[digiArt]

Vad du letar efter är något i stil med DELETE FROM `[ANVÄNDARTABELLEN]`

Du får köra en textsök genom alla php efter DELETE FROM

I ditt exempel verkar det snarare vara någon flytt av saker från en tabell från en annan.

[taz76]

titta vad som finns i filen dbcron.php.. är det bara nått funktions/objekt-bibliotek eller finns där nått mer?

om det finns nån funktion i scriptet för att rensa upp inaktiva medlemmar så kanske det finns en bugg där.. en tanke som dök upp.

[Clarence]

Som taz76 säger så ligger det förmodligen i dbcron.php, även om det är lite konstigt att rensning av inventory-tabellen ligger direkt i cleanup.php.

Du bör i dbcron.php hitta något liknande koden du postade från cleanup.php fast mot en tabell som förmodligen heter något i stil med "user". I sådant fall kan du nog inaktivera det med två / framför en rad börjar i stil med $variabelnamn = mysql_query("DELETE FROM `user`

Risken finns dock att du bara får bort hälften av rensningen, eller att koden/instruktioner för den ligger t ex i databasen i vilket fall det nog för dig kan vara rätt svårt att hitta. Det enklaste och säkraste vore nog att betala en konsult för en timmes jobb för att rensa bort funktionen (bör inte vara några problem för ens en medioker PHP-knackare att rensa den på en timme).

[tommi]

Hej fick ett tips om denna fil, och där hittar jag några rader som säger DELETE FROM. Räcker det att jag bara tar bort DELETE FROM?

Kolla nedan!

<?
include 'header.php';

$result = mysql_query("SELECT * FROM `grpgusers` ORDER BY `lastactive` DESC");

while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {

$secondsago = time()-$line['lastactive'];

if ($secondsago > 2592000) {

$user_online = new User($line['id']);

$result2 = mysql_query("DELETE FROM `grpgusers` WHERE `id`='".$user_online->id."'");

}

}

if ($user_class->admin != 1) {

echo Message("You are not authorized to be here.");

include 'footer.php';

die();

}

if ($_POST['reklam'] !== "") {

$result = mysql_query("UPDATE `reklam` SET `data`='".$_POST['fot']."' WHERE `place`='".$_POST['rekid']."'");
}

//referrals section

if ($_GET['givecredit'] != ""){

$result = mysql_query("UPDATE `referrals` SET `credited`='1' WHERE `id`='".$_GET['givecredit']."'");

$result = mysql_query("SELECT * FROM `referrals` WHERE `id` = '".$_GET['givecredit']."'");

$line = mysql_fetch_array($result);

$cp_user = new User($line['referrer']);

$newpoints = $cp_user->money + 5000;

$result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newpoints."' WHERE `id`='".$cp_user->id."'");

send_event($cp_user->id, "Du har krediterats 5000 poäng för att hänvisa ".$line['referred'].". Fortsätt med det goda arbetet!");

echo Message("du har accepterat hänvisningen.");

}

if ($_GET['denycredit'] != ""){

$result = mysql_query("DELETE FROM `referrals` WHERE `id`='".$_GET['denycredit']."'");



send_event($line['referrer'], "Tyvärr du har inte fått några poäng för att hänvisa ".$line['referred'].". Detta kan vara ett resultat av många olika saker, som du missbrukar hänskjutningssystemet eller spelaren ni hänvisade bara registrera dig, men aldrig egentligen spelar.");

echo Message("Du har nekat hänvisningen");

}

//jobs section

if ($_GET['deletejob']){

$result = mysql_query("DELETE FROM `jobs` WHERE `id`='".$_GET['deletejob']."'");

echo Message("You have deleted a job.");

mrefresh("control.php?page=jobs");

include 'footer.php';

die();

}

if ($_POST['addjobdb']){

$result= mysql_query("INSERT INTO `jobs` (name, money, strength, defense, speed, level)"."VALUES ('".$_POST['name']."','".$_POST['money']."','".$_POST['strength']."','".$_POST['defense']."','".$_POST['speed']."', '".$_POST['level']."')");

echo Message("You have added a job to the database.");

}

if ($_POST['editjobdb']){

$result= mysql_query("UPDATE `jobs` SET `name`='".$_POST['name']."', `money`='".$_POST['money']."', `strength`='".$_POST['strength']."', `defense`='".$_POST['defense']."', `speed`='".$_POST['speed']."', `level`='".$_POST['level']."' WHERE `id`='".$_POST['id']."'");

echo Message("You have edited a job.");

}

//city section

if ($_GET['deletecity']){

$result = mysql_query("DELETE FROM `cities` WHERE `id`='".$_GET['deletecity']."'");

echo Message("You have deleted a city.");

mrefresh("control.php?page=cities");

include 'footer.php';

die();

}

if ($_POST['addcitydb']){

$result= mysql_query("INSERT INTO `cities` (name, levelreq, landleft, landprice, description)"."VALUES ('".$_POST['name2']."','".$_POST['levelreq2']."','".$_POST['landleft2']."','".$_POST['landprice2']."','".$_POST['description2']."')");

echo Message("You have added a city to the database.");

}

if ($_POST['editcitydb']){

$result= mysql_query("UPDATE `cities` SET `name`='".$_POST['name']."', `levelreq`='".$_POST['levelreq']."', `landleft`='".$_POST['landleft']."', `landprice`='".$_POST['landprice']."', `description`='".$_POST['description']."' WHERE `id`='".$_POST['id']."'");

echo Message("You have edited a city.");

}

//crime section

if ($_GET['deletecrime']){
$result = mysql_query("DELETE FROM `crimes` WHERE `id`='".$_GET['deletecrime']."'");
echo Message("You have deleted a crime.");
mrefresh("control.php?page=crimes");
include 'footer.php';
die();
}
if ($_POST['addcrimedb']){
$result= mysql_query("INSERT INTO `crimes` (name, nerve, stext, ftext, ctext)"."VALUES ('".$_POST['name']."','".$_POST['nerve']."','".$_POST['stext']."','".$_POST['ftext']."','".$_POST['ctext']."')");
echo Message("You have added a crime to the database.");
}
if ($_POST['editcrimedb']){
$result= mysql_query("UPDATE `crimes` SET `name`='".$_POST['name']."', `nerve`='".$_POST['nerve']."', `stext`='".$_POST['stext']."', `ftext`='".$_POST['ftext']."', `ctext`='".$_POST['ctext']."' WHERE `id`='".$_POST['id']."'");
echo Message("You have edited a crime.");
}
//items section

if ($_POST['additemdb']){
$result= mysql_query("INSERT INTO `items` (itemname,description,cost,image,offense,defense,h eal,buyable,level)"."VALUES ('".$_POST['itemname']."','".$_POST['description']."','".$_POST['cost']."','".$_POST['image']."','".$_POST['offense']."','".$_POST['defense']."','".$_POST['heal']."','".$_POST['buyable']."','".$_POST['level']."')");
}
if ($_GET['takealluser'] != ""){
$oldamount = Check_Item($_GET['takeallitem'], $_GET['takealluser']);
$result = mysql_query("DELETE FROM `inventory` WHERE `userid` = '".$_GET['takealluser']."' AND `itemid` = '".$_GET['takeallitem']."'");
echo Message("That user had ".$oldamount." of those, now they are all gone.");
}
if ($_POST['giveitem'] != ""){

$oldamount = Check_Item($_POST['itemnumber'], Get_ID($_POST['username']));

Give_Item($_POST['itemnumber'], Get_ID($_POST['username']), $_POST['itemquantity']);

$newamount = Check_Item($_POST['itemnumber'], Get_ID($_POST['username']));

echo Message("That user had ".$oldamount." of those, and now has ".$newamount." of them.");

}

if ($_POST['takeitem'] != ""){

$oldamount = Check_Item($_POST['itemnumber'], Get_ID($_POST['username']));

Take_Item($_POST['itemnumber'], Get_ID($_POST['username']), $_POST['itemquantity']);

$newamount = Check_Item($_POST['itemnumber'], Get_ID($_POST['username']));

echo Message("That user had ".$oldamount." of those, and now has ".$newamount." of them.");

}

if ($_POST['listitems'] != ""){

$oldamount = Check_Item($_POST['itemnumber'], Get_ID($_POST['username']));

$result = mysql_query("SELECT * FROM `inventory` WHERE `userid`='".Get_ID($_POST['username'])."'");

while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {

$result2 = mysql_query("SELECT * FROM `items` WHERE `id`='".$line['itemid']."'");

$worked2 = mysql_fetch_array($result2);

$out.= "<div>".$line['itemid'].".) ".item_popup($worked2['itemname'], $worked2['id']) ." $". $worked2['cost']." Quantity: ".$line['quantity']." <a href='control.php?page=playeritems&takealluser=".G et_ID($_POST['username'])."&takeallitem=".$line['itemid']."'>Take All</a></div>";

}

echo Message($_POST['username']."'s Items
".$out);

}

if ($_POST['changemessage'] != ""){

$result = mysql_query("UPDATE `serverconfig` SET `messagefromadmin` = '".$_POST['message']."'");

echo Message("You have changed the message from the admin.");

}



if ($_POST['changeserverdown'] != ""){

$result = mysql_query("UPDATE `serverconfig` SET `serverdown` = '".$_POST['message']."'");

echo Message("You have changed the server down text.");

}

if ($_POST['addrmdays'] != ""){

$result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='".$_POST['username']."'");

$worked = mysql_fetch_array($result);



$newrmdays = $worked['rmdays'] + $_POST['rmdays'];

$result = mysql_query("UPDATE `grpgusers` SET `rmdays` = '".$newrmdays."' WHERE `username`='".$_POST['username']."'");



echo Message("You have added ".$_POST['rmdays']." RM Days to ".$_POST['username'].".");

}

if ($_POST['addpoints'] != ""){

$result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='".$_POST['username']."'");

$worked = mysql_fetch_array($result);



$newpoints = $worked['points'] + $_POST['points'];

$result = mysql_query("UPDATE `grpgusers` SET `points` = '".$newpoints."' WHERE `username`='".$_POST['username']."'");



echo Message("You have added ".$_POST['points']." points to ".$_POST['username'].".");

}
if ($_POST['addc'] != ""){

$result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='".$_POST['username']."'");

$worked = mysql_fetch_array($result);



$newcash = $worked['money'] + $_POST['cash'];

$result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newcash."' WHERE `username`='".$_POST['username']."'");



echo Message("Du har skickat ".$_POST['cash']." cash till ".$_POST['username'].".");

}

if ($_POST['addhookers'] != ""){

$result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='".$_POST['username']."'");

$worked = mysql_fetch_array($result);



$newhookers = $worked['hookers'] + $_POST['hookers'];

$result = mysql_query("UPDATE `grpgusers` SET `hookers` = '".$newhookers."' WHERE `username`='".$_POST['username']."'");



echo Message("You have added ".$_POST['hookers']." hookers to ".$_POST['username'].".");

}
if ($_POST['addplinks'] != ""){



$result = mysql_query("INSERT INTO plinks (url, link, earn)
VALUES ('".$_POST['url']."', '".$_POST['text']."', '".$_POST['earn']."')");



echo Message("du har lagt till en ny länk!");

}


if ($_POST['givermgun'] != ""){

$result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='".$_POST['username']."'");

$worked = mysql_fetch_array($result);



$result= mysql_query("INSERT INTO `inventory` (userid, itemid)".

"VALUES ('".$worked['id']."', '15')");



echo Message("You have given an RM Gun to ".$_POST['username'].".");

}

if ($_POST['givermarmor'] != ""){

$result = mysql_query("SELECT * FROM `grpgusers` WHERE `username`='".$_POST['username']."'");

$worked = mysql_fetch_array($result);



$result= mysql_query("INSERT INTO `inventory` (userid, itemid)".

"VALUES ('".$worked['id']."', '16')");



echo Message("You have given an RM Armor to ".$_POST['username'].".");

}

if ($_GET['action'] == "deleteallfromip"){

$result = mysql_query("DELETE FROM `grpgusers` WHERE ip='".$_GET['ip']."'");

}

if(isset($_POST['adminstatus'])){

$user = trim($_POST['username']);

if($user != ""){

$query = "UPDATE grpgusers SET admin = 1 WHERE username = '$user'";

mysql_query($query) or die("Failure to Update a player with Admin Status. MySQL reports: ".mysql_error());

}

}

if(isset($_POST['revokeadminstatus'])){

$user = trim($_POST['username']);

if($user != ""){

$query = "UPDATE grpgusers SET admin = 0 WHERE username = '$user'";

mysql_query($query) or die("Failure to Update a player with Admin Status. MySQL reports: ".mysql_error());

}

}



if(isset($_POST['banplayer'])){

$user = trim($_POST['username']);

if($user != ""){

$query = "UPDATE grpgusers SET admin = 5 WHERE username = '$user'";

mysql_query($query) or die("Failure to Update a player with Admin Status. MySQL reports: ".mysql_error());

}

}

if(isset($_POST['president'])){

$user = trim($_POST['username']);

if($user != ""){

$query = "UPDATE grpgusers SET admin = 3 WHERE username = '$user'";

mysql_query($query) or die("Failure to Update a player with Admin Status. MySQL reports: ".mysql_error());

}

}

if(isset($_POST['impeachpresident'])){

$user = trim($_POST['username']);

if($user != ""){

$query = "UPDATE grpgusers SET admin = 0 WHERE username = '$user'";

mysql_query($query) or die("Failure to Update a player with Admin Status. MySQL reports: ".mysql_error());

}

}

if(isset($_POST['congress'])){

$user = trim($_POST['username']);

if($user != ""){

$query = "UPDATE grpgusers SET admin = 4 WHERE username = '$user'";

mysql_query($query) or die("Failure to Update a player with Admin Status. MySQL reports: ".mysql_error());

}

}

if(isset($_POST['impeachcongress'])){

$user = trim($_POST['username']);

if($user != ""){

$query = "UPDATE grpgusers SET admin = 0 WHERE username = '$user'";

mysql_query($query) or die("Failure to Update a player with Admin Status. MySQL reports: ".mysql_error());

}

}

?>
Kontrol panel
<tr><td class="contenthead"></td></tr><tr><td class="contentcontent"></td>
</tr>

<?php if($_GET['page'] == "") { ?>

<tr><td class="contenthead">Change Message From The Admin</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<?

$result = mysql_query("SELECT * from `serverconfig`");

$worked = mysql_fetch_array($result);

?>

<textarea name='message' cols='53' rows='7'><?= $worked['messagefromadmin']; ?></textarea>


<input type='submit' name='changemessage' value='Change Message From Admin'>
</form>

</td></tr>

<tr><td class="contenthead">Change Server Down Text</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<?

$result = mysql_query("SELECT * from `serverconfig`");

$worked = mysql_fetch_array($result);

?>

<textarea name='message' cols='53' rows='7'><?= $worked['serverdown']; ?></textarea>


<input type='submit' name='changeserverdown' value='Change Server Down Text'>
</form>

</td></tr>



<?php } ?>
<?php if ($_GET['page'] == "roll") { ?>
<tr>
<td class="contenthead">Aktivera ny dag!</td>
</tr>

<tr><td class="contentcontent">
genom att aktivera en ny dag får alla spelare sin dagliga lön från jobbet, lotteriet får en daglig vinnare!
Klicka här för att aktivera ny dag!

</td></tr>
<? } ?>

<?php if ($_GET['page'] == "rmoptions") { ?>

<tr><td class="contenthead"></td></tr><tr><td class="contentcontent"></td>
</tr>
<tr><td class="contenthead">Ge cash</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [DJ namn]


<input type='text' name='cash' size='10' maxlength='75'> [Hur mycket?]


<input type='submit' name='addc' value='Ge cash'>
</form>

</td></tr>
<tr><td class="contenthead">Add Points</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [Username]


<input type='text' name='points' size='10' maxlength='75'> [How Many Points]


<input type='submit' name='addpoints' value='Give Points'>
</form>

</td></tr>

<tr><td class="contenthead"></td></tr><tr><td class="contentcontent"></td>
</tr>

<?php

}
if ($_GET['page'] == "linkar") { ?>
<tr><td class="contenthead">Lägg in länk till arkivet!</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='text' size='10' maxlength='75'> [text]


<input type='text' name='earn' size='10' maxlength='75'> [Tjänar (poäng)]


<input type='text' name='url' size='10' maxlength='75'> [adress]


<input type='submit' name='addplinks' value='Spara'>
</form>

</td></tr>
<? }
if ($_GET['page'] == "setplayerstatus") { ?>

<tr><td class="contenthead">Ban a Player</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [Username]


<input type='text' name='reason' size='10' maxlength='75'>[Reason for Banning]


<input type='submit' name='banplayer' value='Ban Player'></td></tr>

<tr><td class="contenthead">Give Admin Status</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [Username]


<input type='submit' name='adminstatus' value='Change Admin Status'>
</form>

</td></tr>

<tr><td class="contenthead">Revoke Admin Status</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [Username]


<input type='submit' name='revokeadminstatus' value='Revoke Admin Status'>
</form>

</td></tr>

<tr><td class="contenthead"></td></tr><tr><td class="contentcontent"></td>
</tr>

<?

}



if ($_GET['page'] == "playeritems") { ?>

<tr>
<td class="contenthead">List Of All tracks</td>
</tr>

<tr><td class="contentcontent">

<?

$result = mysql_query("SELECT * FROM `items`");

while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {

echo "<div>".$line['id'].".) ".item_popup($line['itemname'], $line['id']) ." $". $line['cost']."</div>";

}

?>

</td></tr>
<tr><td class="contenthead">Add New Item To Database</td></tr>
<tr><td class="contentcontent">
<form method='post'>
<input type='text' name='itemname' size='10' maxlength='75'> [itemname]

<input type='text' name='description' size='10' maxlength='75'> [description]

<input type='text' name='cost' size='10' maxlength='75'> [cost]

<input type='text' name='image' size='10' maxlength='75'value='images/noimage.png'> [image]

<input type='text' name='offense' size='10' maxlength='75'> [offense]

<input type='text' name='defense' size='10' maxlength='75'> [defense]

<input type='text' name='heal' size='10' maxlength='75'value='0'> [heal]

<input type='text' name='buyable' size='10' maxlength='75'value='0'> [buyable]

<input type='text' name='level' size='10' maxlength='75' value='0'> [level]

<input type='submit' name='additemdb' value='Add Item'></td></tr>
</form>

<tr>
<td class="contenthead">Give track</td>
</tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [Username]


<input type='text' name='itemnumber' size='10' maxlength='75'> [Item Number]


<input type='text' name='itemquantity' size='10' maxlength='75'> [Quantity]


<input type='submit' name='giveitem' value='Give Items'></td></tr>
</form>

<tr>
<td class="contenthead">Take track</td>
</tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [Username]


<input type='text' name='itemnumber' size='10' maxlength='75'> [Item Number]


<input type='text' name='itemquantity' size='10' maxlength='75'> [Quantity]


<input type='submit' name='takeitem' value='Take Items'></td></tr>
</form>

<tr>
<td class="contenthead">View A Player's track</td>
</tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='username' size='10' maxlength='75'> [Username]


<input type='submit' name='listitems' value='List Items'></td></tr>
</form>

<?

}



if ($_GET['page'] == "referrals") { ?>

<tr><td class="contenthead">Manage Referrals</td></tr>

<tr><td class="contentcontent">

<?

$result = mysql_query("SELECT * FROM `referrals` WHERE `credited`='0'");

while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {

echo "<div>".$line['id'].".) ".$line['referred']." Blev hänvisad av Player ID:". $line['referrer']." (".date(F." ".d.", ".Y." ".g.":".i.":".sa,$line['when']).") <a href='control.php?page=referrals&givecredit=".$lin e['id']."'>Kreditera</a> | <a href='control.php?page=referrals&denycredit=".$lin e['id']."'>Förneka</a></div>";

}

?>

</td></tr>

<?

}

if ($_GET['page'] == "crimes") { ?>
<tr>
<td class="contenthead">brott</td>

<tr><td class="contentcontent">
<?
$result = mysql_query("SELECT * FROM `crimes`");
echo "<table><tr align='center'><td>ID</td><td>Name</td><td>Nerve</td><td>Delete</td><tr>";
while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo "<tr><td>".$line['id'].".)</td><td>".$line['name']."</td><td>". $line['nerve']."</td><td><a href='control.php?page=crimes&deletecrime=".$line['id']."'>[Delete Crime]</a></td></tr>";
}
echo "</table>";
?>
</td></tr><tr><td class="contenthead">


Lägg till brott i databasen!
</td></tr><tr><td class="contentcontent">

<form method='post'>
<input type='text' name='name' size='30' maxlength='75' />
[name]

<input type='text' name='nerve' size='30' maxlength='75' />
[nerve]

<textarea name='stext' cols='53' rows='7'>Success message</textarea>


<textarea name='ctext' cols='53' rows='7'>Fail message</textarea>


<textarea name='ftext' cols='53' rows='7'>Fail and caught message</textarea>


<input type='submit' name='addcrimedb' value='Add Crime' />

</form></td>
</tr>

<tr><td class="contenthead"></td></tr>
<tr><td class="contenthead">View/Edit A Crime</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='crimeid' size='10' maxlength='75'> [Crime ID]


<input type='submit' name='vieweditcrime' value='View/Edit Crime'></td></tr>

<?

if($_POST['vieweditcrime']){

$result = mysql_query("SELECT * FROM `crimes` WHERE `id`='".$_POST['crimeid']."'");

$worked = mysql_fetch_array($result);

?>
<?

}

}

if ($_GET['page'] == "cities") { ?>
<tr><td class="contenthead">Cities</td></tr>

<tr><td class="contentcontent">

<?

$result = mysql_query("SELECT * FROM `cities`");

echo "<table cellpadding='4'><tr align='center'><td>ID</td><td>Name</td><td>Level Req</td><td>Land Left</td><td>Land Price</td><td>Delete</td></tr>";

while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {

echo "<tr><td>".$line['id'].".)</td><td>".$line['name']."</td><td>". $line['levelreq']."</td><td>".$line['landleft']."</td><td>".$line['landprice']."</td><td><a href='control.php?page=cities&deletecity=".$line['id']."'>[Delete City]</a></td></tr>";

}

echo "</table>";

?>

</td></tr>

<tr><td class="contenthead">Add New City To Database</td></tr>

<tr><td class="contentcontent">

<form method='post'>
<input type='text' name='name2' size='30' maxlength='75' />
[name]

<input type='text' name='levelreq2' size='30' maxlength='75' />
[level req]

<input type='text' name='landleft2' size='30' maxlength='75' />
[land left]

<input type='text' name='landprice2' size='30' maxlength='75' />
[land price]

<textarea name='description2' cols='53' rows='7'>Description goes here...</textarea>


<input type='submit' name='addcitydb' value='Add City' />
</td>
</tr>
</form>
<tr><td class="contenthead">View/Edit A City</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='cityid' size='10' maxlength='75'> [City ID]


<input type='submit' name='vieweditcity' value='View/Edit City'></td></tr>

<?

if($_POST['vieweditcity']){

$result = mysql_query("SELECT * FROM `cities` WHERE `id`='".$_POST['cityid']."'");

$worked = mysql_fetch_array($result);

?>

<tr><td class="contenthead">Edit City</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='name' size='30' maxlength='75' value='<?= $worked['name'] ?>'> [name]


<input type='text' name='levelreq' size='30' maxlength='75' value='<?= $worked['levelreq'] ?>'> [level req]


<input type='text' name='landleft' size='30' maxlength='75' value='<?= $worked['landleft'] ?>'> [land left]


<input type='text' name='landprice' size='30' maxlength='75' value='<?= $worked['landprice'] ?>'> [land price]


<textarea name='description' cols='53' rows='7'><?= $worked['description'] ?></textarea>


<input type="hidden" name="id" value="<?= $worked['id'] ?>">

<input type='submit' name='editcitydb' value='Edit City'></td></tr>
</form>

<?

}

}
if ($_GET['page'] == "reklam") { ?>

<table><tr><td class="contenthead">Reklam id'n:
</td></tr><tr><td class="contentcontent">
<span style="font-style: italic">



banner i footern = </span><span style="font-weight: bold">fot</span>



</td></tr>
<tr><td class="contentcontent">
<form method='post'>

<input type='text' name='reklamid' size='10' maxlength='75'> [Reklam id]


<input type='submit' name='reklamview' value='Ändra/ kontrollera'></form></td><?

if (!$_POST['reklamid'] == "") { ?><?
$resultrek = mysql_query("SELECT * FROM reklam WHERE place = '".$_POST['reklamid']."'");

while($line = mysql_fetch_array($resultrek, MYSQL_ASSOC)) {

?>
<form method='post'>
sparar kod till reklam id:
<input type="text" name="rekid" value="<? echo $_POST['reklamid']; ?>"/>

<textarea name="fot" cols="30" rows="6"><? echo $line['data']; ?></textarea>


<input type='submit' name='reklam' value='Spara'></form></td></tr>

<?
}
}
}
if ($_GET['page'] == "links") {
?><tr><td class="contenthead">Lägg till länkar</td></tr><tr><td class="contentcontent">


<?
}
if ($_GET['page'] == "jobs") { ?>

<tr><td class="contenthead">Jobs</td></tr>

<tr><td class="contentcontent">

<?

$result = mysql_query("SELECT * FROM `jobs`");

echo "<table><tr align='center'><td>ID</td><td>Name</td><td>Money</td><td>Bartender</td><td>servitris</td><td>städare</td><td>Level</td><td>Delete</td><tr>";

while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {

echo "<tr><td>".$line['id'].".)</td><td>".$line['name']."</td><td>". $line['money']."</td><td>".$line['strength']."</td><td>".$line['defense']."</td><td>".$line['speed']."</td><td>".$line['level']."</td><td><a href='control.php?page=jobs&deletejob=".$line['id']."'>[Delete Job]</a></td></tr>";

}

echo "</table>";

?>

</td></tr>

<tr><td class="contenthead">Add New Job To Database</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='name' size='30' maxlength='75'> [name]


<input type='text' name='money' size='30' maxlength='75'> [money]


<input type='text' name='strength' size='30' maxlength='75'> [strength]


<input type='text' name='defense' size='30' maxlength='75'> [defense]


<input type='text' name='speed' size='30' maxlength='75'> [speed]


<input type='text' name='level' size='30' maxlength='75'> [level]


<input type='submit' name='addjobdb' value='Add Job'></td></tr>
</form>

<tr><td class="contenthead">View/Edit A Job</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='jobid' size='10' maxlength='75'> [Job ID]


<input type='submit' name='vieweditjob' value='View/Edit Job'></td></tr>

<?

if($_POST['vieweditjob']){

$result = mysql_query("SELECT * FROM `jobs` WHERE `id`='".$_POST['jobid']."'");

$worked = mysql_fetch_array($result);

?>

<tr><td class="contenthead">Edit Job</td></tr>

<tr><td class="contentcontent">

<form method='post'>

<input type='text' name='name' size='30' maxlength='75' value='<?= $worked['name'] ?>'> [name]


<input type='text' name='money' size='30' maxlength='75' value='<?= $worked['money'] ?>'> [money]


<input type='text' name='strength' size='30' maxlength='75' value='<?= $worked['strength'] ?>'> [strength]


<input type='text' name='defense' size='30' maxlength='75' value='<?= $worked['defense'] ?>'> [defense]


<input type='text' name='speed' size='30' maxlength='75' value='<?= $worked['speed'] ?>'> [speed]


<input type='text' name='level' size='30' maxlength='75' value='<?= $worked['level'] ?>'> [level]


<input type="hidden" name="id" value="<?= $worked['id'] ?>">

<input type='submit' name='editjobdb' value='Edit Job'>
</form>

</td></tr>
<?php
}
}
include 'footer.php';
?>

[taz76]

Du skrev i första inlägget att medlemmar raderas.. vilket jag tolkar som att de raderas fullständigt - eller?

Den koden ovan och speciellt i början där medlem raderas ifrån tabellen grpgusers ser ut att ha att göra med om en användare är online eller inte. Troligen lagras användaren i en annan tabell..

Titta i dbcron.php men även logga in via phpmyadmin och se om du kan sniffa upp vilken tabell där användaren lagras och sök på tabellnamnet.

[taz76]

Jag ser en annan allvarlig sak.. den filen du kopierade in har säkerhetshål som en schweitzerost (med reservation för felstavning)... Man kan köra SQL Injections som eventuellt kan radera hela databasen.

EDIT: Här är ett farligt ställe..

$result = mysql_query("DELETE FROM `cities` WHERE `id`='".$_GET['deletecity']."'");

kör man sedan detta;

http://www.server.se/index.php?deletecity=1OR1=1;

splatt så raderades samtliga städer i _hela_ databasen.. det kan göras ännu värre också.

[tommi]

Ca 20 st natten som var och olika varje natt. Och dom raderas helt. Hittar ingen dbcron.php

[taz76]

Att medlemmar raderas är ditt minsta problem.. se mitt senaste inlägg om SQL Injections.

[tommi]

Vad ska jag göra? Ska jag stänga sidan? Jag har ju inte gjort något utan endast köpt denna och nu såg jag detta med medlemmarna. Men det verkar vara en enkel sak för er? Är det någon som känner sig för att fixa denna åt mig?

[tommi]

Ok men denna sida fungerar inte alls så detta behöver jag inte oroa mig för

http://www.server.se/index.php?deletecity=1OR1=1;