Jump to content
php.lv forumi

online skripts


drellout

Recommended Posts

Taisu online skriptu ar locationiem...

Bija doma sataisit ko tadu, liekot katraa php lapaa

<?php 
$db=(object)array(
   'host'=>'localhost', // Datubazes hosts
   'user'=>'root', // Datubazes lietotajs
   'pass'=>'3232123', // Datubazes lietotaja parole
   'name'=>'322323', // Datubazes nosaukums
  );
@mysql_connect($db->host,$db->user,$db->pass)or die('Konekcija nospraga!');
@mysql_select_db($db->name)or die('Datubazi ieselektet neizdevas!');
mysql_query("UPDATE ibf_sessions SET location='news', running_time='".time()."' WHERE id='".$_COOKIE['m_id']."'")  or die("NEsanaaca piekontektities: " . mysql_error());
?>

Bet domaju, ka šis variants ir visai slikts un vinju var viegli uzlauzt.

Gribēju pajautāt/paprasīt kā var sataīsīt ko drošāku/drošu pret hakeriem ? Un kā var nosaukt doto url'u kas tgd ievadīts logā, lai nevajadzētu vislaik šo kodu rakstīt bet vnk inkludot vienu failu līdzigu šim

<?php 
$location = $dotais_urls_augshaa
$db=(object)array(
   'host'=>'localhost', // Datubazes hosts
   'user'=>'root', // Datubazes lietotajs
   'pass'=>'3232123', // Datubazes lietotaja parole
   'name'=>'322323', // Datubazes nosaukums
  );
@mysql_connect($db->host,$db->user,$db->pass)or die('Konekcija nospraga!');
@mysql_select_db($db->name)or die('Datubazi ieselektet neizdevas!');
mysql_query("UPDATE ibf_sessions SET location=".$location.", running_time='".time()."' WHERE id='".$_COOKIE['m_id']."'")  or die("NEsanaaca piekontektities: " . mysql_error());
?>

Link to comment
Share on other sites

cookie pa tiešo kvērijā jau nu gan neliec tā, nonesīs ka nemetās to bāzi.

Un kāpēc vajag katrā failā to konekciju, vai tad nav kāds fails, kuru include visos?

Liec tur kā funkciju, kas to realizē un mainīgos $user_id vai $user_name un $location tikai definē failā katrā pirrms izsauc to savu funkciju kas ieraksta bāzē.

Edited by mounkuls
Link to comment
Share on other sites

Takaa neesmu ipashi jauninjais nekliedzat, rekur sataisiju kodu, bet kautkas neiet, neupdeito bazes

<?php
include ('config.msa.php');
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if(isset($_COOKIE['member_id']))
{
$get=mysql_query("SELECT members_display_name FROM `ibf_members` WHERE id='".intval($_COOKIE['member_id'])."'") or die(mysql_error());
$udata=mysql_fetch_object($get);
}
mysql_query("UPDATE ibf_sessions SET location = '".$url."' running_time='".time()."' WHERE id = '".intval($_GET['id'])."'");
?> 

 

Domu ir tada - man ir skripts vinsh uzrada tik ko dara ja ir foruma lapaas... Gribu lai saka ko dara ari citas lapas ja piem ?do=videos

Es domaju visos php failus (news,videos,files,team) inkludot sho kodu un vinsh updeitos datubazi un pectam izvadis

private function format_location($l){
if($l[0] == 'http://links/?do=files'){
return sprintf('Lādē <a class="location" href="?do=download">failus</a>.');
}
}

Edited by drellout
Link to comment
Share on other sites

Njam...

Es parasti kvērija stringu sagatavoju kā mainīgo un tad lieku kvērijā.

Ja nešancē, vienkārši izdrukāju pašu kvērija saturu lai apskatītu stringu.

$query_string="UPDATE ibf_sessions SET location = '".$url."', running_time='".time()."' WHERE id = '".intval($_GET['id'])."';";

print $query_string;//ja nešancē

$query=mysql_query($query_string);

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...