So how do you fix the motto exploit. Where you fix the alert code for it.
I did it for my online page by adding $motto = htmlspecialchars($randomHabbo['motto']);
But my staff page doesn't have what my online page had..
Staff code:
Can someone help me?Code:<?php $GetRanks = mysql_query("SELECT id, name FROM ranks WHERE id > 3 ORDER BY id DESC"); while($Ranks = mysql_fetch_assoc($GetRanks)) { echo "<div class=\"habblet-container \"><div class=\"cbb clearfix blue \"><h2 class=\"title\">{$Ranks['name']}</h2><div style=\"padding:5px\"><p>"; $GetUsers = mysql_query("SELECT username, rank, last_online, online, look FROM users WHERE rank = {$Ranks['id']}"); while($Users = mysql_fetch_assoc($GetUsers)) { if($Users['online'] == 1){ $OnlineStatus = "<font color=\"darkgreen\"><b>Online</b></font>"; } else { $OnlineStatus = "<font color=\"darkred\"><b>Offline</b></font>"; } echo "<img style=\"position:absolute;\" src=\"https://www.habbo.nl/habbo-imaging/avatarimage?figure={$Users['look']}&action=wav&direction=2&head_direction=3&gesture=srp\">" ."<p style=\"margin-left:80px;margin-top:20px;\">Username: <strong>{$Users['username']}</strong><br>Motto: <strong>{$Users['motto']}</strong><br><small>Last Online: ". date("D, d F Y H:i (P)", $Users['last_online']) ."</small></p>" ."<p style=\"float:right;margin-top:-30px;margin-right:5px;\">{$OnlineStatus}</p><br><br><br>"; } echo "</div></div></div>"; } ?>
Reply With Quote
