Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Jun 2006
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help me secure some code

    Hey guys, if anyone is willing to help me out here, could someone check over my code and help me secure it.

    PHP Code:
    <?

    $show 
    $HTTP_GET_VARS['show'];
    $episode $HTTP_GET_VARS['ep'];

    if ( 
    $show == sga ) {
    $show atlantis;
    }

    if ( 
    $show == sg1 ) {
    $show stargate;
    }

    if ( 
    $show == bsg ) {
    $show battlestar;
    }

    function 
    get_show($show,$exact="",$episode) {

    if ( !
    $show ) { return false; }

    if ( 
    $fp fopen("http://www.tvrage.com/quickinfo.php?show=".urlencode($show)."&ep=".urlencode($episode)."&exact=".urlencode($exact),"r") )
      {
      while ( !
    feof($fp))
        {
        
    $line fgets($fp,1024);
        list (
    $sec,$val) = explode('@',$line,2);
        if (
    $sec == "Show Name" )
          {
          
    $ret[0] = $val;
          }
        elseif ( 
    $sec == "Show URL" )
          {
          
    $ret[1] = $val;
          }
        elseif ( 
    $sec == "Premiered" )
          {
          
    $ret[2] = $val;
          }
        elseif (
    $sec == "Country" )
          {
          
    $ret[7] = $val;
          }
        elseif ( 
    $sec == "Status" )
          {
          
    $ret[8] = $val;
          }
        elseif ( 
    $sec == "Classification" )
          {
          
    $ret[9] = $val;
          }

        elseif ( 
    $sec == "Latest Episode" )
          {
          list (
    $ep,$title,$airdate) = explode('^',$val);
          
    $ret[3] = $ep.", \"".$title."\" aired on ".$airdate;
          }
        elseif ( 
    $sec == "Next Episode" )
          {
          list (
    $ep,$title,$airdate) = explode('^',$val);
          
    $ret[4] = $ep.", \"".$title."\" airs on ".$airdate;
          }
        elseif ( 
    $sec == "Episode Info" )
          {
          list (
    $ep,$title,$airdate) = explode('^',$val);
          
    $ret[5] = $ep.", \"".$title."\" aired on ".$airdate;
          }
        elseif ( 
    $sec == "Episode URL" )
          {
          
    $ret[6] = $val;
          }
        }
      
    fclose($fp);
      if ( 
    $ret[0] )
        {
        return 
    $ret;
        }
      }
    else
      {
      return 
    FALSE;
      }
    }


    $show_info get_show($show,"0",$ep); /*moved here*/
    if ( $show_info[0] == '' ) {
    echo 
    "Show not found";
    }
    else {
    /* $show_info = get_show("$show","0","1x2"); < this was here before */


    echo "Show Name : $show_info[0]Episode Information : $show_info[5]Episode URL : $show_info[6]";

    if ( 
    $show == "stargate" ) {
    echo 
    "Use !summary for a summary of this episode";
    }
    elseif ( 
    $show == "atlantis" ) {
    echo 
    "Use !summary for a summary of this episode";
    }
    elseif ( 
    $show == "battlestar" ) {
    echo 
    "Use !summary for a summary of this episode";
    }
    elseif ( 
    $show == "scrubs" ) {
    echo 
    "Use !summary for a summary of this episode";
    }
    }
    ?>
    PHP Code:
    <?php
    $show 
    $HTTP_GET_VARS['show'];
    $ep $HTTP_GET_VARS['ep'];
    $doshow 0;


    if ( 
    $show == sga ) {
    $show atlantis;
    $dosum 1;
    }

    if ( 
    $show == sg1 ) {
    $show stargate;
    $dosum 1;
    }

    if ( 
    $show == bsg ) {
    $show battlestar;
    $dosum 1;
    }

    if ( 
    $show == 'stargate' || $show == 'atlantis'|| $show == 'battlestar' || $show == 'scrubs' || $show == 'lost') {
    $dosum 1;
    }

    function 
    get_show($show,$exact="",$episode) {

    if ( !
    $show ) { return false; }

    if ( 
    $fp fopen("http://www.tvrage.com/quickinfo.php?show=".urlencode($show)."&ep=".urlencode($episode)."&exact=".urlencode($exact),"r") )
      {
      while ( !
    feof($fp))
        {
        
    $line fgets($fp,1024);
        list (
    $sec,$val) = explode('@',$line,2);
        if (
    $sec == "Show Name" )
          {
          
    $ret[0] = $val;
          }
        elseif ( 
    $sec == "Show URL" )
          {
          
    $ret[1] = $val;
          }
        elseif ( 
    $sec == "Premiered" )
          {
          
    $ret[2] = $val;
          }
        elseif (
    $sec == "Country" )
          {
          
    $ret[7] = $val;
          }
        elseif ( 
    $sec == "Status" )
          {
          
    $ret[8] = $val;
          }
        elseif ( 
    $sec == "Classification" )
          {
          
    $ret[9] = $val;
          }

        elseif ( 
    $sec == "Latest Episode" )
          {
          list (
    $ep,$title,$airdate) = explode('^',$val);
          
    $ret[3] = $ep.", \"".$title."\" aired on ".$airdate;
          }
        elseif ( 
    $sec == "Next Episode" )
          {
          list (
    $ep,$title,$airdate) = explode('^',$val);
          
    $ret[4] = $ep.", \"".$title."\" airs on ".$airdate;
          }
        elseif ( 
    $sec == "Episode Info" )
          {
          list (
    $ep,$title,$airdate) = explode('^',$val);
          
    $ret[5] = $ep.", \"".$title."\" aired on ".$airdate;
          }
        elseif ( 
    $sec == "Episode URL" )
          {
          
    $ret[6] = $val;
          }
        }
      
    fclose($fp);
      if ( 
    $ret[0] )
        {
        return 
    $ret;
        }
      }
    else
      {
      return 
    FALSE;
      }
    }


    $show_info get_show($show,"0",$ep);
    if ( 
    $show_info[0] == '' ) {
    echo 
    "Show not found";
    }
    else {
    if ( 
    $show_info[5] == '' ) {
    echo 
    "Episode information not found, did you type in the correct line, try !summary help";
    }
    else {

    /* $show_info = get_show("$show","0","1x2"); < this was here before */

    echo "Show Name : $show_info[0]Episode Information : $show_info[5]Episode URL : $show_info[6]";

    echo 
    "Summary for $show $ep : ";

    if ( 
    $dosum == ) {

    $db mysql_connect("localhost""semaja2_show"showpass);

    mysql_select_db(semaja2_show,$db);


    $sql "SELECT * FROM $show WHERE ep='$ep'";

    $result mysql_query($sql);

    $row mysql_fetch_array($result) ;



        echo 
    $row['summary'];

    }

    else {
    echo 
    "Full Summary not avalable";
    }

    print 
    "\nuse !show $show to find more information about this show";
    }
    }
    ?>

  • #2
    Regular Coder
    Join Date
    Sep 2005
    Posts
    394
    Thanks
    1
    Thanked 0 Times in 0 Posts
    "Secure it"? Against what? Wild animals?

  • #3
    New to the CF scene
    Join Date
    Jun 2006
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well are there any bugs or loop holes that could allow a attacker to damage the mysql database or bring down the server, simply things like that

    PS. yes and wild animals....damn racoons


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •