The latest version is only 2.6.0. Not sure if I ever stated that this is only been tested on AppServ 2.6.0
Printable View
The latest version is only 2.6.0. Not sure if I ever stated that this is only been tested on AppServ 2.6.0
Hi, this is something I always wanted to learn, how to edit this and add your modifications, as the text convertiro codes, I will not remove the credits just want to know how to do these codes like this below in the example image.
http://i39.tinypic.com/33jheeu.png
how to fix emblem upload, no detect the owner clan and upload emblem free, why?.
sorry for double post, is usrgent.
can you send me the website psd, I just got a nice layout for the homepage.
il create it and give it to you to code it.
The PSD is in the rar file if you just look.Quote:
Originally Posted by prnx
Quote:
Originally Posted by jorklenis2
I'll take a look at the code when I get up. Need sleep.
I'll release a security patch update for this once I have some more time.
It's a nice release but contains some vulnerabilities, keep up the good work though and keep on training.
Quote:
Originally Posted by Dave
I like to look good I'll sit this website and repair their mistakes, I appreciate their performance.Quote:
Originally Posted by wesman2232
You're gonna sit on some files?Quote:
Originally Posted by jorklenis2
how?
please teach me, oh master of the English language.
I mean I sit in my chair to see in my pc and check it files website of anju.Quote:
Originally Posted by jur13n
Dude, I think Google Translator can speak better English than that. Please be clearer.Quote:
Originally Posted by jorklenis2
How does a translator speak?Quote:
Originally Posted by Chrisss
OT: code's a mess, but overall it's fine.
I tried re-creating any error you might have got, but I've ran into my own.Quote:
Originally Posted by jorklenis2
http://puu.sh/5juCa.png
Might be because of the Alt-Codes in the clan name (been testing alt codes =P)
The code:
Line 173-181:PHP Code:$emblem = clean($_POST['uploaded']) ;
$clid = clean($_POST['clan']);
$res = mssql_fetch_row(mssql_query("SELECT CLID, Name FROM Clan WHERE CLID = '$clid'"));
$date = date("Ymd_his");
$filename = basename($_FILES['uploaded']['name']);
$ext = GetFileExtension($filename);
$target1 = "emblem/{$res[0]}/{$res[1]}/";
mkdir($target1);
$target = "{$target1}{$date}.{$ext}";
PHP Code:if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
mssql_query ("UPDATE Clan SET EmblemUrl = '$target', MarkWebImg = '$target', EmblemCheckSum = EmblemCheckSum + 1 WHERE CLID = '$clid'");
alertbox($_STR[EmblemAlert05],"user");
} else
{
setmsg($_STR[Alert01],$_STR[EmblemAlert06]);
redirect("emblems");
}
with this code should not give any kind of error, but the problem still remains that any person comes here and upload the emblems without having a clan.Quote:
Originally Posted by wesman2232
PHP Code:<?
if($_SESSION['AID'] == "")
{
alertbox($_STR[AlertMsg02], "/");
}
include "secure/sec.inc.php";
?>
<div id="context">
<div id="emblem">
<? showmsg(); ?>
<? echo $_STR[Emblem01]; ?>
<div class="hr"></div>
<?
if(!isset($_POST['step1']) && !isset($_POST['step2']) && !isset($_POST['finish']))
{
SetTitle($_TIT[EmbStep1]);
echo '<form method="POST" action="emblems" name="step2">
<table width="100%" cellspacing="5" id="clanemblem">
<tr>
<td align="left" width="220">
<div>'.$_STR[EmblemLog01].':</div>
<div><input name="user" type="textfield" class="login2" value="'.$_SESSION[UserID].'"/></div>
</td>
<td align="left" width="400">
<div>'.$_STR[EmblemMsg01].'</div>
<div>'.$_STR[EmblemMsg02].'</div>
</td>
</tr>
<tr><td colspan="2"><div class="hr"></div></td></tr>
<tr>
<td align="left" width="220">
<div>'.$_STR[EmblemLog02].'</div>
<div><input name="pass" type="password" class="login2"/></div>
</td>
<td align="left" width="400"></td>
</tr>
<tr><td colspan="2"><div class="hr"></div></td></tr>
<tr>
<td colspan="2" align="right"><input name="step2" type="submit" value="'.$_STR[Button01].'"/></td>
</tr>
</table>
</form>';
} elseif(isset($_POST['step2']))
{
SetTitle($_TIT[EmbStep2]);
$user = clean($_POST['user']);
$pass = clean($_POST['pass']);
$err = 0;
$res = mssql_query("SELECT UserID, Password FROM Login WHERE UserID = '$user'");
$account = mssql_fetch_row($res);
if(empty($user))
{
$setmsg = $_STR[EmblemAlert01];
$err = 1;
} elseif(empty($pass))
{
$setmsg = $_STR[EmblemAlert02];
$err = 1;
} elseif($user <> $account[0] || $pass <> $account[1])
{
$setmsg = $_STR[EmblemAlert03];
$err = 1;
} elseif(mssql_num_rows($res) == 0)
{
$setmsg = $_STR[EmblemAlert04];
$err = 1;
} else
{
$err = 0;
}
if($err == 0)
{
$query = mssql_query("SELECT
Login.UserID, Login.Password,
ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM
ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID
INNER JOIN
Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID
WHERE
Login.UserID = '$user' AND Login.Password = '$pass' AND ClanMember.Grade = '1' AND (Clan.DeleteFlag = 0 OR Clan.DeleteFlag = NULL)");
echo '<form enctype="multipart/form-data" action="emblems" method="POST" name="finish">
<table width="100%" cellspacing="5" id="clanemblem">
<tr>
<td align="left" width="220">
<div>
'.$_STR[EmblemUp01].':
<input name="uploaded" type="file" class="login2"/>
</div>
<div>
'.$_STR[EmblemUp02].':
<select name="clan" class="login2">';
for($i='';$i < @mssql_num_rows($query);++$i)
{
$row = @mssql_fetch_row($query);
echo '<option value="'.$row[5].'">'.$row[4].'</option>' ;
}
echo'
</select>
</div>
</td>
<td align="left" width="400">'.$_STR[EmblemUpMsg01].'</td>
</tr>
<tr><td colspan="2"><div class="hr"></div></td></tr>
<tr>
<td colspan="2" align="right">
<input type="submit" name="finish" value="'.$_STR[Button15].'"/>
</td>
</tr>
</table>
</form>';
} else
{
setmsg($_STR[Alert01], $setmsg);
redirect("");
}
} elseif(isset($_POST['finish']))
{
SetTitle($_TIT[EmbStepF]);
$emblem = clean($_POST['uploaded']) ;
$clid = clean($_POST['clan']);
$res = mssql_fetch_row(mssql_query("SELECT CLID, Name FROM Clan WHERE CLID = '$clid'"));
$date = date("Ymd_his");
$filename = basename($_FILES['uploaded']['name']);
$ext = GetFileExtension($filename);
$target1 = "emblem/{$res[0]}/{$res[1]}/";
mkdir($target1);
$target = "{$target1}{$date}.{$ext}";
$err = 0;
if (!($_FILES['uploaded']['size'] < '1'))
{
$err = 0;
if(($_FILES['uploaded']['type'] == "image/jpeg"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/jpg"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/gif"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/png"))
{
$err = 0;
} elseif(($_FILES['uploaded']['type'] == "image/bmp"))
{
$err = 0;
} else
{
$err = 1;
}
} else
{
$err = 1;
}
if($err == 0)
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
mssql_query ("UPDATE Clan SET EmblemUrl = '$target', MarkWebImg = '$target', EmblemCheckSum = EmblemCheckSum + 1 WHERE CLID = '$clid'");
alertbox($_STR[EmblemAlert05],"user");
} else
{
setmsg($_STR[Alert01],$_STR[EmblemAlert06]);
redirect("emblems");
}
} else
{
setmsg($_STR[Alert01],$_STR[EmblemAlert07]);
redirect("emblems");
}
}
?>
</div>
</div>
Well, I can tell you right now that it will have something to do with this part of the code:Quote:
Originally Posted by jorklenis2
It probably needs a check to see if the person is in the clan or not, or wether they are actually in a clan. Cause if I'm understanding you right, you're saying that anyone whos in the clan can upload them emblem even though they aren't the leader, anyone who doesn't have a clan can upload a emblem to any clan?PHP Code:$query = mssql_query("SELECT
Login.UserID, Login.Password,
ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM
ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID
INNER JOIN
Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID
WHERE
Login.UserID = '$user' AND Login.Password = '$pass' AND ClanMember.Grade = '1' AND (Clan.DeleteFlag = 0 OR Clan.DeleteFlag = NULL)");
Exactly correct what you say, a user who comes up emblem and the user has no clan, does not own, and it's just a normal user and has the privilege of uploading and this might be a spam.
upload images without use, there is no sense to create a call and say "you have not nigun clan and a clan you no leader to upload emblem".
I revise that part of the code and not, I think you should add a script called.
proof you try to create an account that has no clan and upload a picture and check the folder where the image you uploaded.Code:
$query = mssql_query("SELECT
Login.UserID, Login.Password,
ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID FROM
ClanMember INNER JOIN Clan ON ClanMember.CLID = Clan.CLID
INNER JOIN
Login INNER JOIN Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID
WHERE