|
|
03-13-2012, 09:59 AM
can any fix this script?
if you do i will post how to make a world 2 that is members only im stuck on the last part this stupid php script ... :L
thanks for any help!
Error:Code:<?php $host = "localhost"; $user = "Hax"; $pass = "YES"; $name = "login"; $_GET['name'] = str_replace("_"," ",$_GET['name']); if($_GET['crypt'] !=102510){ echo '-1'; exit; } if([email protected]_connect($host, $user, $pass)) { die("error connecting to mysql server - " . mysql_error()); } if([email protected]_select_db($name)) { die("error selecting mysql database - " . mysql_error()); } $query = mysql_query("SELECT * FROM users WHERE username = '".$_GET['name']."'"); if($row = mysql_fetch_array($query)){ $pass2 = md5($_GET['pass']); $mem = "420"; if($pass2 == $row["password"]){ echo '2'; }else{ echo '1'; }else{ echo '0'; } if($row["ismem"] == $mem){ echo '660'; }else{ echo '066'; }else{ echo '666'; } ?>
Code:Parse error: syntax error, unexpected T_ELSE in C:\wamp\www\checkuser.php on line 26
Last edited by ehax0r; 03-13-2012 at 10:03 AM. Reason: Posted Error msg
I have no idea where you're going with this, but you cant haveCode:if($pass2 == $row["password"]){ echo '2'; }else{ echo '1'; }else{ echo '0'; }
if
else
else
Use this:
if($pass2 == $row["password"]){
echo '2';
}else{
echo '0';
}
It will echo 2 if the password matches the database value, or 0 if it doesn't.
Also just be forewarned, your code is open for MySQL Injection. This would allow people to enter usernames such as ';THEIR_OWN_QUERY_HERE and have it execute live queries on your MySQL server. It would make it very easy to change their "donation" level or even rights if its handled there. Or worse, drop your database completely.
$query = mysql_query("SELECT * FROM users WHERE username = '".$_GET['name']."'");
Make it this:
$usrname = mysql_real_escape_string($_GET['name']);
$query = mysql_query("SELECT * FROM users WHERE username='{$usrname}'");
That would stop such attacks. Remember, never execute queries using live variables that users have the ability to change. Your password variable is okay, because it's MD5 encrypted. If they tried to inject through the password field, their injection would just get encrypted and do nothing.
| « [Java] Recursion/Looping help. | buying basic forum help ! » |
| Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |
