fout regel

aaron1232 · 23 juli 2011

<?php
ob_start();
include("gegevens.php");
include("_include-config.php");

$select = mysql_query("SELECT * FROM `instellingen`");
$page = mysql_fetch_object($select);
?>
<html>

<head>
<title>[( Criminals )]</title>
<link rel="stylesheet" type="text/css" href="css-v1.css">
</head>

<body style="background: #666666; margin: 0px;">
 <table width=100%>
   <tr><td class="subTitle"><b>Database Error</b></td></tr>
   <tr><td class="mainTxt">
   Er is een foutje opgetreden in de database
   </td></tr>
 </table>
</body>
<?php
ENDHTML;
   exit;

 session_start("betaald.php");
 include("ubb.inc.php");
 include("_include-funcs.php");
 if(isset($_SESSION['login']))
 {
   $_SESSION['login']  = $_COOKIE['login'];
   $dbres              = mysql_query("SELECT *,UNIX_TIMESTAMP(`signup`) AS `signup`,UNIX_TIMESTAMP(`online`) AS `online` FROM `[users]` WHERE `login`='{$_SESSION['login']}'");
   $data               = mysql_fetch_object($dbres);
 }
 if(((count($_POST) > 0 && !isset($_POST['omnilog'])) || ($_POST['omnilog'] == 1 && count($_GET) > 1)) && isset($OMNILOG)) {
   $forwardedFor           = ($_SERVER['HTTP_X_FORWARDED_FOR'] != "") ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['HTTP_CLIENT_IP'];
   $forwardedFor           = preg_replace('/, .+/','',$forwardedFor);
   $postVars               = addslashes(var_export($_POST,TRUE));
   if($postVars == "array (\n)" || (count($_POST) == 1 && isset($_POST['omnilog'])))
     $postVars             = "";
   $getVars                = addslashes(var_export($_GET,TRUE));
   if($getVars == "array (\n)")
     $getVars              = "";
   mysql_query("INSERT INTO `[omnilog]` VALUES(NOW(),'{$_COOKIE['login']}','{$_SERVER['REMOTE_ADDR']}','$forwardedFor','{$_SERVER['PHP_SELF']}','$postVars','$getVars')");
 }
 foreach($_POST as $key => $value) {
   if(gettype($_POST[$key]) == "array")
     foreach($_POST[$key] as $key2 => $value2)
       $_POST[$key][$key2]     = addslashes($_POST[$key][$key2]);
   else
     $_POST[$key]          = addslashes($_POST[$key]);
 }
 foreach($_GET as $key => $value) {
   if(gettype($_GET[$key]) == "array")
     foreach($_GET[$key] as $key2 => $value2)
       $_GET[$key][$key2]      = addslashes($_GET[$key][$key2]);
   else
     $_GET[$key]           = addslashes($_GET[$key]);
 }
 foreach($_COOKIE as $key => $value) {
   if(gettype($_COOKIE[$key]) == "array")
     foreach($_COOKIE[$key] as $key2 => $value2)
       $_COOKIE[$key][$key2]       = addslashes($_COOKIE[$key][$key2]);
   else
     $_COOKIE[$key]            = addslashes($_COOKIE[$key]);
 }

 $clientIP                 = $_SERVER['REMOTE_ADDR'];
 $forwardedFor             = ($_SERVER['HTTP_X_FORWARDED_FOR'] != "") ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $clientIP;
 $forwardedFor             = preg_replace('/, .+/','',$forwardedFor);
 $dbres                = mysql_query("SELECT `id` FROM `[users]` WHERE `level`='-1' AND (`IP`='$clientIP' OR `IP`='$forwardedFor')");
 if(mysql_num_rows($dbres) != 0) {
   print <<<ENDHTML
<html>
?>
<head>
<title>[( Criminals )]</title>
<link rel="stylesheet" type="text/css" href="css-v1.css">
<meta http-equiv=Refresh content=0.001;url=index-v1.php>
</head>

<body style="background: #AA3C3C; margin: 0px;">
 <table width=100% height=100%>
   <tr><td class="subTitle"><b>Ban</b></td></tr>
   <tr><td class="mainTxt">
   Het IP waarmee je speelt is geband
   </td></tr>
 </table>
</body>
</html>
<?php
ENDHTML;
   exit;
 }

 if(isset($UPDATE_DB)) {
   $dbres              = mysql_query("SELECT UNIX_TIMESTAMP(`time`) AS `time`,`name` FROM `[cron]`");
   while($x = mysql_fetch_object($dbres))
     $update[$x->name]     = $x->time;
   if(floor($update['hour']/3600) != floor(time()/3600)) {
     $dbres                = mysql_query("SELECT GET_LOCK('hour_update',0)");
     if(mysql_result($dbres,0) == 1) {
       $cron_pass          = "secretcronpassword";
       mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='hour'");
       include("_cron_hour.php");
       mysql_query("SELECT RELEASE_LOCK('hour_update')");
     }
   }
   if(floor($update['day']/86400) != floor(time()/86400)) {
     $dbres                = mysql_query("SELECT GET_LOCK('day_update',0)");
     if(mysql_result($dbres,0) == 1) {
       $cron_pass          = "secretcronpassword";
       mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='day'");
       include("_cron_day.php");
       mysql_query("SELECT RELEASE_LOCK('day_update')");
     }
   }
   if(floor($update['week']/604800) != floor(time()/604800)) {
     $dbres                = mysql_query("SELECT GET_LOCK('week_update',0)");
     if(mysql_result($dbres,0) == 1) {
       $cron_pass          = "secretcronpassword";
       mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='week'");
       include("_cron_week.php");
       mysql_query("SELECT RELEASE_LOCK('week_update')");
     }
   }
   if(date('n',$update['month']) != date('n',time())) {
     $dbres                = mysql_query("SELECT GET_LOCK('month_update',0)");
     if(mysql_result($dbres,0) == 1) {
       $cron_pass          = "secretcronpassword";
       mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='month'");
       include("_cron_month.php");
       mysql_query("SELECT RELEASE_LOCK('month_update')");
     }
   }
   if((date('G',time()) >= 16 && date('z',time()) != date('z',$update['horserace'])) || (date('G',time()) >= 21 && date('G',$update['horserace']) < 21)) {
     $dbres                = mysql_query("SELECT GET_LOCK('horserace_update',0)");
     if(mysql_result($dbres,0) == 1) {
       $cron_pass          = "secretcronpassword";
       mysql_query("UPDATE `[cron]` SET `time`=NOW() WHERE `name`='horserace'");
       include("_cron_horserace.php");
       mysql_query("SELECT RELEASE_LOCK('horserace_update')");
     }
   }
 }
## Anti SQL Injection
function injection($variabele)
{
//geen html toelaten
$variabele = htmlspecialchars($variabele, ENT_QUOTES);
$variabele = nl2br($variabele);
$verboden = array(
'SELECT',
'DROP',
'UPDATE',
'SET',
'INSERT',
'ALTER',
'GRANT',
'UNION',
'DELETE'
);
$vervangdoor = array (
'luktniet',
'luktniet',
'luktniet',
'luktniet',
'luktniet',
'luktniet',
'luktniet',
'luktniet',
'luktniet'
);
$variabele = str_replace($verboden, $vervangdoor, $variabele);
$variabele = addslashes($variabele);
return ($variabele);
?>
<?
if($data) {


 ?>
<?php
if($data->bank < -1) {
?>
<?php

print "<script>alert('Je Bank geld is gereset omdat het in de - stond')</script>";
mysql_query("UPDATE `[users]` set `bank`=0 WHERE `login`='{$data->login}' ");

  ?>
<?
} else {
}
?>
<?php
if($data->cash < -1) {
?>
<?php

print "<script>alert('Je Contant geld is gereset omdat het in de - stond')</script>";
mysql_query("UPDATE `[users]` set `cash`=0 WHERE `login`='{$data->login}' ");

  ?>

hij zegt dat er een fout is op de laatste regel : ?> als ik dit wegdoe lukt het ook niet, hoe kan ik dit oplossen?

bergkid · 16 augustus 2011

het zit hem in regel 150,181 en 199 van deze code. je opent er iets met een { maar sluit deze niet met een }.

3x een } voor de ?> zou het moeten doen.

waarom open je en sluit je eigenlijk zo vaak PHP?

16 augustus 2011 aangepast door bergkid

leroy · 12 september 2011

Nog even ter extra, je gebruikt ook totaal bijna geen controles of bepaalde dingen wel echt uitgevoerd zijn.

En in je SQL Query's is het ook niet slim om ` te gebruiken (de quote naar links) maar beter een rechte '

Groeten

Leroy

Inloggen

fout regel

Aanbevolen berichten

aaron1232

Link naar reactie

Delen op andere sites

bergkid

Link naar reactie

Delen op andere sites

leroy

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie