION['real_name'])){
header("Location: Updates.php");
exit();
}


if ($_POST['Submit'] && strip_tags($_POST['username']) && strip_tags($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = strip_tags($username);
$password = strip_tags($password);
$ip = $REMOTE_ADDR;


$date = gmdate('Y-m-d h:i:s');


///check INFO
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
$login_check = mysql_num_rows($sql);
$inf = mysql_fetch_object($sql);

if ($login_check > "0"){
if ($inf->status == "Dead"){
include_once"dead.php";
exit();

$timenow=time();
$online = time() - 300; //the current time minus 300 seconds
$select = mysql_query("SELECT * FROM users WHERE onlinetime2 >='$online' AND online='Online' ORDER by id ASC");
$num = mysql_num_rows($select);
$numfor=number_format($num);

}
session_register('username');
$_SESSION['real_name'] = $inf->username;
$_SESSION["userlevel"] = $inf->userlevel;
$_SESSION["crewlevel"] = $inf->crewlevel;


$realip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

$time2 = time();

$timestamp = time()+60;

mysql_query("UPDATE users SET online='Online', onlinetime2='$time2' WHERE username='$username'");

mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` , `ip` ) VALUES ('', '$username', 'Logged In!', '$date', '$realip')");

header("Location: News.php");

} else {
$message= "You could not be logged in.<br />";

}}
?>

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<link REL="SHORTCUT ICON" type="image/ico" HREF="icon here">
<meta name="author" content="Bigharry">
<title>Mafia-Assassins</title>
<link href="site_css.css" rel="stylesheet" type="text/css">
<script src="clienthint.js"></script>
</head>

<body bgcolor="black" OnLoad="document.login.mail.focus();">
<div align="center">

<strong><font color='red' face='verdana' size='1'> <br>
<br>
</font></strong>
<table width="965" border="0" cellspacing="0" cellpadding="0">
<tr>
<td valign="bottom">
<table width="965" border="0" cellspacing="0" cellpadding="0">
<tr>

<td width="349" valign="bottom">
<table width="349" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="23"><div align="center"></div></td>

</tr>
</table>
</td>


</tr>
</table></td>
</tr>

<tr>
<td>
<table width="965" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="200" valign="top" class="home-side">
<br>
<br>
<div class="brown"><center>Major Updates</center></div>
<div align="left" class="mafia-game">
<li>Refferal System has been fixed and updated.<br><br>

<li>The game layout has been slightly updated.<br><br>
<li>A blackjack casino is being made.<br><br>
</div>




<div align="left" class="mafia-game">
</div></td>
<td valign="top">
<table border="0" cellspacing="0" cellpadding="0" width="565" height="302" class="home-pic1">
<tr>

<td height="270" valign="top">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="168" valign="top"> <br>
<p class="home-text"><br>
<br>
<a href="Register2.php"><strong></strong></a>
<font size="-2"></font></p>
<strong><font color='red' face='verdana' size='1'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font></strong></td>

</tr>
<tr>
<td valign="bottom">

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>

<form id="form1" name="form1" method="post" action="index.php">



<div style="padding: 10px 0 0 400px;">

<input name="username" type="text" class="input-home" id="username" size="15" maxlength="35">

<br>
<br>
<input name="password" type="password" id="password2" class="input-home" size="15" maxlength="35">
<br>
<input type="submit" name="Submit" value="Login">
</div>

</form> </td>

</tr>
</table></td>
</tr>

</table>
<br>
<br>
<br>
<br>
<br>
<center>
<body style="margin: 0px" bgcolor="black" vlink="black" alink="black">

</body></center>
</td></tr></table>


<td width="200" valign="top" class="home-side">


<div class="mafia-game">
<br>

<div class="brown">Need help playing?</div><br>
We have added a guide to help new users to the game or users that are new to the mafia life.<br>

<strong><br>
</strong><br>
</div></td>
</tr><div align="center" class="style"><a href="lost_pass.php">Lost Password </a><label> :: </label><a href="Register2.php"> Register </a><label> :: </label><a href="tos.php"> Terms of Service </a>

<br>
<br>
<br>
<font color="lime"><b>Mafia-Assassins is Open.</b></font></div></center>
</table>







</td>
</tr>
<tr>
<td>


</script></body>
</html>

I have this script how can i make this more secure from mysql injections ;)


These are disabled fuctions i cant use
Disabled Functions:
apache_note
apache_setenv
closelog
define_syslog_variables
dl
escapeshellarg
escapeshellcmd
exec
fsockopen
leak
link
openlog
passthru
pcntl_exec
pfsockopen
popen
proc_close
proc_get_status
proc_nice
proc_open
proc_terminate
register_shutdown_function
register_tick_function
shell_exec
socket_accept
socket_bind
socket_connect
socket_create
socket_create_listen
socket_listen
socket_read
socket_send
socket_write
stream_socket_client
stream_socket_recvfrom
stream_socket_server
symlink
syslog
system

Please help

Rowsdower!
11-28-2009, 10:20 PM
OK, I'll help. For starters, try this:

1: Edit your post to wrap your code in either
or
tags to make reading it in the forum easier for everyone else.
2: Contact a moderator and ask them to move your thread into the PHP forum since this is not a question related to HTML/CSS at all.
3: Read the posting guidelines (http://www.codingforums.com/postguide.htm) and make sure you understand them fully.
4: Edit your post to comply with the posting guidelines. In particular, you have violated item 2 from the list...



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum