drellout Posted July 3, 2010 Report Share Posted July 3, 2010 Taisu online skriptu ar locationiem... Bija doma sataisit ko tadu, liekot katraa php lapaa <?php $db=(object)array( 'host'=>'localhost', // Datubazes hosts 'user'=>'root', // Datubazes lietotajs 'pass'=>'3232123', // Datubazes lietotaja parole 'name'=>'322323', // Datubazes nosaukums ); @mysql_connect($db->host,$db->user,$db->pass)or die('Konekcija nospraga!'); @mysql_select_db($db->name)or die('Datubazi ieselektet neizdevas!'); mysql_query("UPDATE ibf_sessions SET location='news', running_time='".time()."' WHERE id='".$_COOKIE['m_id']."'") or die("NEsanaaca piekontektities: " . mysql_error()); ?> Bet domaju, ka šis variants ir visai slikts un vinju var viegli uzlauzt. Gribēju pajautāt/paprasīt kā var sataīsīt ko drošāku/drošu pret hakeriem ? Un kā var nosaukt doto url'u kas tgd ievadīts logā, lai nevajadzētu vislaik šo kodu rakstīt bet vnk inkludot vienu failu līdzigu šim <?php $location = $dotais_urls_augshaa $db=(object)array( 'host'=>'localhost', // Datubazes hosts 'user'=>'root', // Datubazes lietotajs 'pass'=>'3232123', // Datubazes lietotaja parole 'name'=>'322323', // Datubazes nosaukums ); @mysql_connect($db->host,$db->user,$db->pass)or die('Konekcija nospraga!'); @mysql_select_db($db->name)or die('Datubazi ieselektet neizdevas!'); mysql_query("UPDATE ibf_sessions SET location=".$location.", running_time='".time()."' WHERE id='".$_COOKIE['m_id']."'") or die("NEsanaaca piekontektities: " . mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
mounkuls Posted July 3, 2010 Report Share Posted July 3, 2010 (edited) cookie pa tiešo kvērijā jau nu gan neliec tā, nonesīs ka nemetās to bāzi. Un kāpēc vajag katrā failā to konekciju, vai tad nav kāds fails, kuru include visos? Liec tur kā funkciju, kas to realizē un mainīgos $user_id vai $user_name un $location tikai definē failā katrā pirrms izsauc to savu funkciju kas ieraksta bāzē. Edited July 3, 2010 by mounkuls Quote Link to comment Share on other sites More sharing options...
drellout Posted July 3, 2010 Author Report Share Posted July 3, 2010 (edited) Takaa neesmu ipashi jauninjais nekliedzat, rekur sataisiju kodu, bet kautkas neiet, neupdeito bazes <?php include ('config.msa.php'); $url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if(isset($_COOKIE['member_id'])) { $get=mysql_query("SELECT members_display_name FROM `ibf_members` WHERE id='".intval($_COOKIE['member_id'])."'") or die(mysql_error()); $udata=mysql_fetch_object($get); } mysql_query("UPDATE ibf_sessions SET location = '".$url."' running_time='".time()."' WHERE id = '".intval($_GET['id'])."'"); ?> Domu ir tada - man ir skripts vinsh uzrada tik ko dara ja ir foruma lapaas... Gribu lai saka ko dara ari citas lapas ja piem ?do=videos Es domaju visos php failus (news,videos,files,team) inkludot sho kodu un vinsh updeitos datubazi un pectam izvadis private function format_location($l){ if($l[0] == 'http://links/?do=files'){ return sprintf('Lādē <a class="location" href="?do=download">failus</a>.'); } } Edited July 3, 2010 by drellout Quote Link to comment Share on other sites More sharing options...
mounkuls Posted July 3, 2010 Report Share Posted July 3, 2010 UPDATE ibf_sessions SET location = '".$url."', running_time='".time()."' WHERE id = '".intval($_GET['id'])."'" Quote Link to comment Share on other sites More sharing options...
drellout Posted July 3, 2010 Author Report Share Posted July 3, 2010 UPDATE ibf_sessions SET location = '".$url."', running_time='".time()."' WHERE id = '".intval($_GET['id'])."'" Tika labots, sha vai taa nekas neupdeitojaas Quote Link to comment Share on other sites More sharing options...
mounkuls Posted July 3, 2010 Report Share Posted July 3, 2010 or die(mysql_error()); pieliec tam update kvērijam arī, varbūt ko parādīs Quote Link to comment Share on other sites More sharing options...
drellout Posted July 3, 2010 Author Report Share Posted July 3, 2010 or die(mysql_error()); pieliec tam update kvērijam arī, varbūt ko parādīs tuksh numurs... Quote Link to comment Share on other sites More sharing options...
mounkuls Posted July 3, 2010 Report Share Posted July 3, 2010 Njam... Es parasti kvērija stringu sagatavoju kā mainīgo un tad lieku kvērijā. Ja nešancē, vienkārši izdrukāju pašu kvērija saturu lai apskatītu stringu. $query_string="UPDATE ibf_sessions SET location = '".$url."', running_time='".time()."' WHERE id = '".intval($_GET['id'])."';"; print $query_string;//ja nešancē $query=mysql_query($query_string); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.