Review, Gunz Ranking Page

[CobraCom]

I'll need your honest opinions, It works on SQL 2008 with the Dec 2007 Server files.
Tell me what you'd like to see added, since I'm thinking about releasing it.

http://iggunz.zapto.org/ranks.php

[MentaL]

[PerfectGunZ]

I'll need your honest opinions, It works on SQL 2008 with the Dec 2007 Server files.
Tell me what you'd like to see added, since I'm thinking about releasing it.

http://iggunz.zapto.org/ranks.php

I think it looks pretty cool. Nice and simple; the way I like it. Good job.

[ThePhailure772]

Gl w/ AID 1 for every account and everybody level 1 with 0 xp and 0 bounty.

[CobraCom]

Accidently used a backup, causing all accounts to go to 0,
and everyone is igCoins because igCoins are for paid users, which is coming in the new Shop for the server. (buy/pay through paypal, buy donation items in shop).
still... reg page works fine.

[ThePhailure772]

No you didn't lmfao. I just SQL injected it. Everyone now has administrator and is level 1337

[CobraCom]

Post for the "I quit hacking" thread lol, anyway time to buff up the security.

[ThePhailure772]

Wasn't hacking actually :)

[CobraCom]

I understand how injecting works, I'll call it "exploiting" if you'd rather. How could you exploit ur old buddy! lol

[CobraCom]

k, try it again, Phail, see if I've missed something

[Joe9099]

Good job, that is different to others and very simple looking..

But all your doing really is displaying more columns?

[CobraCom]

Security is flawfull now, can't see a hole I didnt close.

And the page shows:
- Advanced info about TOP 50 users.
- Abiltiy to sort by
- Search for a user (Even if it's not in the TOP 50.

[Demantor]

No you didn't lmfao. I just SQL injected it. Everyone now has administrator and is level 1337

Easy, but cool =)


Nice ranking =)

[ThePhailure772]

Security is flawfull now, can't see a hole I didnt close.

And the page shows:
- Advanced info about TOP 50 users.
- Abiltiy to sort by
- Search for a user (Even if it's not in the TOP 50.

Really? Everyone has administrator and level 1337 again

Code:

		function CorrectString($var)
		{
			$var = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$var);
			$var = trim($var);
			$var = strip_tags($var);
			$var = addslashes($var);
			$var = str_replace("'", "''", $var);
			return $var;
		}

[CobraCom]

function Securtity($value){
ltrim(nl2br(stripslashes(htmlentities($value)))))
}

[ThePhailure772]

You failed again...everyone is admin.

[CobraCom]

function Correct($var)
{
$var = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$var);
$var = trim($var);
$var = strip_tags($var);
$var = addslashes($var);
$var = str_replace("'", "''", $var);
$var = nl2br($var);
$var = htmlentities($var);
return $var;
}

Find more security holes.

[Asumi]

rofl when it's safe release it (A)