código porco detected! rs
bom.. o primeiro erro é fácil: o arquivo config.php tá com o acesso errado ao mysql
as variáveis $host, $user, $pass, $db estão com problema
Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'SEPULTURA@192.168.5.150' (Using password: NO) in C:\AppServ\www\statupgradedone.php on line 59
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in C:\AppServ\www\statupgradedone.php on line 70
Error: you don't have enough points: (-50)!
o que poderia ser? e quando eu arrumo esse
aparece esse
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in C:\AppServ\www\statupgradedone.php on line 76
Error: you don't have enough points: (-50)!
aki o script
<style type="text/css">
<!--
.style1 {
color: #FF0000;
font-size: 14px;
**
body {
background-color: #0A3562;
}
body,td,th {
color: #FFFFFF;
}
body {
background-color: #0A3562;
}
-->
</style>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="1" style="border-left:1px solid #666666;border-right:1px solid #666666"></td>
</tr>
</table>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="img/css.css" rel="stylesheet" type="text/css">
<p>
<body leftmargin="0" topmargin="0">
<?php
$name = stripslashes($_POST['name']);
$login = stripslashes($_POST['login']);
$oldpwd = stripslashes($_POST['oldpwd']);
$vitality = stripslashes($_POST['vitality']);
$strength = stripslashes($_POST['strength']);
$energy = stripslashes($_POST['energy']);
$dexterity = stripslashes($_POST['dexterity']);
$Race = 'NONE';
if($rowRace['Race'] == 'OUSTERS') { $Race = 'Ousters'; }
if($rowRace['Race'] == 'VAMPIRE') { $Race = 'Vampire'; }
if($rowRace['Race'] == 'SLAYER') { $Race = 'Slayer'; }
if ((eregi("[^a-zA-Z0-9_-]", $name)) ||
(eregi("[^a-zA-Z0-9_-]", $login)) ||
(eregi("[^a-zA-Z0-9_-]", $oldpwd)) ||
(eregi("[^a-zA-Z0-9_-]", $vitality)) ||
(eregi("[^a-zA-Z0-9_-]", $strength)) ||
(eregi("[^a-zA-Z0-9_-]", $energy)) ||
(eregi("[^a-zA-Z0-9_-]", $dexterity)))
{
echo("SQL Injection Detected");
exit();
}
require_once "sql_inject.php";
include_once('sql_check.php');
check_inject();
$bDestroy_session = TRUE;
$url_redirect = 'index.php';
$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect) ;
require 'config.php';
$msconnect=mysql_connect($host, $user, $pass);
$msdb=mysql_select_db($db);
$sql_username_check = mysql_query("SELECT PlayerID FROM Player WHERE PlayerID='$login'");
$username_check = mysql_num_rows($sql_username_check);
$sql_pw_check = mysql_query("SELECT Password FROM Player WHERE Password='$oldpwd' and PlayerID='$login'");
$pw_check = mysql_num_rows($sql_pw_check);
$query = "select STR,DEX,INTE,Bonus from Character WHERE Name='$name'";
$result = mysql_query( $query );
$row = mysql_fetch_row($result);
$new_vit = $row[0] + $vitality;
$new_str = $row[1] + $strength;
$new_eng = $row[2] + $energy;
$row[3] = $row[3] - $vitality - $strength - $energy;
if (empty($login) || empty($oldpwd) || empty($name)) {
echo "Error: some of the fields are empty. Go back and try again.<br>";
}
elseif ($username_check <= 0){
echo "Error: Username not found, please go back and correct<br>"; }
elseif ($vitality<0 OR $strength<0 OR $energy<0 OR $dexterity<0){
echo "Error: you're a pathetic loser! You cannot use this bug here!"; }
elseif ($row[3] < 0){
echo "Error: you don't have enough points: ($row[3])!<br>"; }
elseif ($pw_check <= 0){
echo "Error: the password you entered is incorrect! <br>"; }
else { $msconnect=mysql_connect($host, $user, $pass);
$msdb=mysql_select_db($db);
$msquery = "
UPDATE $Race SET STR = '$new_vit'
WHERE Name = '$name'
AND PlayerID = '$login'
UPDATE $Race SET DEX = '$new_str'
WHERE Name = '$name'
AND PlayerID = '$login'
UPDATE $Race INTE = '$new_eng'
WHERE Name = '$name'
AND PlayerID = '$login'";
$sqlinject->test($msquery);
$msresults= mysql_query($msquery);
echo "<font size='1' face='verdana'> $name's stats are now:<br>
<b>STR</b> = $new_vit<br>
<b>DEX</b> = $new_str<br>
<b>INTE</b> = $new_eng<br>
<p>
You now have $row[3] points left.<br></font>";
}
?>
</body>
</html>
</body>
</html>
código porco detected! rs
bom.. o primeiro erro é fácil: o arquivo config.php tá com o acesso errado ao mysql
as variáveis $host, $user, $pass, $db estão com problema
O que nos diferencia dos outros é o nosso esforço.
[SIGPIC][/SIGPIC]Minhas Metas para o Forum TODO List
MSN/Email: ccvpinto@ccvteam.com podem me adicionar ou mandar email para conversar!
Mapa do Fórum CCV Adicione a sua casa também!
porra tou famoso... como meu nick foi parar ali? pelo que eu tou ''vendo" vc ta fazendo um painel pra admin? cuidado com o mysql injection... mesmo com esse codigo eles dão sempre um g/jeito!
painel e pra User.. add pontos...
seu nome eh por causa do server xD
Lilithy Dk2
[GM]Lilian