P.H.P. Help needed

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • zalka
    Confirmed User
    • Nov 2006
    • 168

    #1

    P.H.P. Help needed

    Hi i wonder if anybody can help me with my PHP games script, the problem is when i try to install a new game it installs it with height = "0" and width = "0" in other words no matter what i type in i.e. height = 500 width = 500 it still displays it with 0 dimenstions the game is there but you cant see it, also it dosent display the the small img for the game, ive been in touch with the guy who supplied the game script but he wont reply so im hoping someone from G.F.Y can help. i chmod the files but still the same.


    echo "<h1>Create Flash Game</h1>

    <form enctype=\"multipart/form-data\" action=\"?page=upload\" method=\"POST\">
    <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"1000000\" />

    Flash File: <input name=uploadedfile type=file /><br />
    Flash Img: <input name=uploadedfile2 type=file /><br />
    Game Name: <input type=text name=game><br />
    Game Height: <input type=text name=height/><br />
    Game Width: <input type=text name=width/><br />
    Category: <select name=category>";

    $findcats = mysql_query("SELECT category,id FROM categories");
    while($cat = mysql_fetch_array($findcats))
    {
    echo "<option value=$cat[id]>$cat[category]";
    }

    echo "</select><br /><br />
    <textarea cols=30 rows=6 name=description>
    </textarea>
    <br />
    <input type=submit value=\"Create Game\" />
    </form>";

    echo $adminfooter;
    }

    elseif($page == "upload")
    {

    echo $adminheader;

    $flashfile = $_FILES['uploadedfile']['name'];
    $imgfile = $_FILES['uploadedfile2']['name'];

    $dir_path = "flashfiles/";

    // SWF Files
    $dir_path .= "games/";

    $target_path = $dir_path . basename( $_FILES['uploadedfile']['name']);

    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))
    {
    echo "The flash file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br>";
    }

    // Image Files
    $dir_path .= "images/";

    $target_path = $dir_path . basename( $_FILES['uploadedfile2']['name']);

    if(move_uploaded_file($_FILES['uploadedfile2']['tmp_name'], $target_path))
    {
    echo "The image file ". basename( $_FILES['uploadedfile2']['name']). " has been uploaded.<br>";
    }
    mysql_query("INSERT INTO flash (game,description,category,file,imagename,height,w idth) VALUES ('$game','$description','$category','$flashfile',' $imgfile','$height','$width')");
    mysql_query("UPDATE sitestats SET totalgames = totalgames + 1");

    echo "<b><font color=green>File Uploaded Successfully.</b></font><br><br><a href=?=page=newgame>Upload Another Game</a>";

    Dump Your Site Here
    Sexyads 50/50 Revshare TotemCash 50/50 Revshare
    $40 per signup Adultdating Dollars
    Moocash.com Hottest Amateur Cam Action

  • justFred
    Confirmed User
    • Mar 2007
    • 922

    #2
    O_O my eyes, that script is.... not so well written.

    can you e-mail me the url this page this is on, I'll see what I can do.

    EDIT fred at sexyoptions dot com
    Vote Bill Cosby 2012

    Comment

    • calmlikeabomb
      Confirmed User
      • May 2004
      • 1323

      #3
      It seems as if he coded this assuming register_globals is enabled. Usually this is not something you want. (search about register_globals, I'm too lazy to explain it here because it's such an old topic). Also, you're script is vulnerable to SQL injections.

      Anyways, try replacing the mysql insert query with this:

      PHP Code:
      list($game, $description, $category, $height, $width) = array(addslashes($_POST['game']), addslashes($_POST['description']), addslashes($_POST['category']), addslashes($_POST['height']), addslashes($_POST['width']));
      mysql_query("INSERT INTO flash (game,description,category,file,imagename,height,width) VALUES ('$game','$description','$category','$flashfile',' $imgfile','$height','$width')"); 
      
      So you're replacing one existing line and adding a new one before it. This code you posted is for inserting the game into the database. You stated that the game is not displaying correctly (no height, width) so your problem could be somewhere else (code that displays the game).

      If all records are being submitted into the database correctly, then this code isn't where the problem lies. Check your database table to ensure the records are complete entries (not missing any data; height, width).

      Levi
      subarus.

      Comment

      • Intricate
        Confirmed User
        • Jun 2007
        • 133

        #4
        That script is very insecure actually...... if you need it rewritten in the future, get in touch with me..
        chesterbanksphp [.at.] gmail.com
        icq: 350 656 495

        Comment

        • zalka
          Confirmed User
          • Nov 2006
          • 168

          #5
          Thanks guys for all your help ill give it a try, Intricate if this dosnt work ill get in touch, once again thanks.

          Dump Your Site Here
          Sexyads 50/50 Revshare TotemCash 50/50 Revshare
          $40 per signup Adultdating Dollars
          Moocash.com Hottest Amateur Cam Action

          Comment

          Working...