[GESIOR ACC] Retirando CLonagem em Shop

Postado Agosto 29, 2013 12 anos

Bem, muitos usam gesior e possui alguns problemas de clonagem na pagina shop.php...

Comigo funcionou perfeitamente!

Começando em Layout.php

Adicione logo abaixo do <SCRIPT TYPE="text/javascript">

<?php
function anti_injection($sql)
{
// remove palavras que contenham sintaxe sql
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/", "" ,$sql);
$sql = trim($sql);//limpa espaços vazio
$sql = strip_tags($sql);//tira tags html e php
$sql = addslashes($sql);//Adiciona barras invertidas a uma string
return $sql;
}

//modo de usar pegando dados vindos do formulario
$nome = anti_injection($_POST["nome"]);
$senha = anti_injection($_POST["senha"]);

//changing html characters using htmlspecialchars() Learn more here: http://www.php.net/manual/en/function.htmlspecialchars.php
//$_POST['link'] = <a href="test">test</a>

$link = htmlspecialchars($_POST['link'], ENT_QUOTES);
echo $link; //outputs:  &lt;a href='test'&gt;Test&lt;/a&gt;

header("Content-Type: text/html;  charset=ISO-8859-1",true) ?>

Agora em Shopadmin.php

<?PHP
if($group_id_of_acc_logged >= $config['site']['access_admin_panel']) {
    $offertype = $_REQUEST['offer_type'];
    if((empty($action)) AND (empty($offertype))) {
            $main_content .= '<br />
         <h2>
         <center><a href="?subtopic=shopadmin&action=addoffer">ADD SHOP OFFER</a><br /><br /><a href="?subtopic=shopadmin&action=viewoffer">
                VIEW SHOP OFFER <i>(EDIT/DELETE)</i></a><br /><br /><a href="?subtopic=shopadmin&action=points">ADD POINTS</a></center>';
    }
    if($action == "addoffer"){
        $shop_points = stripslashes(ucwords(strtolower(trim($_REQUEST['shop_points']))));
        $shop_offer_type = stripslashes(trim($_REQUEST['offer_type']));
        if(empty($shop_points)) {
            $main_content .= '<table border="0"><tr><td  align="center"><b>Select offer type:</b></td><td><table border="0" ><tr bgcolor="#505050">
                <td><font color="white">Item</td><td><font color="white">Item VIP</td><td><font color="white">Container</td><td><font color="white">Pacc</td><td><font color="white">VIP Days</td><td><font color="white">Redskull</td>
                <td><font color="white">Unban</td><td><font color="white">Changename</td><td><font color="white">Promotion</td></tr><tr bgcolor="#D4C0A1"><form action="" method="post">
                <td align="center"><input type="radio" name="offer_type" value="item" onClick="this.form.submit()"></td></lable>
                <td align="center"><input type="radio" name="offer_type" value="itemvip" onClick="this.form.submit()"></td></lable>
                <td align="center"><input type="radio" name="offer_type" value="container" onClick="this.form.submit()"></td>
                <td align="center"><input type="radio" name="offer_type" value="pacc" onClick="this.form.submit()"></td>
                <td align="center"><input type="radio" name="offer_type" value="vipdays" onClick="this.form.submit()"></td>
                <td align="center"><input type="radio" name="offer_type" value="redskull" onClick="this.form.submit()"></td>
                <td align="center"><input type="radio" name="offer_type" value="unban" onClick="this.form.submit()"></td>
                <td align="center"><input type="radio" name="offer_type" value="changename" onClick="this.form.submit()"></td>
                <td align="center"><input type="radio" name="offer_type" value="promotion" onClick="this.form.submit()"></td>
                </form></tr></table></td></tr>';
            $main_content .= '<form action="?subtopic=shopadmin&action=addoffer&offer_type='.$shop_offer_type.'" method="post" ><table border="0"><tr>
                <td align="center" ><b>Points:</b></td><td><input type="textbox" name="shop_points" maxlenght="7" style="width: 70px"></td></tr>';
            if($_REQUEST['offer_type'] == 'container'){
                $main_content .= '<tr><td align="center" ><b>Container ID:</b></td>
                    <td><input type="text" name="shop_itemid1" maxlenght="7" style="width: 70px" ></td></tr>
                    <tr><td align="center" ><b>Count Container:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" style="width: 70px" ></td></tr>
                    <tr><td align="center" ><b>Item ID:</b></td>
                    <td><input type="text" name="shop_itemid2" maxlenght="7" style="width: 70px" ></td></tr>
                    <tr><td align="center" ><b>Count Item:</b></td>
                    <td><input type="text" name="shop_count2" maxlenght="7" style="width: 70px" ></td></tr>';
            }
            if($_REQUEST['offer_type'] == 'item'){
                $main_content .= '<tr><td align="center"><b>Item ID:</b></td>
                    <td><input type="text" name="shop_itemid1" maxlenght="7" style="width: 70px" ></td></tr>
                    <tr><td align="center"><b>Item Count:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" style="width: 70px" ></td></tr>';
            }
            if($_REQUEST['offer_type'] == 'itemvip'){
                $main_content .= '<tr><td align="center"><b>Item ID:</b></td>
                    <td><input type="text" name="shop_itemid1" maxlenght="7" style="width: 70px" ></td></tr>
                    <tr><td align="center"><b>Item Count:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" style="width: 70px" ></td></tr>';
            }
            if($_REQUEST['offer_type'] == 'pacc'){
                $main_content .= '<tr><td align="center" ><b>Days:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" style="width: 70px" ></td></tr>';
            }
            if($_REQUEST['offer_type'] == 'vipdays'){
                $main_content .= '<tr><td align="center" ><b>Days:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" style="width: 70px" ></td></tr>';
            }
            $main_content .= '<tr><td align="center" ><b>Offer Description:</b></td>
                <td ><textarea name="shop_offer_description" rows="2" cols="35"></textarea></td></tr>
                <tr><td align="center" ><b>Offer Name:</b></td>
                <td><input type="text" name="shop_offer_name" maxlenght="40" style="width: 200px" ></td></tr></table>
                <input name="submit" type="submit" value="Submit" /></form>
                <form action="?subtopic=shopadmin&action=addoffer" method="post" >
                <input name="submit" type="submit" value="Reset" /></form>';
            $main_content .= '<form action="?subtopic=shopadmin" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form>';
        } else {
            $shop_points = stripslashes(trim($_POST['shop_points']));
            $shop_offer_type = stripslashes(trim($_REQUEST['offer_type']));
            $shop_itemid1 = stripslashes(trim($_POST['shop_itemid1']));
            $shop_count1 = stripslashes(trim($_POST['shop_count1']));
            $shop_itemid2 = stripslashes(trim($_POST['shop_itemid2']));
            $shop_count2 = stripslashes(trim($_POST['shop_count2']));
            $shop_offer_description = stripslashes(trim($_POST['shop_offer_description']));
            $shop_offer_name = stripslashes(trim($_POST['shop_offer_name']));
            $SQL->query('INSERT INTO `z_shop_offer` (id, points, itemid1, count1, itemid2, count2, offer_type, offer_description, offer_name, pid) VALUES (NULL, '.$SQL->quote($shop_points).', '.$SQL->quote($shop_itemid1).', '.$SQL->quote($shop_count1).', '.$SQL->quote($shop_itemid2).', '.$SQL->quote($shop_count2).', '.$SQL->quote($shop_offer_type).', '.$SQL->quote($shop_offer_description).', '.$SQL->quote($shop_offer_name).', 0)');
            $main_content .= '<center><h2><font color="red">Added to Shop:</font></h2></center><hr/>
                <tr><td align="center" ><b>Points:</b></td>
                <td>'.$shop_points.'</td></tr><br />';
            if($shop_offer_type == 'container'){
                $main_content .= '<tr><td align="center" ><b>Container ID:</b></td>
                    <td>'.$shop_itemid1.'</td></tr><br />
                    <tr><td align="center" ><b>Count Container:</b></td>
                    <td>'.$shop_count1.'</td></tr><br />
                    <tr><td align="center" ><b> Item ID (in Container):</b></td>
                    <td>'.$shop_itemid2.'</td></tr><br />
                    <tr><td align="center" ><b>Count Item (in Container):</b></td>
                    <td>'.$shop_count2.'</td></tr><br />';
            }
            if ($shop_offer_type == 'item'){
                $main_content .= '<tr><td align="center" ><b>Item ID:</b></td>
                    <td>'.$shop_itemid1.'</td></tr><br />
                    <tr><td align="center" ><b>Count Item:</b></td>
                    <td>'.$shop_count1.'</td></tr><br />';
            }
            if ($shop_offer_type == 'itemvip'){
                $main_content .= '<tr><td align="center" ><b>Item ID:</b></td>
                    <td>'.$shop_itemid1.'</td></tr><br />
                    <tr><td align="center" ><b>Count Item:</b></td>
                    <td>'.$shop_count1.'</td></tr><br />';
            }
            if ($shop_offer_type == 'pacc'){
                $main_content .= '<tr><td align="center" ><b>Days:</b></td>
                    <td>'.$shop_count1.'</td></tr><br />';
            }
            if ($shop_offer_type == 'vipdays'){
                $main_content .= '<tr><td align="center" ><b>Days:</b></td>
                    <td>'.$shop_count1.'</td></tr><br />';
            }
            $main_content .= '<tr><td align="center" ><b>Offer Type:</b></td>
                <td>'.$shop_offer_type.'</td></tr><br />
                <tr><td align="center" ><b>Offer Description:</b></td>
                <td>'.$shop_offer_description.'</td></tr><br />
                <tr><td align="center" ><b>Offer Name:</b></td>
                <td>'.$shop_offer_name.'</td></tr>
                <br /><form action="?subtopic=shopadmin&action=addoffer" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form>';
        }
    }
    if($action == "viewoffer") {
        $items = simplexml_load_file($config['site']['server_path'].'otserv/data/items/items.xml') or die('<b>Could not load items!</b>');
        foreach($items->item as $v)
            $itemList[(int)$v['id']] = $v['name'];
        $order = array("id" => "id", "points" => "points", "offer_type" => "offer_type", "itemid1" => "itemid1", "itemid2" => "itemid2");
        $main_content .= '<center><table width="550"><tr BGCOLOR="#505050"><td width="5"><font color="white"><a href="index.php?subtopic=shopadmin&action=viewoffer&order=' . getOrder($order, 'order', 'id') . '" class=white>ID:</td><td width="5"><font color="white"><a href="index.php?subtopic=shopadmin&action=viewoffer&order=' . getOrder($order, 'order', 'points') . '" class=white>Points:</td><td width="7">
            <font color="white"><a href="index.php?subtopic=shopadmin&action=viewoffer&order=' . getOrder($order, 'order', 'itemid1') . '" class=white>Item ID:</td><td width="5"><font color="white">Count:</td><td width="7"><center><font color="white"><a href="index.php?subtopic=shopadmin&action=viewoffer&order=' . getOrder($order, 'order', 'itemid2') . '" class=white>Container ID:</center></td><td width="5"><font color="white">Count:</td><td width="7"><font color="white"><a href="index.php?subtopic=shopadmin&action=viewoffer&order=' . getOrder($order, 'order', 'offer_type') . '" class=white>Offer Type:</td>
            <td width="85"><font color="white">Offer Description:</td><td width="30"><font color="white">Offer Name:</td><td width="30"></td></tr>';
        $shopoffers = $SQL->query('SELECT id, points, itemid1, count1, itemid2, count2, offer_type, offer_description, offer_name, pid FROM z_shop_offer ' . makeOrder($order, 'order', 'id'));
        foreach($shopoffers as $shop) {
            $main_content .= '</B><tr BGCOLOR="#D4C0A1"><td align="center">'.$shop['id'].'<td align="center">'.$shop['points'].'</td>';
            if($shop['itemid1'] == "0") {
                $main_content .= '<td align="center">'.$shop['itemid1'].'<br /></td>';
            } else {
                $main_content .= '<td align="center">'.$shop['itemid1'].'<br />(' . $itemList[(int)$shop['itemid1']] . ')</td>';
            }
            $main_content .= '<td align="center">'.$shop['count1'].'</td>';
            if($shop['itemid2'] == "0") {
                $main_content .= '<td align="center">'.$shop['itemid2'].'</td>';
            } else {
                $main_content .= '<td align="center">'.$shop['itemid2'].'<br />(' . $itemList[(int)$shop['itemid2']] . ')</td>';
            }
            $main_content .= '<td align="center">'.$shop['count2'].'</td><td align="center">'.$shop['offer_type'].'</td><td align="left">'.$shop['offer_description'].'</td><td align="left">'.$shop['offer_name'].'</td>';
            $main_content .= '<td align="center"><a href="?subtopic=shopadmin&action=editoffer&id='.$shop['id'].'"><img src="'.$layout_name.'/images/news/edit_news.png" border="0"></a><br /><br /><a href="?subtopic=shopadmin&action=deleteoffer&id='.$shop['id'].'"><img src="'.$layout_name.'/images/news/delete_news.png" border="0"></a></td>';
        }
        $main_content .= '</td></tr></TABLE><br /><form action="?subtopic=shopadmin" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form>';
    }
    if($action == "deleteoffer") {
        $id = (int) $_REQUEST['id'];
        $SQL->query('DELETE FROM z_shop_offer WHERE id = '.$id.' LIMIT 1;');
        $main_content .= '<center>Shop offer has been deleted.</center><br /><center><form action="?subtopic=shopadmin&action=viewoffer" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form></center>';
    }
    if($action == "editoffer") {
        $id = (int) $_REQUEST['id'];
        $shopoffers = $SQL->query('SELECT * FROM z_shop_offer WHERE id = '.$id.' LIMIT 1;');
        foreach($shopoffers as $shop) {
            $main_content .= '<form action="?subtopic=shopadmin&action=edited&id='.$id.'" method="post" ><table border="0"><tr><td align="center" ><b>Points:</b></td>
                <td><input type="textbox" name="shop_points" maxlenght="7" value="'.$shop['points'].'" style="width: 70px"></td></tr>';
            if($shop['offer_type'] == 'container'){
                $main_content .= '<tr><td align="center" ><b>Container ID:</b></td>
                    <td><input type="text" name="shop_itemid1" maxlenght="7" value="'.$shop['itemid1'].'" style="width: 70px" ></td></tr>
                    <tr><td align="center" ><b>Count Container:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" value="'.$shop['count1'].'" style="width: 70px" ></td></tr>
                    <tr><td align="center" ><b>Item ID:</b></td>
                    <td><input type="text" name="shop_itemid2" maxlenght="7" value="'.$shop['itemid2'].'" style="width: 70px" ></td></tr>
                    <tr><td align="center" ><b>Count Item:</b></td>
                    <td><input type="text" name="shop_count2" maxlenght="7" value="'.$shop['count2'].'" style="width: 70px" ></td></tr>';
            }
            if($shop['offer_type'] == 'item'){
                $main_content .= '<tr><td align="center"><b>Item ID:</b></td>
                    <td><input type="text" name="shop_itemid1" maxlenght="7" value="'.$shop['itemid1'].'" style="width: 70px" ></td></tr>
                    <tr><td align="center"><b>Item Count:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" value="'.$shop['count1'].'" style="width: 70px" ></td></tr>';
            }
            if($shop['offer_type'] == 'itemvip'){
                $main_content .= '<tr><td align="center"><b>Item ID:</b></td>
                    <td><input type="text" name="shop_itemid1" maxlenght="7" value="'.$shop['itemid1'].'" style="width: 70px" ></td></tr>
                    <tr><td align="center"><b>Item Count:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" value="'.$shop['count1'].'" style="width: 70px" ></td></tr>';
            }
            if($shop['offer_type'] == 'pacc'){
                $main_content .= '<tr><td align="center" ><b>Days:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" style="width: 70px" ></td></tr>';
            }
            if($shop['offer_type'] == 'vipdays'){
                $main_content .= '<tr><td align="center" ><b>Days:</b></td>
                    <td><input type="text" name="shop_count1" maxlenght="7" style="width: 70px" ></td></tr>';
            }
            $main_content .= '<tr><td align="center" ><b>Offer Type:</b></td>
                <td><input type="text" name="shop_offer_type" value="'.$shop['offer_type'].'" maxlenght="40" style="width: 200px" ></td></tr>
                <tr><td align="center" ><b>Offer Description:</b></td>
                <td ><textarea name="shop_offer_description" rows="2" cols="35">'.$shop['offer_description'].'</textarea></td></tr>
                <tr><td align="center" ><b>Offer Name:</b></td>
                <td><input type="text" name="shop_offer_name" value="'.$shop['offer_name'].'" maxlenght="40" style="width: 200px" ></td></tr>
                <tr><td><input name="submit" type="submit" value="Submit" /></form></td><td></td></tr></table>';
            $main_content .= '<form action="?subtopic=shopadmin&action=viewoffer" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form>';
        }
    }
    if($action == "edited") {
        $id = (int) $_REQUEST['id'];
        $shop_points = stripslashes(trim($_POST['shop_points']));
        $shop_offer_type = stripslashes(trim($_POST['shop_offer_type']));
        $shop_itemid1 = stripslashes(trim($_POST['shop_itemid1']));
        $shop_count1 = stripslashes(trim($_POST['shop_count1']));
        $shop_itemid2 = stripslashes(trim($_POST['shop_itemid2']));
        $shop_count2 = stripslashes(trim($_POST['shop_count2']));
        $shop_offer_description = stripslashes(trim($_POST['shop_offer_description']));
        $shop_offer_name = stripslashes(trim($_POST['shop_offer_name']));
        $SQL->query('UPDATE `z_shop_offer` SET `points` = '.$shop_points.', `itemid1` = '.$SQL->quote($shop_itemid1).', `count1` = '.$SQL->quote($shop_count1).', `itemid2` = '.$SQL->quote($shop_itemid2).', `count2` = '.$SQL->quote($shop_count2).', `offer_type` = '.$SQL->quote($shop_offer_type).', `offer_description` = '.$SQL->quote($shop_offer_description).', `offer_name` = '.$SQL->quote($shop_offer_name).' WHERE `id` = '.$id.';');
        $main_content .= '<b><center>Shop offer successfully edited.</b><br /><br /><form action="?subtopic=shopadmin&action=viewoffer" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form><meta http-equiv="refresh" content="1;url=/?subtopic=shopadmin&action=viewoffer" />';
    }
    if($action == "points") {
        $player = stripslashes(ucwords(strtolower(trim($_REQUEST['character']))));
        $points = $_POST['points'];
        if(empty($player)) {
            $main_content .= '<form action="" method="post"><B>Enter Character Name:</B><input type="textbox" name="character"><br />
                <B>Enter Points Amount:</B><input type="textbox" name="points"><br /><br /><input type="submit" value="Submit">
                </form></center><form action="?subtopic=shopadmin" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form>';
        } else {
            $player_data = $SQL->query("SELECT * FROM `players` WHERE `name` = '".$player."';")->fetch();
            $SQL->query("UPDATE `accounts` SET `premium_points` = `premium_points` + '".$points."' WHERE `id` = '".$player_data['account_id']."'");
            $main_content .= '<b><center>'.$points.' Premium Points added to the account of <i>'.$player.'</i> !</b></center><br />
                <form action="?subtopic=shopadmin" method="post" ><input name="submit" type="submit" value="Back" title="Back"/></form>';
        }
    }
} else {
    $main_content .= 'Sorry, you have not the rights to access this page.';
}
?>

Em Shopsystem.php

Arquivo muito grande... Anexei o arquivo > shopsystem.php

Em globalevents/scripts/shop.lua

-- ### CONFIG ###
-- message send to player by script "type" (types you can check in "global.lua")
SHOP_MSG_TYPE = 19
-- time (in seconds) between connections to SQL database by shop script
SQL_interval = 30
-- ### END OF CONFIG ###
function onThink(interval, lastExecution)
    local result_plr = db.getResult("SELECT * FROM z_ots_comunication WHERE `type` = 'login';")
    if(result_plr:getID() ~= -1) then
        while(true) do
            id = tonumber(result_plr:getDataInt("id"))
            action = tostring(result_plr:getDataString("action"))
            delete = tonumber(result_plr:getDataInt("delete_it"))
            cid = getCreatureByName(tostring(result_plr:getDataString("name")))
            if isPlayer(cid) == TRUE then
                local itemtogive_id = tonumber(result_plr:getDataInt("param1"))
                local itemtogive_count = tonumber(result_plr:getDataInt("param2"))
                local container_id = tonumber(result_plr:getDataInt("param3"))
                local container_count = tonumber(result_plr:getDataInt("param4"))
                local add_item_type = tostring(result_plr:getDataString("param5"))
                local add_item_name = tostring(result_plr:getDataString("param6"))
                local received_item = 0
                local full_weight = 0
                if add_item_type == 'container' then
                    container_weight = getItemWeightById(container_id, 1)
                    if isItemRune(itemtogive_id) == TRUE then
                        items_weight = container_count * getItemWeightById(itemtogive_id, 1)
                    else
                        items_weight = container_count * getItemWeightById(itemtogive_id, itemtogive_count)
                    end
                    full_weight = items_weight + container_weight
                else
                    full_weight = getItemWeightById(itemtogive_id, itemtogive_count)
                    if isItemRune(itemtogive_id) == TRUE then
                        full_weight = getItemWeightById(itemtogive_id, 1)
                    else
                        full_weight = getItemWeightById(itemtogive_id, itemtogive_count)
                    end
                end
                local free_cap = getPlayerFreeCap(cid)
                if full_weight <= free_cap then
                    if add_item_type == 'container' then
                        local new_container = doCreateItemEx(container_id, 1)
                        local iter = 0
                        while iter ~= container_count do
                            doAddContainerItem(new_container, itemtogive_id, itemtogive_count)
                            iter = iter + 1
                        end
                        received_item = doPlayerAddItemEx(cid, new_container)
                    else
                        local new_item = doCreateItemEx(itemtogive_id, itemtogive_count)
                        received_item = doPlayerAddItemEx(cid, new_item)
                    end
                    if received_item == RETURNVALUE_NOERROR then
                        doPlayerSendTextMessage(cid, SHOP_MSG_TYPE, 'You received >> '.. add_item_name ..' << from OTS shop.')
                        db.executeQuery("DELETE FROM `z_ots_comunication` WHERE `id` = " .. id .. ";")
                        db.executeQuery("UPDATE `z_shop_history_item` SET `trans_state`='realized', `trans_real`=" .. os.time() .. " WHERE id = " .. id .. ";")
                    else
                        doPlayerSendTextMessage(cid, SHOP_MSG_TYPE, '>> '.. add_item_name ..' << from OTS shop is waiting for you. Please make place for this item in your backpack/hands and wait about '.. SQL_interval ..' seconds to get it.')
                    end
                else
                    doPlayerSendTextMessage(cid, SHOP_MSG_TYPE, '>> '.. add_item_name ..' << from OTS shop is waiting for you. It weight is '.. full_weight ..' oz., you have only '.. free_cap ..' oz. free capacity. Put some items in depot and wait about '.. SQL_interval ..' seconds to get it.')
                end
            end
            if not(result_plr:next()) then
                break
            end
        end
        result_plr:free()
    end
    return TRUE
end

Em globalevents/globalevents.xml

<globalevent name="shop" interval="30000" script="shop.lua"/>

Creditos: Subyth, Claudio(ele não deixou eu postar, to nem ai), GlobalTera

Editado Agosto 29, 2013 12 anos por Subyth (veja o histórico de edições)

Citar

Mention

Postado Agosto 29, 2013 12 anos

Muito bom,só não dou REP+ porquê já dei hoje,e vem até com Anti SQLi,thanks !!!

Citar

Mention

Postado Agosto 29, 2013 12 anos

Olá amigo, na funcão anti_injection você apenas colocou ela ... ela não é 'chamada' por nenhum lugar ;s Me corrigem se eu esiver errado!

STYLLER OT 2022

Citar

Mention

Postado Agosto 29, 2013 12 anos

Autor

Olá amigo, na funcão anti_injection você apenas colocou ela ... ela não é 'chamada' por nenhum lugar ;s Me corrigem se eu esiver errado!

Ela bloqueia as sintaxe

/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/", "

somente, evitando acesso indevido.

Citar

Mention

Postado Agosto 29, 2013 12 anos

Ela bloqueia as sintaxe
/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/", "
somente, evitando acesso indevido.

Olá amigo, eu sei qual a função dela, o problema é que ela esta inutilizada ....

Você teria que colocar ela no seu index e na continuação implementar isso:

$_REQUEST= anti_injection($_REQUEST);
$_POST = anti_injection($_POST);
$_GET = anti_injection($_GET);

Bom, pelo menos eu acho que é assim, sou novo nisso ... Abraço!

STYLLER OT 2022

Citar

Mention

Entrar

[GESIOR ACC] Retirando CLonagem em Shop

Featured Replies

Top Posters In This Topic

Popular Days

Participe da conversa

Quem Está Navegando 0

Estatísticas dos Fóruns

Top Posters In This Topic

Popular Days

Informação Importante

Account

Navigation

Pesquisar