Printable View
Version 3 clan files im using and i get this error.
http://73.138.89.131:8080/clanfiles/...beh&ticket=827
Parse error: syntax error, unexpected '}' in C:\AppServ\www\clanfiles\ServerMain\isClanMember.php on line 19
Any suggestions on how to fix?
Update: fixed the syntax by just deleting the db connection detect you added in v3, no errors but when i make clans it takes my money and then doesnt make my clan into database, not sure what im doing wrong.
the db connection detect was to prevent it trying to run when it couldnt reach the db, i'll adjust and reupload when I get a chance,
relog and see if the char is in a clan after relog, I found error 11 came up when there wasnt an image file available. (clancontent folder)
- - - Updated - - -
Found my mistake, On line 18, add a semi colon (;) at the end of the line, so it looks like this
- - - Updated - - -Code:if (!$dbconn)
{
die("Code=100$CR");
}
anyway, isClanMember is not part of adding a char to a clan, thats only on log on / in game to check if the member is in a clan,
Did you set the sql connection string correctly in Clan/claninsert.php ?? (Lines 6,7,8)
- - - Updated - - -
re-upped with V4,
Added some helpful error handling in claninsert.php
Made it write to the error log if its got issues.
New zip is smaller than previous so maybe i have an outdated servermain folder, will compare and re-up if different.
code for claninsert is now...
Code:<?php
/**
* ClanInsert PHP Script
* Written By EuphoriA / Phatkone
**/
$server = "PTSERVER/SQLEXPRESS";
//Enter SQL Instance or IP with port (i.e. 192.168.0.1,1433)
$UID = 'USERID';
// Enter User ID For SQL Login
$PWD = 'PASSWORD';
// Enter SQL Password
/*** Main Script - Nothing needs to be edited past here.**/
$dbconn = sqlsrv_connect($server, array('UID' => "$UID", 'PWD' => "$PWD", 'CharacterSet' => 'UTF-8'));$CR = chr(13); $errorlog = ini_get('php_errors');
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
if ($dbconn)
{
if (isset($_GET))
{
$userid = isset($_GET['userid'])? $_GET['userid']:"";
$gserver = isset($_GET['gserver'])? $_GET['gserver']:"";
$chname = isset($_GET['chname'])? $_GET['chname']:"";
$clname = isset($_GET['clName'])? $_GET['clName']:"";
$chtype = isset($_GET['chtype'])? $_GET['chtype']:"";
$lv = isset($_GET['lv'])? $_GET['lv']:"";
$ticket = isset($_GET['ticket'])? $_GET['ticket']:"";
$expl = "Pristontale Clan";
if ($userid=="" || $gserver =="" || $chname=="" || $clname=="" || $chtype=="" || $lv=="" || $ticket=="")
{
print("Code=102".$CR);
error_log('Missing GET Value', $errorlog);
die;
}
$ctcheck = "SELECT SNo FROM clandb.dbo.CT WHERE ChName='$chname' AND UserID='$userid'";
$tticket = sqlsrv_query($dbconn, $ctcheck, array());
$tticket1 = sqlsrv_fetch_array($tticket);
if ($ticket != $tticket1[0])
{
print("Code=101".$CR);
sqlsrv_close($dbconn);
error_log('Ticket does not match value in CT Database',$errorlog);
die;
}
$clancheck = "SELECT ClanName FROM clandb.dbo.UL WHERE ChName='$chname'";
$clancheck1 = sqlsrv_query($dbconn, $clancheck);
if ($clancheck1 != "")
{
$delete = "DELETE FROM clandb.dbo.UL WHERE ChName='$chname'";
} else {
print("Code=2".$CR."CMoney=0".$CR);
sqlsrv_close($dbconn);
die;
}
$leader = "SELECT ClanZang FROM clandb.dbo.CL WHERE ClanName='$clname'";
$leadercheck = sqlsrv_query($dbconn, $leader);
$leadercheck1 = sqlsrv_fetch_array($leadercheck);
if ($leadercheck1[0] != "")
{
sqlsrv_close($dbconn);
print("Code=3".$CR."CMoney=0".$CR);
die;
}
$LI = "SELECT IMG FROM clandb.dbo.LI WHERE ID=1";
$IMG = sqlsrv_query($dbconn,$LI, array());
$IMG1 = sqlsrv_fetch_array($IMG);
if ($IMG1[0] != "")
{
$iIMG = $IMG1[0];
} else {
$iIMG = 1000000000;
$imginsert = "INSERT INTO clandb.dbo.LI ('$iIMG','1')";
sqlsrv_query($dbconn,$imginsert);
}
$iIMG = $iIMG + 1;
$imginsert = "UPDATE clandb.dbo.LI SET IMG='$iIMG' WHERE ID=1";
sqlsrv_query($dbconn, $imginsert);
$IDX = "SELECT MAX(IDX) FROM clandb.dbo.CL";
$IDX1 = sqlsrv_query($dbconn,$IDX, array());
$IDX2 = sqlsrv_fetch_array($IDX1);
$iIDX = 0;
if ($IDX2[0] != "")
{
$iIDX = $IDX2[0];
}
$iIDX = @$iIDX + 1;
$sdate = date("Y-m-d");
$edate = date('Y-m-d', strtotime('+20 years'));
/* Check if IDX Value auto increments in CL table */
$autoidxquery = "SELECT is_identity FROM sys.columns WHERE object_id = object_id('clandb.dbo.cl') AND name = 'IDX'";
$autoidxresult = sqlsrv_query($dbconn, $autoidxquery, array());
$autoidxresult = sqlsrv_fetch_array($autoidxresult);
if ($autoidxresult[0] == 1)
{
$CLInsert = "INSERT INTO clandb.dbo.CL ([ClanName],[UserID],[ClanZang],[MemCnt],[Note],[MIconCnt],[RegiDate],[LimitDate],[DelActive],[PFlag],[KFlag],[Flag],[NoteCnt],[Cpoint],[CWin],[CFail],[ClanMoney],[CNFlag],[SiegeMoney]) values('$clname','$userid','$chname','1','$expl','$iIMG','$sdate','$edate','0','0','0','0','1','0','0','0','0','0','0')";
}
else
{
$CLInsert = "INSERT INTO clandb.dbo.CL ([IDX],[ClanName],[UserID],[ClanZang],[MemCnt],[Note],[MIconCnt],[RegiDate],[LimitDate],[DelActive],[PFlag],[KFlag],[Flag],[NoteCnt],[Cpoint],[CWin],[CFail],[ClanMoney],[CNFlag],[SiegeMoney]) values('$iIDX','$clname','$userid','$chname','1','$expl','$iIMG','$sdate','$edate','0','0','0','0','1','0','0','0','0','0','0')";
}
sqlsrv_query($dbconn, $CLInsert);
$IDXCheck = "SELECT IDX FROM clandb.dbo.CL WHERE ClanName='$clname'";
$IDXC = sqlsrv_query($dbconn, $IDXCheck, array());
$IDXC1 = sqlsrv_fetch_array($IDXC);
if ($IDXC1[0] != "")
{
$IDX = $IDXC1[0];
}
$autoidxquery = "SELECT is_identity FROM sys.columns WHERE object_id = object_id('clandb.dbo.ul') AND name = 'IDX'";
$autoidxresult = sqlsrv_query($dbconn, $autoidxquery, array());
$autoidxresult = sqlsrv_fetch_array($autoidxresult);
if ($autoidxresult[0] == 1)
{
$ULInsert = "INSERT INTO clandb.dbo.UL ([MIDX],[userid],[ChName],[ClanName],[ChType],[ChLv],[Permi],[JoinDate],[DelActive],[PFlag],[KFlag],[MIconCnt]) values('3','$userid','$chname','$clname','$chtype','$lv','0','$sdate','0','0','0','$iIMG')";
}
else
{
$ULInsert = "INSERT INTO clandb.dbo.UL ([IDX],[MIDX],[userid],[ChName],[ClanName],[ChType],[ChLv],[Permi],[JoinDate],[DelActive],[PFlag],[KFlag],[MIconCnt]) values('$IDX','3','$userid','$chname','$clname','$chtype','$lv','0','$sdate','0','0','0','$iIMG')";
}
sqlsrv_query($dbconn,$ULInsert);
print("Code=1".$CR."CMoney=500000".$CR);
sqlsrv_close($dbconn);
}
else
{
print "Missing GET Data";
}
}
else
{
sqlsrv_close($dbconn);
print("Code=103".$CR);
print("Unable To Connect");\
die;
}
?>
Okay so clans work, but when i go to invite somone it will not insert them into UL database, any clue why?
Hi guys, unable to connect to MSSQL 2008 R2 in VPS. Everything runs smoothly if I set up on local machine.
VPS OS is Windows Server 2012, not sure if that has anything to do with it.
Here is the error I am getting:
51.255.167.106:8080/clanfiles/Clan/clanInsert.php?userid=morrk&gserver=TestServer1&chname=Snow&clName=Westeros&expl=\xbc\xb3\xb8\xed\xbe\xf8\xc0\xbd.&ticket=467&chtype=4&lv=73
Any help would be greatly appreciated!
Update Version 5
- Auto creates the clan image when creating the clan (do not rename nor move the template file that is attached).
- fixed bug with deleting chars (wouldnt work if name had square brackets)
- have fixed the ability to kick multiple people at once.
just a question, is this sql inection safe proof? Also, you should REALLY look into parameterized queries. Building queries like this: "SELECT * FROM bla WHERE bla2 = '".$bla."' " is a really no no.
You know, I could take over your entire server by just using sqlmap =) (if this is sql injectable, of course)
Missing GET Data how to fix this
SOD2.PHP . Warning: sqlsrv_num_rows() expects parameter 1 to be resource, boolean given in C:\inetpub\wwwroot\Clan\sod2.php on line 42
@pukapukay the missing get data is because you're not sending the full query to it (%ipaddress%/clan/claninsert.php?gserver=%%%&chname=%%%% etc etc etc)
pull the query from your IIS logs (like i told you in discord)
you can't just browse to the php page and expect a response, it needs the GET data to go with it.... (how else will it know what the clan is and what char???)
@SheenBR for a lot i had been utilising the filter_input_array to sanitise the strings to prevent XSS,
I had been looking at the PDO method, but it confuses me a bit, what is it doing differently? nothing I've read has given a definitive description. I understand you utilise the "prepare" command, but what is that actually doing? it send the query through but doesnt execute it?
- - - Updated - - -
i'll convert to pdo anyway. was looking to do that for the rest of mine anyway as it seems like a better cross platform method (mysql, oracle etc)
newly updated files.
now in pdo format with string cleansing to prevent sql injection.
requires php sqlsrv pdo to work.
still want to do more tinkering with sod2.php to make it sort out clan money etc but that can wait (also to update the wins and losses column)
but ill do that next time i feel energetic.
you could use github to upload the files =)
ill check them later
yea i have a repository on gitlab (dont have to pay to have private repos), will back them up there later
- - - Updated - - -
Ok I've created a GitLab repo for it,
https://gitlab.com/Phatkone/RageZone
I'll update original post with it.
i cant see the source there xD
I think i set it that logged in members can view.Quote:
Originally Posted by SheenBR