Anyone Want To Help By Having A Look At This Script?

The time now is Sun 20 Apr, 2025 07:55 • All times are UTC + 1 Hour [DST enabled]

Anyone Want To Help By Having A Look At This Script?

Page 1 of 1

mort Spam Basher Joined: August 2010 Posts: 998 Location: Up a tree	Anyone Want To Help By Having A Look At This Script? Hey Fella's, *(Informpro - MG)* Anyone want to help by having a look at this script? Like is there "Anything" else that I should do to make it secure besides change the 'rand' to something more secure? This is the "Clean" functions I use... Spoiler: [ Show ] Spoiler: [ Hide ] Code: [Download] [Hide] [Select] Code: [Download] [Show] function html_escape($raw_input) { return htmlspecialchars($raw_input, ENT_QUOTES \| ENT_HTML401, 'UTF-8'); // important! don't forget to specify ENT_QUOTES and the correct encoding } // Do a clean up of POST. function sanitize($val){ if(get_magic_quotes_gpc()) { $val = stripslashes($val); } $val = trim($val); return mysql_real_escape_string($val); } // Convert the html layer to readable script function Zap($val){ $val = trim($val); $val = htmlspecialchars(stripslashes($val)); return ($val); } // Stops the monkey's from adding script in the Game Comments. function stripTags($val) { $val = strip_tags($val); return $val; } Spoiler: [ Show ] Spoiler: [ Hide ] Code: [Download] [Hide] [Select] Code: [Download] [Show] <?php /** * @package (c) 2008 - 2014 Gnu Arcade Script * @version $Id: my_account.php Version.1.0 * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. / if (!defined('IN_ARCADE')) {die('Please use the front door');} function getbody() { include "includes/db-global.php"; if(!isset($suserid)){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['login_first'].''.GO_BACK.'</div> '.IMG_THB.''; return; }; function change_avatar(){ include "includes/db-global.php"; $userid = $usrdata['userid']; if($avatar == 0) {$avatar0 = 'selected="selected"';}; if($avatar == 1) {$avatar1 = 'selected="selected"';}; if(isset($_POST['avatar'])){ $avatar = sanitize($_POST['avatar']); if ($avatar == 0) { $db->query("UPDATE " . USERS_TABLE . " SET avatar='$avatar', avatar_file='' WHERE userid='$userid'") or die(mysql_error()); echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['profile_update'].''.GO_BACK.'</div> '.IMG_THB.'<br />'; }else{ function findexts ($filename) { $filename = strtolower($filename); $exts = mb_split("[/\.]", $filename); $n = count($exts)-1; $exts = $exts[$n]; return $exts; } if ($_FILES['uploaded']['size'] > 40000) { echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['file_too_big'].''.GO_BACK.'</div> '.IMG_THB.''; return; }; $ext = findexts ($_FILES['uploaded']['name']); $os = array("gif", "jpg", "jpeg", "png"); if (!in_array($ext, $os)) { echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['file_type_no'].''.GO_BACK.'</a></div> '.IMG_THB.''; return; }else{/Do Nothing/}; $ava = "avatar"; $ava3 = $usrdata['userid']; $ava4 = $ava.$userid.'.'; $avatar_file = $ava4.$ext; //This is the directory. Make sure it exists and is chmodded to 0755 or 0777 as required! $target = "avatars/"; //This combines the directory, the userid, and the extension $target = $target . $ava4.$ext; if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['file_uploaded'].''.GO_BACK.'</div> '.IMG_THB.''; $db->query("UPDATE " . USERS_TABLE . " SET avatar='$avatar', avatar_file='$avatar_file' WHERE userid='$userid'") or die(mysql_error()); }else{ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['file_sorry'].''.GO_BACK.'</div> '.IMG_THB.''; }; }; }else{ echo ' '.IMG_THL.''.$lang['manage_avatar'].''.IMG_THR.' '.SCRST.' <form enctype="multipart/form-data" action="'.S_CHANGE_AVATAR.'" method="post"> <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td class="content-a left boldp">'.$lang['use_avatar'].': <select name="avatar"> <option value="0" '.$avatar2.'>'.$lang['no'].'</option> <option value="1" '.$avatar1.'>'.$lang['yes'].'</option> </select> </td> </tr> <tr> <td class="content-a left boldp">'.$lang['file_choose'].': <input name="uploaded" type="file" /></td> </tr> <tr> <td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" value="'.$lang['submit'].'" /> </td> </tr> </table> </form> '.SCRSB.' '.IMG_THB.''; }; }; function account(){ include "includes/db-global.php"; if (!isset($_POST['email'])) $_POST['email'] = null; if(isset($_POST['newsletter'])){ $userid = intval($usrdata['userid']); $newsletter = sanitize($_POST['newsletter']); $email = sanitize($_POST['email']); $aim = sanitize($_POST['aim']); $icq = sanitize($_POST['icq']); $msn = sanitize($_POST['msn']); $yim = sanitize($_POST['yim']); $location = sanitize($_POST['location']); $user_flag = sanitize($_POST['user_flag']); $user_style = sanitize($_POST['user_style']); $occupation = sanitize($_POST['occupation']); $website = sanitize($_POST['website']); $link_a = sanitize($_POST['link_a']); $link_b = sanitize($_POST['link_b']); $link_c = sanitize($_POST['link_c']); $link_d = sanitize($_POST['link_d']); $link_e = sanitize($_POST['link_e']); $link_f = sanitize($_POST['link_f']); $link_g = sanitize($_POST['link_g']); $link_h = sanitize($_POST['link_h']); $sex = sanitize($_POST['sex']); $interests = sanitize($_POST['interests']); $bio = sanitize($_POST['bio']); $ip = $_SERVER['REMOTE_ADDR']; $db->query("UPDATE " . USERS_TABLE . " SET newsletter='$newsletter', aim='$aim', icq='$icq', msn='$msn', yim='$yim', location='$location', user_flag='$user_flag', user_style='$user_style', occupation='$occupation', website='$website', link_a='$link_a', link_b='$link_b', link_c='$link_c', link_d='$link_d', link_e='$link_e', link_f='$link_f', link_g='$link_g', link_h='$link_h', sex='$sex', interests='$interests', bio='$bio', ip='$ip' WHERE userid='$userid'") or die(mysql_error()); echo ' '.IMG_THL.' '.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['profile_update'].''.GO_BACK.'</div> '.IMG_THB.'<br />'; }; $userid = intval($usrdata['userid']); $query = $db->query(sprintf("SELECT username, plays, sex, avatar, avatar_file, newsletter, aim, icq, msn, yim, location, user_style, user_flag, occupation, website, link_a, link_b, link_c, link_d, link_e, link_f, link_g, link_h, interests, bio FROM " . USERS_TABLE . " WHERE userid='%u'", $userid)) or die(mysql_error()); $row = $db->fetch_row($query); $username = html_escape($row['username']); $plays = intval($row['plays']); $sex = Zap($row['sex']); $avatar = Zap($row['avatar']); $avatar_file = Zap($row['avatar_file']); $newsletter = Zap($row['newsletter']); $aim = Zap($row['aim']); $icq = Zap($row['icq']); $msn = Zap($row['msn']); $yim = Zap($row['yim']); $location = html_escape($row['location']); $user_flag = Zap($row['user_flag']); $user_style = Zap($row['user_style']); $occupation = html_escape($row['occupation']); $website = Zap($row['website']); $link_a = Zap($row['link_a']); $link_b = Zap($row['link_b']); $link_c = Zap($row['link_c']); $link_d = Zap($row['link_d']); $link_e = Zap($row['link_e']); $link_f = Zap($row['link_f']); $link_g = Zap($row['link_g']); $link_h = Zap($row['link_h']); $interests = html_escape($row['interests']); $bio = html_escape($row['bio']); $query = $db->query(sprintf("SELECT flag_id, flag_name, flag_image FROM " . FLAGS_TABLE . " ")) or die(mysql_error()); while($row = $db->fetch_row($query)){ $flagID = intval($row['flag_id']); $flag_name = Zap($row['flag_name']); $flag_image = Zap($row['flag_image']); if(!empty($user_flag) && ($user_flag == $flag_image)){$Country = $flag_name;} } if(!empty($user_flag)){ $show_flag = ' <img src="'.FLAGS.''.$user_flag.'" alt="'.$location.' '.$Country.' " title="'.$location.' '.$Country.'" />   '.$Country.'';}else{$show_flag = '';} if(!empty($user_style)){ $show_style = $user_style; }else{ $show_style = '';} include "templates/$template/ranks.php"; $rank = '<img '.IMG_80.' src="'.IMAGE_PATH.'ranks/'.$AAA.' /> '; if($newsletter == 0) {$newsletter0 = 'selected="selected"';}; if($newsletter == 1) {$newsletter1 = 'selected="selected"';}; if($sex == 0) {$sex0 = 'selected="selected"';}; if($sex == 1) {$sex1 = 'selected="selected"';}; if($sex == 2) {$sex2 = 'selected="selected"';}; if ($avatar == "1" ) {$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/'.$avatar_file.'" alt="" />'; }else{ if (empty($avatar_file) && ($sex == 2) && ($avatar == "0") \|\| ($avatar == "") ){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-female.png" alt="" />'; }else{ if (empty($avatar_file) && ($sex == 1) && ($avatar == "0") \|\| ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-male.png" alt="" />'; }else{ if (empty($avatar_file) && ($sex == 0) && ($avatar == "0") \|\| ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-member.png" alt="" />'; }else{ if (empty($avatar_file) && ($avatar == "")){$avatar_url = '<img '.IMG_80.' src="'.DIR_PATH.'avatars/default/def-member.png" alt="" />'; }}}}} echo ' '.IMG_THL.''.$lang['myaccount'].''.IMG_THR.' '.SCRTOP.' <form action="'.S_MY_ACCT.'" method="post"> <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td colspan="3" class="content-a center width10">'.$avatar_url.'<br />'.$rank.'</td> <td class="content-a"> </td> <td valign="top" class="content-a left boldp width45 nowrap"> <a href="'.U_FAVOURITES.'">'.IMG_ACC_FAV.'</a> <a href="'.U_MESSAGES.'">'.IMG_ACC_MES.'</a> <a href="'.U_CHANGE_AVATAR.'">'.IMG_ACC_CHA.'</a> <a href="'.U_CHANGE_EMAIL.'">'.IMG_ACC_CHE.'</a> <a href="'.U_CHANGE_PASS.'">'.IMG_ACC_CHP.'</a> <a href="'.U_CHANGE_QUESTION.'">'.IMG_ACC_CHQ.'</a> <a href="'.U_PROFILE.$userid.'">'.IMG_ACC_PRO.'</a> </td> </tr> </table> <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td class="content-a boldp left width45">'.$lang['games_played'].':</td> <td class="content-a left boldp width50">'.$plays.'</td> </tr> <tr> <td class="content-a boldp left">'.$lang['template'].':</td> <td class="content-a left boldp">'; $query = $db->query(sprintf("SELECT template_name, style_name FROM " . THEMES_TABLE . " WHERE visible=1 ORDER BY template_name ASC")) or die(mysql_error()); $style_list = ' <select name="user_style">'; while($row = $db->fetch_row($query)){ $template_name = Zap($row['template_name']); $style_name = Zap($row['style_name']); $selected = ''; if (!empty($user_style) && ($template_name == $user_style)) { $selected = 'selected="selected"'; } $style_list .= '<option style="width:100px;" value="'.$template_name.'" '.$selected.'>'.$style_name.'</option>'; }; $style_list .= '</select>'; echo ' '.$style_list.' </td> </tr> <tr> <td class="content-a left boldp">'.$lang['newsletter'].':</td> <td class="content-a left"> <select name="newsletter"> <option value="0" '.$newsletter0.'>'.$lang['no'].'</option> <option value="1" '.$newsletter1.'>'.$lang['yes'].'</option> </select> </td> </tr> <tr> <td class="content-a boldp left">'.$lang['location'].': <small>('.$lang['location_exp'].')</small></td> <td class="content-a left"><input name="location" type="text" size="50" value="'.$location.'" /></td> </tr> <tr> <td class="content-a boldp left">'.$lang['country_flag'].': '.$show_flag.'</td> <td class="content-a left">'; $query = $db->query(sprintf("SELECT flag_id, flag_name, flag_image FROM " . FLAGS_TABLE . " ORDER BY flag_name ASC")) or die(mysql_error()); $flag_list = ' <select name="user_flag"> <option value="0">'.$lang['country_select'].'</option>'; while($row = $db->fetch_row($query)){ $flagID = intval($row['flag_id']); $flag_name = Zap($row['flag_name']); $flag_image = Zap($row['flag_image']); $selected = ''; if (!empty($user_flag) && ($user_flag == $flag_image)) { $selected = ' selected="selected"'; } $flag_list .= '<option style="width:100px;" value="'.$flag_image.'"'.$selected.'>'.$flag_name.'</option>'; }; $flag_list .= '</select>'; echo ' '.$flag_list.' </td> </tr> <tr> <td class="content-a boldp left">'.$lang['website_a'].': <small>('.$lang['website_b'].')</small></td> <td class="content-a left"><input name="website" type="text" size="50" value="'.$website.'" /></td> </tr> <tr> <td class="content-a boldp left">'.$lang['occupation'].':<br /></td> <td class="content-a left"><input name="occupation" type="text" size="50" value="'.$occupation.'" /></td> </tr> <tr> <td class="content-a left boldp">'.$lang['gender'].':</td> <td class="content-a left"> <select name="sex"> <option value="0" '.$sex0.'>'.$lang['undisclosed'].'</option> <option value="1" '.$sex1.'>'.$lang['male'].'</option> <option value="2" '.$sex2.'>'.$lang['female'].'</option> </select> </td> </tr> <tr> <td valign="top" class="content-a boldp left">'.$lang['im'].':<br /><small>('.$lang['im_b'].')</small></td> <td> </td> </tr> <tr> <td class="content-a right">'.IM_AIM.'</td> <td class="content-a left"><input name="aim" type="text" size="50" value="'.$aim.'" /></td> </tr> <tr> <td class="content-a right">'.IM_ICQ.'</td> <td class="content-a left"><input name="icq" type="text" size="50" value="'.$icq.'" /></td> </tr> <tr> <td class="content-a right">'.IM_MSN.'</td> <td class="content-a left"><input name="msn" type="text" size="50" value="'.$msn.'" /></td> </tr> <tr> <td class="content-a right">'.IM_YIM.'</td> <td class="content-a left"><input name="yim" type="text" size="50" value="'.$yim.'" /></td> </tr> <tr> <td valign="top" class="content-a boldp left">'.$lang['social_bookmarks_a'].':<br /><small>('.$lang['im_b'].')</small></td> <td> </td> </tr> <tr> <td class="content-a right">'.SB_FB.'</td> <td class="content-a left"><input name="link_a" type="text" size="50" value="'.$link_a.'" /></td> </tr> <tr> <td class="content-a right">'.SB_TW.'</td> <td class="content-a left"><input name="link_b" type="text" size="50" value="'.$link_b.'" /></td> </tr> <tr> <td class="content-a right">'.SB_MS.'</td> <td class="content-a left"><input name="link_c" type="text" size="50" value="'.$link_c.'" /></td> </tr> <tr> <td class="content-a right">'.SB_FL.'</td> <td class="content-a left"><input name="link_d" type="text" size="50" value="'.$link_d.'" /></td> </tr> <tr> <td class="content-a right">'.SB_DG.'</td> <td class="content-a left"><input name="link_e" type="text" size="50" value="'.$link_e.'" /></td> </tr> <tr> <td class="content-a right">'.SB_YT.'</td> <td class="content-a left"><input name="link_f" type="text" size="50" value="'.$link_f.'" /></td> </tr> <tr> <td class="content-a right">'.SB_DL.'</td> <td class="content-a left"><input name="link_g" type="text" size="50" value="'.$link_g.'" /></td> </tr> <tr> <td class="content-a right">'.SB_VM.'</td> <td class="content-a left"><input name="link_h" type="text" size="50" value="'.$link_h.'" /> </td> </tr> <tr> <td class="content-a boldp left">'.$lang['interests'].':<br /><small>100 '.$lang['characters'].'<br />'.$lang['html_script'].'</small></td> <td class="content-a"><textarea name="interests" rows="2" cols="34">'.$interests.'</textarea></td> </tr> <tr> <td class="content-a boldp left">'.$lang['about_me'].':<br /><small>300 '.$lang['characters'].'<br />'.$lang['html_script'].'</small></td> <td class="content-a"><textarea name="bio" rows="4" cols="34">'.$bio.'</textarea></td> </tr> <tr> <td class="tab-footerp center" colspan="4"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /> </td> </tr> </table> </form> '.SCRBOT.' '.IMG_THB.''; }; function delete_favourite(){ include "includes/db-global.php"; $delete_ID = isset($_GET['deleteID']) ? intval($_GET['deleteID']) : 0; $del1 = $db->query(sprintf("SELECT name FROM " . GAMES_TABLE . " WHERE ID='%u'", intval($delete_ID))) or die(mysql_error()); $row4 = $db->fetch_row($del1); $gamename = Zap(urlencode($row4['name'])); $game_name = Zap(urldecode($row4['name'])); echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['are_you_sure_remove_a'].' » <span class="msg-unread"> '.$game_name.' </span> « '.$lang['are_you_sure_remove_b'].'<br /> <a href="'.U_FAV_DELETE_OWN.$gamename.'&deleteID='.$delete_ID.'">'.$lang['yes'].'</a>   <a href="'.U_FAVOURITES.'">'.$lang['no'].'</a></div> '.IMG_THB.''; } function favourites(){ include "includes/db-global.php"; $delete_ID = isset($_GET['deleteID']) ? intval($_GET['deleteID']) : 0; $delete_name = isset($_GET['deletename']) ? Zap($_GET['deletename']) : 0; if (!empty($delete_ID)){ $db->query("DELETE FROM " . USERS_FAVS_TABLE . " WHERE userid=".$usrdata['userid']." AND gameid=".intval($delete_ID)."") or die(mysql_error()); echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['deleted'].' » <span class="msg-unread"> '.$delete_name.' </span> « '.$lang['are_you_sure_remove_b'].'<br /><a href="'.U_FAVOURITES.'">'.$lang['go_back'].'</a></div> '.IMG_THB.'<br />'; } echo ' '.IMG_THL.''.$lang['myfavs'].''.IMG_THR.' '.SCRST.''; $sql4 = $db->query(sprintf("SELECT gameid FROM " . USERS_FAVS_TABLE . " WHERE userid=".$usrdata['userid']."")) or die(mysql_error()); while($row3 = $db->fetch_row($sql4)){ $row3_gameid = intval($row3['gameid']); $del1 = $db->query(sprintf("SELECT ID, file, description, name, views, type, thumb, thumb_url FROM " . GAMES_TABLE . " WHERE ID='%u'", $row3_gameid)) or die(mysql_error()); $row4 = $db->fetch_row($del1); $row4_id = intval($row4['ID']); $row4_views = intval($row4['views']); $row4_type = intval($row4['type']); if($row4['type'] == 1) {$row4_thumb = Zap($row4['thumb']); }else{ $row4_thumb_url = Zap($row4['thumb_url']);} $row4_file = Zap($row4['file']); $body = Zap($row4['description']); $row4_name = Zap($row4['name']); include "editor/editor_bodystring.php"; $row4_name = Zap($row4_name); $body = htmlspecialchars_decode($body); $body = str_replace("&", "&", $body); $gamelink = ''.U_GAME_LINK.$row4_id.''; echo ' <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td class="sub-cat-a left boldp width80"> '.$row4_name.'</td> <td class="sub-cat-a left boldp width20">'.$lang['total_views'].' » '.$row4_views.'</td> </tr> </table> <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td width="55" height="55" valign="top" class="fav-image-a"> <a href="'.$gamelink.'">'; if($row4['type'] == 1){ echo ''.IMG_THUMB_B1.$row4_thumb.IMG_THUMB_55.''; }else{ echo ''.IMG_THUMB_B2.$row4_thumb_url.IMG_THUMB_55.''; } echo ' </a> </td> <td valign="top" class="fav-image-b left">'.stripslashes(myfavsdesclimit($body)).'<br /> <div style="padding-top: 2px; white-space: nowrap;"> <a href="'.$gamelink.'" class="gamelink-a floatl left">'.IMG_PLAY.'</a>'; if($row4['type'] == 1){echo ' <span class="gamelink-a floatl left">  <a href="javascript:popUp(\''.GAMES.''.$row4_file.'\')">'.IMG_PLAY_FULL.'</a></span>'; }else{echo '<span class="gamelink-a floatl left"> '.IMG_NO_FULL.'</span>';} $db->query("DELETE FROM " . USERS_FAVS_TABLE . " WHERE ID=".$row4['ID']."") or die(mysql_error()); $ID = intval($row4['ID']); echo' <div class="floatr"><a href="'.U_FAV_DELETE.$ID.'">'.ICO_DEL.'</a>    </div> </div> </td> </tr> </table>'; } echo ' '.SCRSB.' '.IMG_THB.''; } function change_email(){ include "includes/db-global.php"; $userid = intval($usrdata['userid']); $query = $db->query(sprintf("SELECT email FROM " . USERS_TABLE . " WHERE userid='%u'", $userid)) or die(mysql_error()); $row = $db->fetch_row($query); $current_email = html_escape($row['email']); if(isset($_POST['submit'])){ $email = sanitize($_POST['email']); $password = sanitize(md5($_POST['password'])); $password2 = sanitize(md5($_POST['password2'])); if(!$password \|\| !$email \|\| !$password2){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['all_fields_req'].''.GO_BACK.'</div> '.IMG_THB.''; return; } $invalMail = ''.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['email_not_valid'].''.GO_BACK.'</div> '.IMG_THB.''; function isValidEmail($email){ if(preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email)) return true; else return false; } if(!isValidEmail($email)){ echo ''.$invalMail.''; return; } if($_POST['password'] != $_POST['password2']){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div> '.IMG_THB.'<br />'; return; } if($password != $usrdata['password']){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['password_wrong_a'].' '.GO_BACK.' </div> '.IMG_THB.'<br />'; return; } if($email == $current_email){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['current_email'].''.GO_BACK.'</div> '.IMG_THB.''; return; } $sql = $db->query("SELECT email, username FROM " . USERS_TABLE . " WHERE email='.$email.'") or die(mysql_error()); if($db->num_rows($sql) == 1){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['email_in_use'].''.GO_BACK.'</div> '.IMG_THB.''; return; } $user_name = Zap($usrdata['username']); $activation_number = rand( ); $subject = ''.$lang['email_change'].''; $message = ''.$lang['dear'].' '.$user_name.',<br />'.$lang['email_change_a'].' <a href="'.DIR_PATH.'">'.$sitename.'</a>. <a href="'.DIR_PATH.'index.php?action=activate_email&new_email='.$email.'&old_email='.$current_email.'&id='.$activation_number.'">'.$lang['click_here'].'</a> '.$lang['email_change_b'].'<br />'.$lang['thanks'].'<br />'.$sitename.' '.$lang['administration'].''; $headers = ''.$lang['from'].': '.$supportemail.'' . "\r\n" . 'Content-Type: text/html; charset=UTF-8' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $sent = mail($email, $subject, $message, $headers); $db->query("UPDATE " . USERS_TABLE . " SET new_email='$email', new_email_key='$activation_number' WHERE userid='{$usrdata['userid']}'") or die(mysql_error()); #Confirm email sent or notify them of a problem if ($sent) { echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['email_correct'].'</div> '.IMG_THB.'<br />'; }else{ echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['no_connect_db'].''.GO_BACK.'</div> '.IMG_THB.''; } } echo ' '.IMG_THL.''.$lang['change_email'].''.IMG_THR.' '.SCRST.' <form action="'.S_CHANGE_EMAIL.'" method="post"> <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td class="content-a left boldp width40">'.$lang['email_address_new'].' » </td> <td> <input type="text" name="email" size="35" value="" /></td> </tr> <tr> <td class="content-a left boldp width40">'.$lang['password_current'].' » </td> <td> <input type="password" name="password" size="35" value="" /></td> </tr> <tr> <td class="content-a left boldp width40">'.$lang['password_rep'].' » </td> <td> <input type="password" name="password2" size="35" value="" /></td> </tr> <tr> <td class="tab-footerp center" colspan="2" ><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td> </tr> </table> </form> '.SCRSB.' '.IMG_THB.''; } function change_question(){ include "includes/db-global.php"; if(isset($_POST['submit'])){ $password = sanitize(md5($_POST['password'])); $answer = sanitize(md5($_POST['answer'])); $question = sanitize($_POST['question']); $password2 = sanitize(md5($_POST['password2'])); if(!$question \|\| !$answer \|\| !$password \|\| !$password2){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['not_all_fields'].'<br /><a href="'.U_CHANGE_QUESTION.'">'.$lang['go_back'].'</a></div> '.IMG_THB.''; return; } if($_POST['password'] != $_POST['password2']){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div> '.IMG_THB.'<br />'; return; } if($password != $usrdata['password']){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['password_wrong_a'].''.GO_BACK.'</div> '.IMG_THB.'<br />'; }else{ $db->query("UPDATE " . USERS_TABLE . " SET pass_question='$question', pass_answer='$answer' WHERE userid='{$usrdata['userid']}'") or die(mysql_error()); echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['updated_qa'].''.GO_BACK.'</div> '.IMG_THB.'<br />'; } } echo ' '.IMG_THL.''.$lang['change_pass_qa'].''.IMG_THR.' '.SCRST.' <form action="'.S_CHANGE_QUESTION.'" method="post"> <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td class="content-a left boldp width40">'.$lang['question'].' » </td> <td class="content-a left"><input type="text" name="question" size="35" /></td> </tr> <tr> <td class="content-a left boldp width40">'.$lang['answer'].' »</td> <td class="content-a left"><input type="text" name="answer" size="35" /></td> </tr> <tr> <td class="content-a left boldp width40">'.$lang['current_password'].' » </td> <td class="content-a left"><input type="password" name="password" size="35" /></td> </tr> <tr> <td class="content-a left boldp width40">'.$lang['password_rep'].' » </td> <td class="content-a left"><input type="password" name="password2" size="35" value="" /></td> </tr> <tr> <td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td> </tr> </table> </form> '.SCRSB.' '.IMG_THB.''; } function change_password(){ include "includes/db-global.php"; if(isset($_POST['submit'])){ $oldpass = sanitize(md5($_POST['oldpass'])); $newpass = sanitize(md5($_POST['newpass'])); $password2 = sanitize(md5($_POST['password2'])); if(!$oldpass \|\| !$newpass \|\| !$password2){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['not_all_fields'].' '.GO_BACK.' </div> '.IMG_THB.'<br />'; return; } if($_POST['newpass'] != $_POST['password2']){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['password_not_match'].' '.GO_BACK.' </div> '.IMG_THB.'<br />'; return; } if($oldpass != $usrdata['password']){ echo ' '.IMG_THL.''.$lang['general_error'].''.IMG_THR.' <div class="error">'.$lang['password_wrong_b'].''.GO_BACK.'</div> '.IMG_THB.'<br />'; }else{ $db->query(sprintf("UPDATE " . USERS_TABLE . " SET password='%s' WHERE userid='%u'", $newpass, $usrdata['userid'])) or die(mysql_error()); echo ' '.IMG_THL.''.$lang['general_message'].''.IMG_THR.' <div class="msg">'.$lang['password_updated'].''.GO_BACK.'</div> '.IMG_THB.'<br />'; }} echo ' '.IMG_THL.''.$lang['change_password'].''.IMG_THR.' '.SCRST.' <form action="'.S_CHANGE_PASS.'" method="post"> <table class="width100" cellpadding="0" cellspacing="0" border="0"> <tr> <td class="content-a left boldp width40">'.$lang['password_old'].' &raquo </td> <td class="content-a left"><input type="password" name="oldpass" size="35" /></td> </tr> <tr> <td class="content-a left boldp width40">'.$lang['password_new'].' &raquo </td> <td class="content-a left"><input type="password" name="newpass" size="35" /></td> </tr> <tr> <td class="content-a left boldp width40">'.$lang['password_rep'].' » </td> <td class="content-a left"><input type="password" name="password2" size="35" value="" /></td> </tr> <tr> <td class="tab-footerp center" colspan="2"><input class="buttonp" type="submit" name="submit" value="'.$lang['submit'].'" /></td> </tr> </table> </form> '.SCRSB.' '.IMG_THB.''; } $cmd = isset($_GET['cmd']) ? $_GET['cmd'] : null; switch($cmd) { default: account(); break; case 'delete_favourite': delete_favourite(); break; case 'favourites': favourites(); break; case 'change_password': change_password(); break; case 'change_question': change_question(); break; case 'change_email': change_email(); break; case 'change_avatar': change_avatar(); break; } }; ?> I know it's not phpBB or Icy - but I also know you'll be dying to help - So I'll thank you in advance for your time and opinions. Last edited by mort on Tue 09 Dec, 2014 22:23; edited 1 time in total
Share
#1 Mon 08 Dec, 2014 01:53

Sponsors	Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Informpro Joined: October 2008 Posts: 1110 Location:	Re: Anyone Want To Help By Having A Look At This Script? Hey, you really ought to use php's `strip_tags` instead of your own `cleanInput` function. For example, what happens when you try to `cleanInput` this? Code: [Download] [Hide] Code: [Download] [Show] <script <b>>some malicious code</script<b>> ____________ IcyPhoenix ADR RPG • EzArena (modded phpBB2+ADR)
Share
#2 Mon 08 Dec, 2014 10:05

mort Spam Basher Joined: August 2010 Posts: 998 Location: Up a tree	Re: Anyone Want To Help By Having A Look At This Script? You are dead right my friend and I've changed it to your recommendations. And as the comment textarea is covered by the editor I use - I also removed all the bbCcode that I don't want to see used as well. And as you deserve to be added to the script for any of the help you give - What handle and address would you like me to use for you?
Share
#3 Tue 09 Dec, 2014 22:29

Informpro Joined: October 2008 Posts: 1110 Location:	Re: Anyone Want To Help By Having A Look At This Script? None, thanks :-). ____________ IcyPhoenix ADR RPG • EzArena (modded phpBB2+ADR)
Share
#4 Tue 09 Dec, 2014 22:50

Mighty Gorgon Luca Libralato Joined: August 2006 Posts: 7192 Location: Borgo San Michele	Re: Anyone Want To Help By Having A Look At This Script? Do you have any live page where this stuff can be tested online? ____________ Luca SEARCH is the quickest way to get support. Icy Phoenix ColorizeIt - CustomIcy - HON
Share
#5 Wed 10 Dec, 2014 20:59

mort Spam Basher Joined: August 2010 Posts: 998 Location: Up a tree	Re: Anyone Want To Help By Having A Look At This Script? Umm! NO! Are you offering to free host the "Demo" which has 36 games ? Although I do use the latest XAMPP with the latest php and mysql along with Mercury Mailer to test anything that sends emails. But I'm not ready to put the 4,000 game one back on-line for a few months yet and *WAS* thinking about bluehost once more...
Share
#6 Thu 11 Dec, 2014 22:02

Page 1 of 1

Was this topic useful?

Link this topic
URL
BBCode
HTML

The time now is Sun 20 Apr, 2025 07:55 • All times are UTC + 1 Hour [DST enabled]

Permissions List

You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events

Icy Phoenix

Anyone Want To Help By Having A Look At This Script?

Was this topic useful?

Was this topic useful?