You are not supposed to remove it, the .htaccess file is required for the rewriting of the URL.Quote:
Originally Posted by jorklenis2
Printable View
You are not supposed to remove it, the .htaccess file is required for the rewriting of the URL.Quote:
Originally Posted by jorklenis2
If you download AppServ 2.6.0, remove the ; from php.ini, replace the dll file that Anju provides in the release then restart AppServ you should have no problems at all.
Why doesn't anything read the .txt document before doing anything?Quote:
Originally Posted by jorklenis2
Solved.
thanks for the above.
Not sure, but I had problems with AppServ versions over 2.6.0 so I just stick with this. But yes, people should read first.
The latest version is only 2.6.0. Not sure if I ever stated that this is only been tested on AppServ 2.6.0
Hi, this is something I always wanted to learn, how to edit this and add your modifications, as the text convertiro codes, I will not remove the credits just want to know how to do these codes like this below in the example image.
http://i39.tinypic.com/33jheeu.png
how to fix emblem upload, no detect the owner clan and upload emblem free, why?.
sorry for double post, is usrgent.
can you send me the website psd, I just got a nice layout for the homepage.
il create it and give it to you to code it.
The PSD is in the rar file if you just look.Quote:
Originally Posted by prnx
Quote:
Originally Posted by jorklenis2
I'll take a look at the code when I get up. Need sleep.
I'll release a security patch update for this once I have some more time.
It's a nice release but contains some vulnerabilities, keep up the good work though and keep on training.
Quote:
Originally Posted by Dave
I like to look good I'll sit this website and repair their mistakes, I appreciate their performance.Quote:
Originally Posted by wesman2232
You're gonna sit on some files?Quote:
Originally Posted by jorklenis2
how?
please teach me, oh master of the English language.
I mean I sit in my chair to see in my pc and check it files website of anju.Quote:
Originally Posted by jur13n
Dude, I think Google Translator can speak better English than that. Please be clearer.Quote:
Originally Posted by jorklenis2
How does a translator speak?Quote:
Originally Posted by Chrisss
OT: code's a mess, but overall it's fine.
I tried re-creating any error you might have got, but I've ran into my own.Quote:
Originally Posted by jorklenis2
http://puu.sh/5juCa.png
Might be because of the Alt-Codes in the clan name (been testing alt codes =P)
The code:
Line 173-181:PHP Code:$emblem = clean($_POST['uploaded']) ;
$clid = clean($_POST['clan']);
$res = mssql_fetch_row(mssql_query("SELECT CLID, Name FROM Clan WHERE CLID = '$clid'"));
$date = date("Ymd_his");
$filename = basename($_FILES['uploaded']['name']);
$ext = GetFileExtension($filename);
$target1 = "emblem/{$res[0]}/{$res[1]}/";
mkdir($target1);
$target = "{$target1}{$date}.{$ext}";
PHP Code:if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
mssql_query ("UPDATE Clan SET EmblemUrl = '$target', MarkWebImg = '$target', EmblemCheckSum = EmblemCheckSum + 1 WHERE CLID = '$clid'");
alertbox($_STR[EmblemAlert05],"user");
} else
{
setmsg($_STR[Alert01],$_STR[EmblemAlert06]);
redirect("emblems");
}
with this code should not give any kind of error, but the problem still remains that any person comes here and upload the emblems without having a clan.Quote:
Originally Posted by wesman2232
PHP Code:<?
if($_SESSION['AID'] == "")
{
alertbox($_STR[AlertMsg02], "/");
}
include "secure/sec.inc.php";
?>
<div id="context">
<div id="emblem">
<? showmsg(); ?>
<? echo $_STR[Emblem01]; ?>
<div class="hr"></div>
<?
if(!isset($_POST['step1']) && !isset($_POST['step2']) && !isset($_POST['finish']))
{
SetTitle($_TIT[EmbStep1]);
echo '<form method="POST" action="emblems" name="step2">
<table width="100%" cellspacing="5" id="clanemblem">
<tr>
<td align="left" width="220">
<div>'.$_STR[EmblemLog01].':</div>
<div><input name="user" type="textfield" class="login2" value="'.$_SESSION[UserID].'"/></div>
</td>
<td align="left" width="400">
<div>'.$_STR[EmblemMsg01].'</div>
<div>'.$_STR[EmblemMsg02].'</div>
</td>
</tr>
<tr><td colspan="2"><div class="hr"></div></td></tr>
<tr>
<td align="left" width="220">
<div>'.$_STR[EmblemLog02].'</div>
<div><input name="pass" type="password" class="login2"/></div>
</td>
<td align="left" width="400"></td>
</tr>
<tr><td colspan="2"><div class="hr"></div></td></tr>
<tr>
<td colspan="2" align="right"><input name="step2" type="submit" value="'.$_STR[Button01].'"/></td>
</tr>
</table>
</form>';
} elseif(isset($_POST['step2']))
{
SetTitle($_TIT[EmbStep2]);
$user = clean($_POST['user']);
$pass = clean($_POST['pass']);
$err = 0;
$res = mssql_query("SELECT UserID, Password FROM Login WHERE UserID = '$user'");
$account = mssql_fetch_row($res);
if(empty($user))
{
$setmsg = $_STR[EmblemAlert01];
$err = 1;
} elseif(empty($pass))
{
$setmsg = $_STR[EmblemAlert02];
$err = 1;
} elseif($user <> $account[0] || $pass <> $account[1])
{
$setmsg = $_STR[EmblemAlert03];
$err = 1;
} elseif(mssql_num_rows($res) == 0)
{
$setmsg = $_STR[EmblemAlert04];
$err = 1;
} else
{
$err = 0;
}
if($err == 0)
{
$query = mssql_query("SELECT
Login.UserID, Login.Password,
ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM
ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID
INNER JOIN
Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID
WHERE
Login.UserID = '$user' AND Login.Password = '$pass' AND ClanMember.Grade = '1' AND (Clan.DeleteFlag = 0 OR Clan.DeleteFlag = NULL)");
echo '<form enctype="multipart/form-data" action="emblems" method="POST" name="finish">
<table width="100%" cellspacing="5" id="clanemblem">
<tr>
<td align="left" width="220">
<div>
'.$_STR[EmblemUp01].':
<input name="uploaded" type="file" class="login2"/>
</div>
<div>
'.$_STR[EmblemUp02].':
<select name="clan" class="login2">';
for($i='';$i < @mssql_num_rows($query);++$i)
{
$row = @mssql_fetch_row($query);
echo '<option value="'.$row[5].'">'.$row[4].'</option>' ;
}
echo'
</select>
</div>
</td>
<td align="left" width="400">'.$_STR[EmblemUpMsg01].'</td>
</tr>
<tr><td colspan="2"><div class="hr"></div></td></tr>
<tr>
<td colspan="2" align="right">
<input type="submit" name="finish" value="'.$_STR[Button15].'"/>
</td>
</tr>
</table>
</form>';
} else
{
setmsg($_STR[Alert01], $setmsg);
redirect("");
}
} elseif(isset($_POST['finish']))
{
SetTitle($_TIT[EmbStepF]);
$emblem = clean($_POST['uploaded']) ;
$clid = clean($_POST['clan']);
$res = mssql_fetch_row(mssql_query("SELECT CLID, Name FROM Clan WHERE CLID = '$clid'"));
$date = date("Ymd_his");
$filename = basename($_FILES['uploaded']['name']);
$ext = GetFileExtension($filename);
$target1 = "emblem/{$res[0]}/{$res[1]}/";
mkdir($target1);
$target = "{$target1}{$date}.{$ext}";
$err = 0;
if (!($_FILES['uploaded']['size'] < '1'))
{
$err = 0;
if(($_FILES['uploaded']['type'] == "image/jpeg"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/jpg"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/gif"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/png"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/bmp"))
{
$err = 0;
} else
{
$err = 1;
}
} else
{
$err = 1;
}
if($err == 0)
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
mssql_query ("UPDATE Clan SET EmblemUrl = '$target', MarkWebImg = '$target', EmblemCheckSum = EmblemCheckSum + 1 WHERE CLID = '$clid'");
alertbox($_STR[EmblemAlert05],"user");
} else
{
setmsg($_STR[Alert01],$_STR[EmblemAlert06]);
redirect("emblems");
}
} else
{
setmsg($_STR[Alert01],$_STR[EmblemAlert07]);
redirect("emblems");
}
}
?>
</div>
</div>
Well, I can tell you right now that it will have something to do with this part of the code:Quote:
Originally Posted by jorklenis2
It probably needs a check to see if the person is in the clan or not, or wether they are actually in a clan. Cause if I'm understanding you right, you're saying that anyone whos in the clan can upload them emblem even though they aren't the leader, anyone who doesn't have a clan can upload a emblem to any clan?PHP Code:$query = mssql_query("SELECT
Login.UserID, Login.Password,
ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM
ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID
INNER JOIN
Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID
WHERE
Login.UserID = '$user' AND Login.Password = '$pass' AND ClanMember.Grade = '1' AND (Clan.DeleteFlag = 0 OR Clan.DeleteFlag = NULL)");
Exactly correct what you say, a user who comes up emblem and the user has no clan, does not own, and it's just a normal user and has the privilege of uploading and this might be a spam.
upload images without use, there is no sense to create a call and say "you have not nigun clan and a clan you no leader to upload emblem".
I revise that part of the code and not, I think you should add a script called.
proof you try to create an account that has no clan and upload a picture and check the folder where the image you uploaded.Code:
$query = mssql_query("SELECT
Login.UserID, Login.Password,
ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM
ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID
INNER JOIN
Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID
WHERE
Wait, so any user can upload even if they aren't in a clan? Weird since there's a drop down menu to select the clan to upload to.Quote:
Originally Posted by jorklenis2
Idk.
If correct Check to see if you want to see, notice and Try it with an account that has no clan.Quote:
Originally Posted by wesman2232
I already tested this with an account that doesn't have any clan whatsoever, but still the same results (no option for them to upload an emblem to the clan). Not sure. People are actually having many different issues from every perspective of using this website.
Not so, the problem is one of the emblems, others have problems because they can not install the site.Quote:
Originally Posted by Anju
Very nice release GJ.