[Release] Simple Clan Emblem Upload Script

[Rotana]

I've got the latest php.ini. Whats wrong with that?

I need to check that.

I have tested this webpage in Xampp and wamp works fine in both.

[rodanio14]

Maybe thats why it dosnt work for me i use appserv

[WGFreak]

I found out how to fix it. Change all the <? to <?php.

[sexy fire slash]

and where excatly do whe put <php?

[Amandy]

WGFreak That doesn't really matter Just Enable Short Open tags : ) and if its

Code:

 <?

or

Code:

<?php

that wouldn't matter.

[WGFreak]

WGFreak That doesn't really matter Just Enable Short Open tags : ) and if its

Code:

 <?

or

Code:

<?php

that wouldn't matter.

yes it does. Some people's script is not working because of that.

[Amandy]

maybe you should edit your php.ini to allow short open tags .

[Joe9099]

Yer where we edit this??

[sexy fire slash]

Hahahaha. Maybe It's Cause You Didnt Do. index.php?step=1

[WGFreak]

Hahahaha. Maybe It's Cause You Didnt Do. index.php?step=1

who??

[mitor]

I get the same thing. I have no idea why it didnt work for me. I did everything right in config.php.

For Fix

In index.php:

Code:

<link href="default.css" rel="stylesheet" type="text/css" />
<div align="center">
<br />
<br />
<hr />
<?
include ("config.php");
include ("sec.php");
$conn = @mssql_connect($DBHost, $DBUser, $DBPass); 
@mssql_select_db($DB); 



if (isset($_GET['step'])) {
    $argv = explode('-',$_GET['step']);
    settype($argv,'array'); 
    $_GET['step'] = @$argv[0];
    $_GET['url'] = @$argv[1];
    $_GET['do'] = @$argv[2];
    $_GET['mess'] = @$argv[3];
}
$step = !isset($_GET['step']) ? home : $_GET['step'] ;
        if ($step == '1') { echo'

<FORM METHOD=POST ACTION="?emblem=index&step=2">
  <p>Enter your user ID: 
    <input name="user" type="textfield" />    <BR />
    Enter your password:
    <input name="pass" type="textfield" />
  </p>
    <p><br />
    <input type="submit" value="submit" />
  </p>
</form> '; 
 } if ($step == '2') { 
 
$user1 = anti_injection($_POST['user']);
$pass1 = anti_injection($_POST['pass']);
    if (valida(Array($user1,$pass1)) == TRUE)
{

 $query = mssql_query("SELECT AID From Login Where UserID = '$user1' AND Password = '$pass1' ");
            while($r = mssql_fetch_array($query)){
if (mssql_num_rows($query) == 1){
                        
                        $query2 = mssql_query("
SELECT     Login.UserID, Login.Password, ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID
FROM         ClanMember INNER JOIN
                      Clan ON ClanMember.CLID = Clan.CLID INNER JOIN
                      Login INNER JOIN
                      Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID Where Login.UserID = '$user1' and Login.Password = '$pass1' and ClanMember.Grade = '1' ");
                      if (mssql_num_rows($query2) >= '1'){
                      echo '<form enctype="multipart/form-data" action="?emblem=index&step=done" method="POST">
  <p>Please choose a file: 
    <input name="uploaded" type="file" />
  </p>
  <p><br />
    <input type="submit" value="Upload" />
    </p><select name="clan">'
;
                            for($i='';$i < @mssql_num_rows($query2);++$i){
                            $row = @mssql_fetch_row($query2);
                            $ClanName = $row[4];
                            echo '<option value="'.$row[4].'">';echo $row[4];echo'</option>' ;
                            

                            }echo'</select></form>';
                            }}else { echo " ERROR GEEN CLAN ";} }
                            }
            ;
        }  
    
    ; 
    
    if ($step == 'done') {                   
    $emblem = $_POST['uploaded'] ;
    $CLID = $_POST['clan'];
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if (!($_FILES['uploaded']['size']  > '9500'))
{
//echo "Your file is too large.<br>";
$ok=1;
if(($_FILES['uploaded']['type'] == "image/jpeg"))
{ 
$ok=1;
//echo "Wrong file type.<br>";
}
if(($_FILES['uploaded']['type'] == "image/GIF"))
{ 
$ok=1;
//echo "Wrong file type.<br>";
}
if(($_FILES['uploaded']['type'] == "image/PNG"))
{ 
$ok=1;
//echo "Wrong file type.<br>";
}
}
else { $ok=0;}

//


if ($ok==0)
{
echo "Sorry your file was not uploaded<br />";
echo "Please check the file size or file type";
}
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ".basename( $_FILES['uploadedfile']['name']). " has been uploaded<br />";
echo "You may close this window now";
mssql_query ("UPDATE Clan SET EmblemChecksum = EmblemChecksum + 1 WHERE Name = '$CLID'");
mssql_query ("UPDATE Clan SET EmblemUrl = 'upload/".$target."' WHERE Name = '$CLID'");
}
else
{
echo "Sorry, there was a problem uploading your file.";
}}
};
?>
</div>
<hr />

change <? to <?php

for me work xD

But in Step 2 Give me:
Fatal error: Call to undefined function anti_injection() in C:\wamp\www\GunzWeb\emblem\index.php on line 37
lol

[WGFreak]

For Fix

In index.php:

Code:

<link href="default.css" rel="stylesheet" type="text/css" />
<div align="center">
<br />
<br />
<hr />
<?
include ("config.php");
include ("sec.php");
$conn = @mssql_connect($DBHost, $DBUser, $DBPass); 
@mssql_select_db($DB); 



if (isset($_GET['step'])) {
    $argv = explode('-',$_GET['step']);
    settype($argv,'array'); 
    $_GET['step'] = @$argv[0];
    $_GET['url'] = @$argv[1];
    $_GET['do'] = @$argv[2];
    $_GET['mess'] = @$argv[3];
}
$step = !isset($_GET['step']) ? home : $_GET['step'] ;
        if ($step == '1') { echo'

<FORM METHOD=POST ACTION="?emblem=index&step=2">
  <p>Enter your user ID: 
    <input name="user" type="textfield" />    <BR />
    Enter your password:
    <input name="pass" type="textfield" />
  </p>
    <p><br />
    <input type="submit" value="submit" />
  </p>
</form> '; 
 } if ($step == '2') { 
 
$user1 = anti_injection($_POST['user']);
$pass1 = anti_injection($_POST['pass']);
    if (valida(Array($user1,$pass1)) == TRUE)
{

 $query = mssql_query("SELECT AID From Login Where UserID = '$user1' AND Password = '$pass1' ");
            while($r = mssql_fetch_array($query)){
if (mssql_num_rows($query) == 1){
                        
                        $query2 = mssql_query("
SELECT     Login.UserID, Login.Password, ClanMember.Grade, Clan.EmblemUrl, Clan.Name, Clan.CLID
FROM         ClanMember INNER JOIN
                      Clan ON ClanMember.CLID = Clan.CLID INNER JOIN
                      Login INNER JOIN
                      Character ON Login.AID = Character.AID ON ClanMember.CID = Character.CID Where Login.UserID = '$user1' and Login.Password = '$pass1' and ClanMember.Grade = '1' ");
                      if (mssql_num_rows($query2) >= '1'){
                      echo '<form enctype="multipart/form-data" action="?emblem=index&step=done" method="POST">
  <p>Please choose a file: 
    <input name="uploaded" type="file" />
  </p>
  <p><br />
    <input type="submit" value="Upload" />
    </p><select name="clan">'
;
                            for($i='';$i < @mssql_num_rows($query2);++$i){
                            $row = @mssql_fetch_row($query2);
                            $ClanName = $row[4];
                            echo '<option value="'.$row[4].'">';echo $row[4];echo'</option>' ;
                            

                            }echo'</select></form>';
                            }}else { echo " ERROR GEEN CLAN ";} }
                            }
            ;
        }  
    
    ; 
    
    if ($step == 'done') {                   
    $emblem = $_POST['uploaded'] ;
    $CLID = $_POST['clan'];
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if (!($_FILES['uploaded']['size']  > '9500'))
{
//echo "Your file is too large.<br>";
$ok=1;
if(($_FILES['uploaded']['type'] == "image/jpeg"))
{ 
$ok=1;
//echo "Wrong file type.<br>";
}
if(($_FILES['uploaded']['type'] == "image/GIF"))
{ 
$ok=1;
//echo "Wrong file type.<br>";
}
if(($_FILES['uploaded']['type'] == "image/PNG"))
{ 
$ok=1;
//echo "Wrong file type.<br>";
}
}
else { $ok=0;}

//


if ($ok==0)
{
echo "Sorry your file was not uploaded<br />";
echo "Please check the file size or file type";
}
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ".basename( $_FILES['uploadedfile']['name']). " has been uploaded<br />";
echo "You may close this window now";
mssql_query ("UPDATE Clan SET EmblemChecksum = EmblemChecksum + 1 WHERE Name = '$CLID'");
mssql_query ("UPDATE Clan SET EmblemUrl = 'upload/".$target."' WHERE Name = '$CLID'");
}
else
{
echo "Sorry, there was a problem uploading your file.";
}}
};
?>
</div>
<hr />

change <? to <?php

for me work xD

But in Step 2 Give me:
Fatal error: Call to undefined function anti_injection() in C:\wamp\www\GunzWeb\emblem\index.php on line 37
lol

DO the same on sec.php. Change <? to <?php

[Joe9099]

LMFAO!

i tested and came up with ":: You have attempt to SQL inject. Log saved and sended to the webmaster ::
error"

EDIT: ok got it working for page 1 but page 2 gives nothing but 2 links across the page

[darkxl]

humm?

[Amandy]

That's Plain and simple you don't have a Clan or your not the Clan Leader ..