Foro de elhacker.net

Programación => PHP => Mensaje iniciado por: araque615 en 25 Octubre 2015, 16:14 pm


Título: Alguien me ayuda?
Publicado por: araque615 en 25 Octubre 2015, 16:14 pm
Muy buenas, quisiera que alguien me ayudase con esto, quisiera modificar los datos de un tabla, pero los códigos que uso no hacen nada, si alguien fuera tan amable, acá os paso el archivo conexion y el function.

Código
  1. <?php
  3. ###################################################
  4. // SQL Config
  5. ###################################################
  6. $info = array	(
  7. 				'hostname' => 'localhost', // Host
  8. 				'username' => 'root', // User
  9. 				'password' => '', // Password
  10. 				'database' => 'apk', // Database Name
  11. 				'path' => '', // URL
  12. 				'path_images' => 'http://localhost/styles/beta', // URL of Styles And Images
  13. 				'path_hk' => 'http://localhost/housekeeping',
  14. 				'badges_image' => 'http://habboo-a.akamaihd.net/c_images/album1584/',
  15. 				'name' => 'xd', // Hotel Name
  16. 				'Me_Ad' => 'xd', // Text me
  17. 				'footer' => 'xd'
  18. 				);
  19. ###################################################
  20. // SQL Connect
  21. ###################################################
  22. mysql_connect ($info['hostname'], $info['username'], $info['password']) or die(mysql_error()); 
  23. mysql_select_db($info['database']) or die(mysql_error());
  24. mysql_query("SET NAMES 'utf8'");
  25. ###################################################
  26. ini_set('display_errors', 0);
  27. require_once 'functions.php';
  28. $function=new functions();
  29. ###################################################
  30. // Usuarios Online
  31. ###################################################
  32. $ons = mysql_fetch_assoc(mysql_query("SELECT * FROM server_status"));
  33. ###################################################
  34. // Definiciones
  35. ###################################################
  36. $H = date('H');
  37. $i = date('i');
  38. $s = date('s');
  39. $m = date('m');
  40. $d = date('d');
  41. $Y = date('Y');
  42. $j = date('j');
  43. $n = date('n');
  44. $today = $d;
  45. $month = $m;
  46. $year = $Y;
  47. $getmoney_date = date('d.m.Y',mktime($m,$d,$Y));
  48. $birthday_date = date('d.m', mktime($m,$d));
  49. $date_normal = date('d.m.Y',mktime($m,$d,$Y));
  50. $date_full = date('d.m.Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));
  51. define("KrCMS", TRUE);
  52. define("PATH", $info['path']);
  53. define("PATH_I", $info['path_images']);
  54. define("PATH_HK", $info['path_hk']);
  55. define("AvatarI", "http://www.habbo.nl/habbo-imaging/avatarimage?figure=");
  56. define("Name", $info['name']);
  57. define("BETA", TRUE);
  58. define('CHARSET','UTF-8');
  59. define('UsersOnline', $ons['users_online']);
  60. ###################################################
  61. header('Content-type: text/html; charset='.CHARSET);
  62. ###################################################
  63. if($html == true){
  64. 	if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
  65. 		foreach($_POST as $key => $p){
  66. 			$_POST[$key] = htmlentities($function->filternews($p));
  67. 			$_POST[$key] = mysql_real_escape_string($function->filternews($p));
  68. 			$_POST[$key] = $function->filternews(html_entity_decode($p));
  69. 		}
  70. 		//Filtro las entradas vía GET
  71. 		foreach($_GET as $key => $g){	
  72. 			$_GET[$key] = mysql_real_escape_string($function->filternews($g));
  73. 		}
  74. 		foreach($_COOKIE as $key => $s){	
  75. 			$_COOKIE[$key] = mysql_real_escape_string($function->filternews($s));
  76. 		}
  77. 		//Filtro las entradas vía REQUEST
  78. 		foreach($_REQUEST as $key => $k){
  79. 			$_REQUEST[$key] = mysql_real_escape_string($function->filternews($k));
  80. 		}
  81. 	}if(isset($_GET)){
  82. 		//Filtro las entradas vía GET
  83. 		foreach($_GET as $key => $f){	
  84. 			$_GET[$key] = strip_tags(htmlentities($function->filternews($f)));
  85. 		}
  86. 	}
  87. }else{
  88. 	if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
  89. 		foreach($_POST as $key => $p){
  90. 			$_POST[$key] = htmlentities($function->filter($p));
  91. 			$_POST[$key] = mysql_real_escape_string($function->filter($p));
  92. 			$_POST[$key] = $function->filter(html_entity_decode($p));
  93. 		}
  94. 		//Filtro las entradas vía GET
  95. 		foreach($_GET as $key => $g){	
  96. 			$_GET[$key] = mysql_real_escape_string($function->filter($g));
  97. 		}
  98. 		foreach($_COOKIE as $key => $s){	
  99. 			$_COOKIE[$key] = mysql_real_escape_string($function->filter($s));
  100. 		}
  101. 		//Filtro las entradas vía REQUEST
  102. 		foreach($_REQUEST as $key => $k){
  103. 			$_REQUEST[$key] = mysql_real_escape_string($function->filter($k));
  104. 		}
  105. 	}if(isset($_GET)){
  106. 		//Filtro las entradas vía GET
  107. 		foreach($_GET as $key => $f){	
  108. 			$_GET[$key] = strip_tags(htmlentities($function->filter($f)));
  109. 		}
  110. 	}
  111. }
  112.  
  113. if($function->checkLogin($_SESSION['username'], $_SESSION['password'])){
  114. 	$u = $function->filter($_SESSION['username']);
  115. 	//$a = mysql_query("SELECT username, motto, password, look, id, last_online, online, rank, credits FROM users WHERE username = '{$u}' LIMIT 1");
  116. 	$a = mysql_query("SELECT * FROM users WHERE username = '{$u}' LIMIT 1");
  117. 	$myrow = mysql_fetch_assoc($a);
  118. 	if($function->CheckBanned($_SESSION['username'], $function->GetIP())){
  119. 		$error = $_SESSION['BAN_LOGIN_ERROR'];
  120. 		$_SESSION['W_LOGIN_ERROR'] = $error;
  121. 		$bu = $_SESSION['username'];
  122. 		unset($_SESSION['BAN_LOGIN_ERROR']);
  123. 		unset($_SESSION['username']);
  124. 		unset($_SESSION['password']);
  125.  
  126. 		header("LOCATION: ". PATH ."/?username=". $bu ."&rememberme=false&focus=login-username");
  128. 	}
  129. 	if($myrow['rank'] > '5'){
  130. 		mysql_query("INSERT INTO private_logs (id,user,time,description,ip) VALUES (NULL,'{$myrow['username']}','{$date_full}','En el archivo: {$_SERVER['PHP_SELF']} con rango: {$myrow['rank']}','{$function->GetIP()}')");
  131. 	}
  132. }else{
  133. 	$myrow['username'] = "Guest";
  134. }
  135. ###################################################
  136. ?>

Código
  1. <?php
  2. // Funciones
  3. ###################################################
  4. class functions {
  5. 	public function HoloHash($password){
  6. 			$password = sha1(md5($password));
  7. 			$password = hash('gost', $password);
  8. 			$password = hash('whirlpool', $password);
  9. 			$password = hash('sha512', $password);
  10. 			return $password;
  11. 	}
  12. 	public function filter($texto) {
  14. 		$texto = stripslashes(htmlspecialchars($texto));
  15. 		$texto = trim($texto); // Eliminamos espacios en blanco o caracteres al principio y final del post
  16. 		$texto = htmlspecialchars($texto); // funciona casi igual que htmlentities
  17. 		$texto = str_replace("INSERT","IN-SER-T",$texto);  // Remplazamos palabras que podrian ser usadas para alterar la BD
  18. 		$texto = str_replace("DELETE","DE-LE-TE",$texto);
  19. 		$texto = str_replace("TRUNCATE","TRUN-CA-TE",$texto);
  20. 		$texto = str_replace("SELECT","SE-LEC-T",$texto);
  21. 		$texto = str_replace("ALTER","AL-TER",$texto);
  22. 		$texto = str_replace("UPDATE","UP-DA-TE",$texto);
  23. 		$texto = str_replace("inert","IN-SER-T",$texto);  // Remplazamos palabras que podrian ser usadas para alterar la BD
  24. 		$texto = str_replace("delete","DE-LE-TE",$texto);
  25. 		$texto = str_replace("truncate","TRUN-CA-TE",$texto);
  26. 		$texto = str_replace("select","SE-LEC-T",$texto);
  27. 		$texto = str_replace("alter","AL-TER",$texto);
  28. 		$texto = str_replace("update","UP-DA-TE",$texto);
  29. 		$texto = str_replace("script","",$texto);
  30. 		$texto = str_replace("SCRIPT","",$texto);
  31. 		$texto = str_replace('"','&#38;#34;',$texto);
  32. 		$texto = str_replace("'","&#38;#39;",$texto);
  33. 		$texto = str_replace("<","&#38;#60;",$texto);
  34. 		$texto = str_replace(">","&#38;#62;",$texto);
  35. 		$texto = str_replace("(","",$texto);
  36. 		$texto = str_replace(")","",$texto);
  37. 		return $texto;
  38. 	}
  39. 	public function filternews($texto) {
  40. 		$texto = trim($texto); // Eliminamos espacios en blanco o caracteres al principio y final del post
  41. 		$texto = str_replace("INSERT","IN-SER-T",$texto);  // Remplazamos palabras que podrian ser usadas para alterar la BD
  42. 		$texto = str_replace("DELETE","DE-LE-TE",$texto);
  43. 		$texto = str_replace("TRUNCATE","TRUN-CA-TE",$texto);
  44. 		$texto = str_replace("SELECT","SE-LEC-T",$texto);
  45. 		$texto = str_replace("ALTER","AL-TER",$texto);
  46. 		$texto = str_replace("UPDATE","UP-DA-TE",$texto);
  47. 		$texto = str_replace("inert","IN-SER-T",$texto);  // Remplazamos palabras que podrian ser usadas para alterar la BD
  48. 		$texto = str_replace("delete","DE-LE-TE",$texto);
  49. 		$texto = str_replace("truncate","TRUN-CA-TE",$texto);
  50. 		$texto = str_replace("select","SE-LEC-T",$texto);
  51. 		$texto = str_replace("alter","AL-TER",$texto);
  52. 		$texto = str_replace("update","UP-DA-TE",$texto);
  53. 		$texto = str_replace("script","",$texto);
  54. 		$texto = str_replace("SCRIPT","",$texto);
  55. 		$texto = str_replace('"','',$texto);
  56. 		$texto = str_replace("'","",$texto);
  57. 		return $texto;
  58. 	}
  59. 	function GetIP() {
  60. 		if($_SERVER) {
  61. 			if($_SERVER["HTTP_X_FORWARDED_FOR"]) {
  62. 			$realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
  63. 			} elseif ($_SERVER["HTTP_CLIENT_IP"]) {
  64. 			$realip = $_SERVER["HTTP_CLIENT_IP"];
  65. 			} else {
  66. 			$realip = $_SERVER["REMOTE_ADDR"];
  67. 			}
  68. 		} else {
  69. 					if(getenv("HTTP_X_FORWARDED_FOR")) {
  70. 						$realip = getenv("HTTP_X_FORWARDED_FOR");
  71. 					} elseif(getenv("HTTP_CLIENT_IP")) {
  72. 						$realip = getenv("HTTP_CLIENT_IP");
  73. 					} else {
  74. 						$realip = getenv("REMOTE_ADDR");
  75. 					}
  76. 				}
  77. 		return $realip;
  78. 	}
  79. 	public function GenerateTicket(){
  80. 		$data = "ST-";
  81. 		for ($i=1; $i<=6; $i++){
  82. 			$data = $data . rand(0,9);
  83. 		}
  84. 		$data = $data . "-";
  85. 		for ($i=1; $i<=20; $i++){
  86. 			$data = $data . rand(0,9);
  87. 		}
  88. 		$data = $data . "-habbo-beta-fe";
  89. 		$data = $data . rand(0,5);
  90. 		return $data;
  91. 	}
  92. 	public function checkLogin($u, $p){
  93. 		$u = $this->filter($u);
  94. 		$p = $this->filter($p);
  95. 		$check = mysql_query("SELECT * FROM users WHERE username = '{$u}' AND password = '{$p}' OR mail = '{$u}' AND password = '{$p}' LIMIT 1");
  96. 		if(mysql_num_rows($check) > 0) return true; return false;
  97.  
  98. 	}
  99. 	public function userExist($u){
  100. 		$u = $this->filter($u);
  101. 		$g = mysql_query("SELECT null FROM users WHERE username = '{$u}' OR mail = '{$u}' LIMIT 1");
  102. 		if(mysql_num_rows($g) > 0) return true; return false;
  103. 	}
  104. 	public function AddUser($u, $p, $m, $b){
  105. 		$user = $this->filter($u);
  106. 		$pass = $this->filter($p);
  107. 		$mail = $this->filter($m);
  108. 		$birth = $this->filter($b);
  109. 		$credits = "900000";
  110. 		$rank = "1";
  111. 		$look = "hr-893-42.hd-180-1.ch-225-64.lg-280-64.sh-300-64.ha-1002-64.ea-1404-62.ca-1802";
  112. 		$motto = "Hola, soy un usuario nuevo!";
  113.  
  114. 		mysql_query("INSERT INTO users(`id`, `username`, `password`, `mail`, `credits`, `rank`, `ip_reg`, `ip_last`, `look`, `account_created`, `gender`, `motto`, `birth`, `auth_ticket`) 
  115. 								VALUES(NULL, '{$user}', '{$pass}', '{$mail}', '{$credits}', '{$rank}', '".$this->GetIP()."', '".$this->GetIP()."', '{$look}', '". time() ."', 'M', '{$motto}', '{$birth}', '" .$this->GenerateTicket()."')");
  116. 		$userd = mysql_query("SELECT * FROM users WHERE username = '{$user}'");
  117. 		$userd = mysql_fetch_assoc($userd);
  118. 		mysql_query("INSERT INTO `user_info` (user_id,reg_timestamp) VALUES ('".$userd['id']."','".time()."')");
  119. 		//mysql_query("INSERT INTO `user_stats` (id) VALUES ('".$userd['id']."')");
  120. 		$_SESSION['username'] = $user;
  121. 		$_SESSION['password'] = $pass;
  122. 	}
  123. 	function CheckBanned($u, $ip){
  124. 		$H = date('H');
  125. 		$i = date('i');
  126. 		$s = date('s');
  127. 		$m = date('m');
  128. 		$d = date('d');
  129. 		$Y = date('Y');
  130. 		$j = date('j');
  131. 		$n = date('n');
  132. 		$today = $d;
  133. 		$month = $m;
  134. 		$year = $Y;
  135. 		$u = $this->filter($u);
  136. 		$ip = $this->filter($ip);
  137. 		$checkban = mysql_query("SELECT * FROM bans WHERE value = '{$u}' or value = '{$ip}' LIMIT 1");
  138. 		if(mysql_num_rows($checkban) < 1){ return false;} else {
  139. 			$bandata = mysql_fetch_assoc($checkban);
  140. 			$reason = $bandata['reason'];
  141. 			$expire = $bandata['expire'];
  142. 			$xbits = explode(" ", $expire);
  143. 			$xtime = explode(":", $xbits[1]);
  144. 			$xdate = explode("-", $xbits[0]);
  145. 			$stamp_now = mktime(date('H'),date('i'),date('s'),$today,$month,$year);
  146. 			$datetoex = date("d-m-y",$expire);
  147. 			if($stamp_now < $expire){
  148. 				$login_error = "Has sido banedo por esta razón: \"".$reason."\". Tu baneo expira el: ".$datetoex.".";
  149. 				$_SESSION['BAN_LOGIN_ERROR'] = $login_error;
  150. 				return $login_error;
  151. 			} else { 
  152. 				mysql_query("DELETE FROM bans WHERE value = '{$u}' OR value = '{$ip}' LIMIT 1");
  153. 				return false;
  154. 			}
  155. 		}
  156. 	}
  157. 	public function session($s){
  158. 		if($s == "no" && $this->checkLogin($_SESSION['username'], $_SESSION['password'])){
  159. 			header("LOCATION: ". PATH ."../dashboard");
  160. 		}elseif($s == "yes" && $this->checkLogin($_SESSION['username'], $_SESSION['password']) == false){
  161. 			header("LOCATION: ". PATH ."/index.php");
  162. 		}
  163. 	}
  164. 	public function hk_access(){
  165. 		$user = $this->filter($_SESSION['username']);
  166. 		$pass = $this->filter($_SESSION['password']);
  167. 		$r = mysql_fetch_assoc(mysql_query("SELECT rank FROM users WHERE username = '{$user}' AND password = '{$pass}' LIMIT 1"));
  168. 		if($r['rank'] >= "5"){}else{header("LOCATION: ". PATH ."dashboard");}
  169.  
  170. 	}
  171.  
  172. 	public function GetLast($a){
  173. 		$a = $this->filter($a);
  174. 		if(!empty($a) || !$a == ''){
  175. 			if(is_numeric($a)){
  176. 				$date = $a;
  177. 				$date_now = time();
  178. 				$difference = $date_now - $date;
  179. 				if($difference <= '59'){ $echo = 'Justo Ahora'; }
  180. 				elseif($difference <= '3599' && $difference >= '60'){ 
  181. 					$minutos = date('i', $difference);
  182. 					if($minutos[0] == 0) { $minutos = $minutos[1]; }
  183. 					if($minutos == 1) { $minutos_str = 'minuto'; }
  184. 					else { $minutos_str = 'minutos'; }
  185. 					$echo = 'Hace '.$minutos.' '.$minutos_str;//Minutos
  186. 				}elseif($difference <= '82799' && $difference >= '3600'){
  187. 					$horas = date('G', $difference);
  188. 					if($horas == 1) { $horas_str = 'hora'; }
  189. 					else { $horas_str = 'horas'; }
  190. 					$echo = 'Hace '.$horas.' '.$horas_str;//Minutos
  191. 				}elseif($difference <= '518399' && $difference >= '82800'){
  192. 					$dias = date('j', $difference);
  193. 					if($dias == 1) { $dias_str = 'd&iacute;a'; }
  194. 					else { $dias_str = 'd&iacute;as'; }
  195. 					$echo = 'Hace '.$dias.' '.$dias_str;//Minutos
  196. 				}elseif($difference <= '2678399' && $difference >= '518400'){
  197. 					$semana = floor(date('j', $difference) / 7).'<!-- WTF -->';
  198. 					if($semana == 1) { $semana_str = 'semana'; }
  199. 					else { $semana_str = 'semanas'; }
  200. 					$echo = 'Hace '.floor($semana).' '.$semana_str;//Minutos
  201. 				}else { $echo = 'Hace '.date('n', $difference).' mes(es)'; }
  202. 				return $echo;
  203. 			}else{ return $a; }
  204. 		}else{ return 'A&uacute;n no te has conectado'; }
  205. 	}
  206. 	public function RankName($a){
  207. 		$a = mysql_fetch_assoc(mysql_query("SELECT name FROM ranks WHERE id = '{$a}' LIMIT 1"));
  208. 		return $a['name'];
  209. 	}
  210. 	public function UpdateProfile($a, $b, $u){
  211. 		$a = $this->filter($a);
  212. 		$b = $this->filter($b);
  213. 		$u = $this->filter($u);
  214. 		mysql_query("UPDATE users SET profile_bg = '{$a}', profile_image = '{$b}' WHERE username = '{$u}'");
  215. 	}
  216. 	public function Username_check($a){
  217. 		$a = $this->filter($a);
  218. 		$filter = preg_replace("/[^a-z\d\-=\?!@:\.]/i", "", $a);
  219. 		# USERNAME CHECK #
  220. 		if($a !== $filter || strlen($a) < 2 || strlen($a) > 32){ $error = "Insertaste un nombre iv&aacute;lido</div>"; }
  221. 		elseif($this->userExist($a)){ $error = "Ese nombre ya esta en uso"; }
  222. 		return $error;
  223. 	}
  224. 	public function Emails_check($a, $b){
  225. 		$a = $this->filter($a); // Email 1
  226. 		$b = $this->filter($b); // Email 2
  227. 		$email_check = preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $a);
  228. 		# EMAIL CHECK #
  229. 		if($email_check !== 1){ $error = "Insertaste un email inv&aacute;lido"; }
  230. 		elseif($this->userExist($a)){ $error = "Ese email ya esta en uso"; }
  231. 		elseif($a !== $b){ $error = "Tus emails no coinciden"; }
  232. 		return $error;
  233. 	}
  234. 	public function Password_Check($a, $b){
  235. 		$a = $this->filter($a); // pass 1
  236. 		$b = $this->filter($b); // pass 2
  237. 		# PASSWORD CHECK #
  238. 		if(strlen($a) < 6 || strlen($a) > 32){ $error = "Escribiste una contrase&ntilde;a inv&aacute;lida (debe tener m&aacute;s de 6 caracteristicas)";}
  239. 		elseif($a !== $b){ $error = "Tus contraseñas no coinciden"; }
  240. 		return $error;
  241. 	}
  242.  
  243. }
  244. ?>

Mod: Obligatorio el uso de etiquetas GeSHi. Temas sobre PHP van al subforo de PHP.

Título: Re: Alguien me ayuda?
Publicado por: LaThortilla (Effort) en 27 Octubre 2015, 20:11 pm
USA ETIQUETAS GeSHi Para codigo PHP.

Te aparece algún error?


ALGÚN MOD QUE MUEVA ESTO AL FORO PHP

Mod: En vez de gritar, usa la función "Reportar al moderador" para avisar.


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines