Большой Воронежский Форум
Главная Регистрация Сообщения за день
» Веб-дизайн>script...
FeaR 21:29 19.08.2006
кому не трудно помогите пожалуйста отредактить скрипты..
я толком не разбирался в php програмировании , но если никто не поможет предеться разобраться и прочитать куеву тучу книжек.
вообщем вот:

Сообщение от :
<?php
require 'config.php';

// I use above file for security to provide below
//----------------------------------------------
$c onn=mssql_connect($dbhost,$dbuser,$dbpasswd);
$selected=mssql_select_db('MuOnline', $conn);

$query = 'SELECT TOP 100'
Name,
Class,
cLevel,
Reset,
Money,
Life,
Strength,
Dexterity,
Energy,
V itality
from Character WHERE CtlCode=0 order by cLevel desc';
$result = mssql_query( $query );

// This is pretty much your layout
echo '<html>';
echo "<head>\n";
echo "<LINK REL='StyleSheet' HREF='style1.css' TYPE='text/css'>\n";

echo '<body>';
echo '<font face=Arial>';
echo '<center><table border=0 cellSpacing=2 width=470 align=center>';
echo '
<tr>
<td bgcolor=#ffffff><center><font face=Arial size=2><b>Rank</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Ник</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Класс</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Уровень</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Ресет</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Деньги</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Жизнь</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Cила</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Ловкость</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Енергия</td>
<td bgcolor=#ffffff><font face=Arial size=2><b>Живучесть</td>';

// For Top 100 or whatever you wish just change below
//$i<mssql_num_rows($result) to $i < 100
for($i=0;$i<mssql_num_rows($result);++$i)
{
$row = mssql_fetch_row($result);
echo '<tr><td bgcolor=#f0f5fa width=40><center><font face=Arial size=2>';
echo $i + 1;
echo '.</font></td><td bgcolor=#ffffff width=110><FONT SIZE=2 face=Arial font color=blue><b><table style="filter:glow(color=yellow,strength=2)">';
echo $row[0];
echo '</B></font></table></td><td bgcolor=#ffffff width=105><font face=Arial size=2 font color=black>';
if($row[1] == 0){
echo '<font face=Arial size=2 font color=black>Dark Wizard</font>';
}
if($row[1] == 1){
echo 'Soul Master';
}
//else{
if($row[1] == 16){
echo 'Dark Knight';
}
if($row[1] == 17){
echo 'Blade Knight';
}
if($row[1] == 32){
echo 'Elf';
}
if($row[1] == 33){
echo 'Muse Elf';
}
if($row[1] == 48){
echo 'Mage Gladiator';
}
if($row[1] == 64){
echo 'Dark Lord';
}
echo '</b></font></td><td bgcolor=#ffffff width=60><b><font face=Arial size=2>';
echo $row[2];
echo '</b></font></td><td bgcolor=#ffffff width=80><font face=Arial size=2>';
echo $row[3];
echo '</font></td><td bgcolor=#ffffff width=80><b><font face=Arial size=2 font color=blue>';
//echo '</font></td><td bgcolor=#ffffff width=60><b><font face=Arial size=2 font color=gray>';
echo $row[4];
echo '</b></font></td><td bgcolor=#ffffff width=50><font face=Arial size=2 font color=gray>';
echo $row[5];
echo '</b></font></td><td bgcolor=#ffffff width=50><font face=Arial size=2 font color=gray>';
echo $row[6];
echo '</b></font></td><td bgcolor=#ffffff width=50><font face=Arial size=2 font color=gray>';
echo $row[7];
echo '</b></font></td><td bgcolor=#ffffff width=50><font face=Arial size=2 font color=gray>';
echo $row[8];
echo '</b></font></td><td bgcolor=#ffffff width=50><font face=Arial size=2 font color=gray>';
echo $row[9];
echo'</td></tr>';
echo '<tr><td bgcolor=#ffffff height=1></td><td bgcolor=#ffffff></td><td bgcolor=#ffffff></td><td bgcolor=#ffffff></td><td bgcolor=#ffffff><td bgcolor=#ffffff><td bgcolor=#ffffff><td bgcolor=#ffffff><td bgcolor=#ffffff><td bgcolor=#ffffff><td bgcolor=#ffffff><td bgcolor=#ffffff><td bgcolor=#ffffff></td><td bgcolor=#ffffff></td>';
}
echo '<tr><td bgcolor=#f0f5fa height=10></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td><td bgcolor=#f0f5fa></td>';
echo '</table>';
echo '</body>';
echo '</html>';

echo '<br><br>';
echo '<center><font face=Arial size=2>SicretsMUcontinent© 2005-2006, MUonline</font></center>';
echo '<br>';

$conn=mssql_close();
?>

чтот не пашет я не понимаю где ошибка.

Сообщение от :
<?php
require 'config.php';
// I use above file for security to provide below
//----------------------------------------------
$conn=mssql_connect($dbhost,$dbuser,$dbpasswd);
$selected=mssql_select_db('MuOnline', $conn);

$query = 'select G_Name,G_Master,G_Score,G_Notice,Number from Guild order by G_Score desc';

$result = mssql_query( $query );

// This is pretty much your layout
echo '<html>';
echo "<head>\n";

echo '<body>';
echo '<font face=Arial>';
echo '<center><table border=1 cellSpacing=2 width=100% align=center>';
echo '<tr><td bgcolor=#ffffff><center><font face=Arial size=2><b>Rank</td><td bgcolor=#ffffff><font face=Arial

size=2><b>Guild Name</td><td bgcolor=#ffffff><font face=Arial size=2><b>Guild Master</td><td bgcolor=#ffffff><font face=Arial

size=2><b>Guild Score</td><td bgcolor=#ffffff><font face=Arial size=2><b>Guild Notice</td><td bgcolor=#ffffff><font

face=Arial size=2><b>Number</td>';

// For Top 100 or whatever you wish just change below
//$i<mssql_num_rows($result) to $i < 100

for($i=0;$i<mssql_num_rows($result);++$i)
{
$row = mssql_fetch_row($result);

echo '<tr><td width=8%><center><font face=Arial size=2>';
echo $i + 1;
echo '.</font></td><td width=8%><FONT SIZE=2 face=Arial><table>';
echo $row[0];
echo '</font></table></td><td width=8%><font face=Arial size=2 >';
echo $row[1];
echo '</font></td><td width=8%><font face=Arial size=2 font>';
echo $row[2];
echo '</font></td><td width=8%><font face=Arial size=2 font>';
echo $row[3];
echo '</font></td><td width=8%><font face=Arial size=2 font>';
echo $row[4];
}
echo '</table>';
echo '</body>';
echo '</html>';
$conn=mssql_close();
?>

///

Сообщение от :
<?php
require_once "sql_inject.php";
$bDestroy_session = TRUE;
$url_redirect = 'index.php';
$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect) ;

require 'config.php';
$msconnect=mssql_connect("$dbhost","$dbuser","$dbp asswd");
$msdb=mssql_select_db("MuOnline",$msconnect);

$name = stripslashes($_POST['name']);
$login = stripslashes($_POST['login']);
$oldpwd = stripslashes($_POST['oldpwd']);
$vitality = stripslashes($_POST['vitality']);
$strength = stripslashes($_POST['strength']);
$energy = stripslashes($_POST['energy']);
$dexterity = stripslashes($_POST['dexterity']);

$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);

$sql_pw_check = mssql_query("SELECT memb__pwd FROM MEMB_INFO WHERE memb__pwd='$oldpwd' and memb___id='$login'");
$pw_check = mssql_num_rows($sql_pw_check);

$query = "select Vitality,Strength,Energy,Dexterity,LevelUpPoint from Character WHERE Name='$name'";
$result = mssql_query( $query );
$row = mssql_fetch_row($result);

$new_vit = $row[0] + $vitality;
$new_str = $row[1] + $strength;
$new_eng = $row[2] + $energy;
$new_agi = $row[3] + $dexterity;
$row[4] = $row[4] - $vitality - $strength - $energy - $dexterity;

if (empty($login) || empty($oldpwd) || empty($name)) {
echo "Error: je hebt niet alles ingevuld. Ga terug en probeer opnieuw.<br>";
}

elseif ($username_check <= 0){
echo "Error: username niet gevonden, Ga terug en controleer username.<br>"; }

elseif ($vitality<0 OR $strength<0 OR $energy<0 OR $dexterity<0){
echo "Error: je bent een vieze kuthomo met je zielige statshack! (NOFI tegen homo's..)"; }

elseif ($row[4] < 0){
echo "Error: je hebt niet genoeg punten: ($row[4])!<br>"; }

elseif ($pw_check <= 0){
echo "Error: het ingevoerde wachtwoord is onjuist! <br>"; }

else { $msconnect=mssql_connect("$dbhost","$dbuser","$dbp asswd");
$msdb=mssql_select_db("MuOnline",$msconnect);
$msquery = "
UPDATE dbo.Character SET Vitality = '$new_vit'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET Strength = '$new_str'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET Energy = '$new_eng'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET Dexterity = '$new_agi'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET LevelUpPoint = '$row[4]'
WHERE Name = '$name'
AND AccountID = '$login'";

$sqlinject->test($msquery);
$msresults= mssql_query($msquery);
echo "<font size='1' face='verdana'> $name's stats are now:<br>
<b>Vitality</b> = $new_vit<br>
<b>Strength</b> = $new_str<br>
<b>Energy</b> = $new_eng<br>
<b>Agility</b> = $new_agi<p>
You now have $row[4] points left.<br></font>";
}
?>

заранее благодарен
alemiks 22:39 19.08.2006
не прочитав ни одной книжки хочешь написать скрипт для работы с базой данных MSSQL ?????? оригинально

а чтобы кто-то помог нужно:
1) задание
2) дамп базы данных mssql
3) файлы config.php и sql_inject.php
FeaR 23:43 19.08.2006
кусок базы http://rapidshare.de/files/30023890/bazanasha.html
файл Config :

Сообщение от :
<?php

//Admin Login

$alogin = 'sa';

//Admin Password

$apass = 'tyt pass';

//Database Name

$db = 'MuOnline';

//Variables

$ip = "127.0.0.1";

//Host. IP If working remotely

$host = '127.0.0.1';

//Title that will appear on all pages.

$title = 'Registration';

//Server Name

$srvname = 'Registration';

//Credits

$credits = 'Sicretsmucontinent.sytes.net';

//Database Connection

$msconnect=mssql_connect("$host","$alogin","$apass ");
$msdb=mssql_select_db("$db",$msconnect);

?>

файл sql_inject

Сообщение от :
<?PHP
$xa = getenv('REMOTE_ADDR');
$badwords = array(";","'","\"","*","union","del","DEL","insert ","update","drop","sele","memb","set","$","res3t", "wareh","%");

foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die("Security Warning!<br />Forbidden simbols are included, please remove them and try again -> $xa ");

class sql_inject
{
/**
* @shortdesc url to redirect if an sql inject attempt is detect. if unset, value is FALSE
* @private
* @type mixed
*/
var $urlRedirect;
/**
* @shortdesc does the session must be destroy if an attempt is detect
* @private
* @type bool
*/
var $bdestroy_session;
/**
* @shortdesc the SQL data currently test
* @private
* @type string
*/
var $rq;
/**
* @shortdesc if not FALSE, the url to the log file
* @private
* @type mixed
*/
var $bLog;

/**
* Builder
*
* @param bool bdestroy_session optional. does the session must be destroy if an attempt is detect?
* @param string urlRedirect optional. url to redirect if an sql inject attempt is detect
* @public
* @type void
*/
function sql_inject($mLog=FALSE,$bdestroy_session=FALSE,$ur lRedirect=FALSE)
{
$this->bLog = (($mLog!=FALSE)?$mLog:'');
$this->urlRedirect = (((trim($urlRedirect)!='') && file_exists($urlRedirect))?$urlRedirect:'');
$this->bdestroy_session = $bdestroy_session;
$this->rq = '';
}

/**
* @shortdesc test if there is a sql inject attempt detect
* test if there is a sql inject attempt detect
*
* @param string sRQ required. SQL Data to test
* @public
* @type bool
*/
function test($sRQ)
{
$sRQ = strtolower($sRQ);
$this->rq = $sRQ;
$aValues = array();
$aTemp = array(); // temp array
$aWords = array(); //
$aSep = array(' and ',' or '); // separators for detect the
$sConditions = '(';
$matches = array();
$sSep = '';
// is there an attempt to unused part of the rq?
if (is_int((strpos($sRQ,"#")))&&$this->_in_post('#')) return $this->detect();

// is there a attempt to do a 2nd SQL requete ?
if (is_int(strpos($sRQ,';'))){
$aTemp = explode(';',$sRQ);
if ($this->_in_post($aTemp[1])) return $this->detect();
}

$aTemp = explode(" where ",$sRQ);
if (count($aTemp)==1) return FALSE;
$sConditions = $aTemp[1];
$aWords = explode(" ",$sConditions);
if(strcasecmp($aWords[0],'select')!=0) $aSep[] = ',';
$sSep = '('.implode('|',$aSep).')';
$aValues = preg_split($sSep,$sConditions,-1, PREG_SPLIT_NO_EMPTY);

// test the always true expressions
foreach($aValues as $i => $v)
{
// SQL injection like 1=1 or a=a or 'za'='za'
if (is_int(strpos($v,'=')))
{
$aTemp = explode('=',$v);
if (trim($aTemp[0])==trim($aTemp[1])) return $this->detect();
}

//SQL injection like 1<>2
if (is_int(strpos($v,'<>')))
{
$aTemp = explode('<>',$v);
if ((trim($aTemp[0])!=trim($aTemp[1]))&& ($this->_in_post('<>'))) return $this->detect();
}
}

if (strpos($sConditions,' null'))
{
if (preg_match("/null +is +null/",$sConditions)) return $this->detect();
if (preg_match("/is +not +null/",$sConditions,$matches))
{
foreach($matches as $i => $v)
{
if ($this->_in_post($v))return $this->detect();
}
}
}

if (preg_match("/[a-z0-9]+ +between +[a-z0-9]+ +and +[a-z0-9]+/",$sConditions,$matches))
{
$Temp = explode(' between ',$matches[0]);
$Evaluate = $Temp[0];
$Temp = explode(' and ',$Temp[1]);
if ((strcasecmp($Evaluate,$Temp[0])>0) && (strcasecmp($Evaluate,$Temp[1])<0) && $this->_in_post($matches[0])) return $this->detect();
}
return FALSE;
}

function _in_post($value)
{
foreach($_POST as $i => $v)
{
if (is_int(strpos(strtolower($v),$value))) return TRUE;
}
return FALSE;
}

function detect()
{
// log the attempt to sql inject?
if ($this->bLog)
{
$fp = @fopen($this->bLog,'a+');
if ($fp)
{
fputs($fp,"\r\n".date("d-m-Y H:i:s").' ['.$this->rq.'] from '.$this->sIp = getenv("REMOTE_ADDR"));
fclose($fp);
}
}
// destroy session?
if ($this->bdestroy_session) session_destroy();
// redirect?
if ($this->urlRedirect!=''){
if (!headers_sent()) header("location: $this->urlRedirect");
}
return TRUE;
}


function protect1($protected) { // This Will be the fuction we call to protect the variables.
$banlist = array ("'", "\"", "<", "\\", "|", "/", "=", "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "procedure", "limit", "order by", "group by", "asc", "desc");
//$banlist is the list of words you dont want to allow.
if ( eregi ( "[a-zA-Z0-9@]+", $protected ) ) { // Makes sure only legitimate Characters are used.
$protected = trim(str_replace($banlist, '', $protected)); // Takes out whitespace, and removes any banned words.
return $protected;
//echo "+";
} else {
//echo "-";
echo $protected;
die ( ' Is invalid for that spot, please try a different entry.' ); // Message if thier is any characters not in [a-zA-Z0-9].
} // ends the if ( eregi ( "[a-zA-Z0-9]+", $this->protected ) ) {
} // ends the function Protect() {

function protect2($protected) { // This Will be the fuction we call to protect the variables.
$banlist = array ("'", "\"", "<", "\\", "|", "/", "=", "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "procedure", "limit", "order by", "group by", "asc", "desc");
//$banlist is the list of words you dont want to allow.
if ( eregi ( "[0-9]+", $protected ) ) { // Makes sure only legitimate Characters are used.
$protected = trim(str_replace($banlist, '', $protected)); // Takes out whitespace, and removes any banned words.
return $protected;
//echo "+";
} else {
//echo "-";
echo $protected;
die ( ' Is invalid for that spot, please try a different entry.' ); // Message if thier is any characters not in [a-zA-Z0-9].
} // ends the if ( eregi ( "[a-zA-Z0-9]+", $this->protected ) ) {
} // ends the function Protect() {


}
?>

задание : попробывать сделать так чтоб эти чудо скрипты заработали.
VaUlt 11:17 21.08.2006
Vasia, Совет: не хотите разбираться - заплатите или поставте магарыч программеру.
FeaR 21:37 21.08.2006
гдеб его еще найти
FeaR 21:37 21.08.2006
я и сам программер линивый токо
maximn 21:38 21.08.2006
Vasia, я тут. $20
FeaR 21:45 21.08.2006
так всем спасибо .. нафик, за 20баков я и сам напишу.
Вверх

Версия для ПК
(c) Большой Воронежский Форум