Reply to thread

Message

<blockquote data-quote="JayC" data-source="post: 308857" data-attributes="member: 36373">Alright heres the whole thing divided up:JavaScript[CODE]&nbsp; &nbsp; &lt;script type=&quot;text/javascript&quot; src=&quot;http://code.jquery.com/jquery-git.js&quot;&gt;&lt;/script&gt;&nbsp; &nbsp; &lt;script type='text/javascript'&gt;&nbsp; &nbsp; &nbsp; $(window).load(function(){&nbsp; &nbsp; &nbsp; &nbsp; $('#choose').change(function(){&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; var image = $(&quot;#choose option:selected&quot;).data('image');&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $('#selected').attr(&quot;src&quot;, image);&nbsp; &nbsp; &nbsp; &nbsp; });&nbsp; &nbsp; &nbsp; });&nbsp; &nbsp; &lt;/script&gt;[/CODE]Form[CODE]&lt;form name=&quot;form&quot; action=&quot;&quot; method=&quot;post&quot;&gt;&nbsp; &nbsp; &lt;span title=&quot;Pick Your Room&quot;&gt;Room ID: &lt;/span&gt;&lt;br /&gt;&nbsp; &nbsp; &lt;select name=&quot;room_id&quot;&gt;&nbsp; &nbsp; &lt;?php&nbsp; &nbsp; $getRoomInfo = mysql_query('SELECT id,caption FROM rooms WHERE id AND owner = &quot;'.USER_NAME.'&quot;');while($roomInfo = mysql_fetch_array($getRoomInfo)){&nbsp; echo '&lt;option value=&quot;'.clean($roomInfo['id']).'&quot;&gt;'.$roomInfo['id'].' - '.clean($roomInfo['caption']).'&lt;br /&gt;&lt;/option&gt;';}?&gt;&nbsp; &nbsp; &lt;/select&gt;&lt;br /&gt;&lt;br /&gt;&nbsp; &nbsp; &lt;select id=&quot;choose&quot;&gt;&nbsp; &nbsp; &nbsp; &lt;option selected=&quot;selected&quot;&gt;Choose Image&lt;/option&gt;&nbsp; &nbsp; &nbsp; &lt;option data-image=&quot;http://aeon-hotel.net/r63/c_images/groups/POKE1.gif&quot;&gt; Image One &lt;/option&gt;&nbsp; &nbsp; &nbsp; &lt;option data-image=&quot;http://aeon-hotel.net/r63/c_images/groups/ES079.gif&quot;&gt; Image Two &lt;/option&gt;&nbsp; &nbsp; &nbsp; &lt;option data-image=&quot;http://aeon-hotel.net/r63/c_images/groups/ES078.gif&quot;&gt; Image Three &lt;/option&gt;&nbsp; &nbsp; &lt;/select&gt;&lt;br /&gt;&nbsp; &nbsp; &lt;img id=&quot;selected&quot; src=&quot;http://placehold.it/50x50/aaaaaa&quot; /&gt;&lt;br&gt;&nbsp;&nbsp; &nbsp; &nbsp; &lt;span title=&quot;Name&quot;&gt;Group name: &lt;/span&gt;&lt;br /&gt;&nbsp; &nbsp; &lt;input type=&quot;text&quot; name=&quot;name&quot; /&gt;&lt;br /&gt;&lt;br /&gt;&nbsp;&nbsp; &nbsp; &nbsp; &lt;span title=&quot;Desc&quot;&gt;Group Description: &lt;/span&gt;&lt;br /&gt;&nbsp; &nbsp; &lt;textarea name=&quot;desc&quot; rows=&quot;4&quot; cols=&quot;40&quot;&gt;&lt;/textarea&gt;&lt;br /&gt;&lt;br /&gt;&nbsp;&nbsp; &nbsp; &nbsp; &lt;span title=&quot;Priv&quot;&gt;Group Privacy: &lt;/span&gt;&lt;br /&gt;&nbsp; &nbsp; &nbsp; &nbsp; &lt;select name=&quot;priv&quot;&gt;&nbsp; &lt;option value=&quot;open&quot;&gt;Open&lt;/option&gt;&nbsp; &lt;option value=&quot;blocked&quot;&gt;Blocked&lt;/option&gt;&lt;/select&gt;&lt;br /&gt;&lt;br /&gt;&nbsp; &nbsp; &lt;span title=&quot;Stat&quot;&gt;Group Status: &lt;/span&gt;&lt;br /&gt;&nbsp; &nbsp; &lt;select name=&quot;stat&quot;&gt;&nbsp; &lt;option value=&quot;open&quot;&gt;Open&lt;/option&gt;&nbsp; &lt;option value=&quot;locked&quot;&gt;Locked&lt;/option&gt;&nbsp; &lt;option value=&quot;closed&quot;&gt;Closed&lt;/option&gt;&lt;/select&gt;&lt;br /&gt;&lt;br /&gt;&nbsp;&nbsp; &nbsp; &nbsp; &lt;input type=&quot;submit&quot; name=&quot;Groups&quot; value=&quot;Create&quot; class=&quot;submit&quot;&gt;&lt;/form&gt;[/CODE]PHP[CODE]&lt;?phpif(isset($_POST['Groups'])){&nbsp; $rid = filter($_POST['room_id']);&nbsp; $name = filter($_POST['name']);&nbsp; $desc = filter($_POST['desc']);&nbsp; $Priv = filter($_POST['priv']);&nbsp; $Stat = filter($_POST['stat']);&nbsp; $badge = filter($_POST['choose']);&nbsp;&nbsp; $hope = dbquery(&quot;SELECT * FROM rooms WHERE id='&quot;.$rid.&quot;'&quot;);&nbsp; $room = dbquery(&quot;SELECT * FROM groups WHERE roomid='&quot;.$rid.&quot;'&quot;);&nbsp; $room2 = mysql_fetch_assoc($room);&nbsp; $hope2 = mysql_fetch_assoc($hope);&nbsp;&nbsp; if(mysql_num_rows($room) &gt; 1)&nbsp; {&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;Room already has a group&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif(strstr($desc, &quot;&lt;&quot;) || strstr($desc, &quot;&gt;&quot;) || strstr($desc, &quot;?&quot;) || strstr($desc, &quot;&amp;&quot;) || strstr($desc, &quot;#&quot;) || strstr($desc, &quot;@&quot;) || strstr($desc, &quot;*&quot;) || strstr($desc, &quot;%&quot;)) {&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;Why are you trying to exploit?&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif(strstr($name, &quot;&lt;&quot;) || strstr($name, &quot;&gt;&quot;) || strstr($name, &quot;?&quot;) || strstr($name, &quot;&amp;&quot;) || strstr($name, &quot;#&quot;) || strstr($name, &quot;@&quot;) || strstr($name, &quot;*&quot;) || strstr($name, &quot;%&quot;)) {&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;Why are you trying to exploit?&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif(is_numeric($name))&nbsp; {&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;No numbers in the group name please&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif($hope2['owner'] != $users-&gt;Id2name(USER_ID))&nbsp; {&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;That room doesn\'t belong to you.&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif(strlen($name) &lt; 1 || strlen($name) &gt; 12)&nbsp; {&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;The Group Name must be between 1 - 12 characters.&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif(strlen($desc) &gt; 120)&nbsp; {&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;The Group Desc must be less than 120 characters.&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif($Priv != &quot;open&quot; &amp;&amp; $Priv != &quot;blocked&quot;)&nbsp; {&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;Privacy Invalid Response&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }elseif($Stat != &quot;open&quot; &amp;&amp; $Stat != &quot;closed&quot; &amp;&amp; $Stat != &quot;locked&quot;)&nbsp; {&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-red&quot;&gt;&lt;strong&gt;Status Invalid Response&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }else&nbsp; {&nbsp;&nbsp; dbquery(&quot;INSERT INTO groups (name,desc,badge,owner_id,created,roomid,locked,privacy) VALUES ('&quot;.$name.&quot;','&quot;.$desc.&quot;','&quot;.$badge.&quot;','&quot;.USER_ID.&quot;','&quot; . date('j F Y h:i') . &quot;','&quot;.$rid.&quot;','&quot;.$Priv.&quot;','&quot;.$Stat.&quot;')&quot;);&nbsp;&nbsp; echo '&lt;center&gt;&lt;div class=&quot;rounded rounded-green&quot;&gt;&lt;strong&gt;Your bot has been added, unload your room and bam your bot is there! :)&lt;/strong&gt;&lt;/div&gt;&lt;/center&gt;';&nbsp; }}?&gt;[/CODE]</blockquote>

[QUOTE="JayC, post: 308857, member: 36373"] Alright heres the whole thing divided up: JavaScript [CODE] <script type="text/javascript" src="http://code.jquery.com/jquery-git.js"></script> <script type='text/javascript'> $(window).load(function(){ $('#choose').change(function(){ var image = $("#choose option:selected").data('image'); $('#selected').attr("src", image); }); }); </script>[/CODE] Form [CODE] <form name="form" action="" method="post"> Room ID: <select name="room_id"> <?php $getRoomInfo = mysql_query('SELECT id,caption FROM rooms WHERE id AND owner = "'.USER_NAME.'"'); while($roomInfo = mysql_fetch_array($getRoomInfo)) { echo '<option value="'.clean($roomInfo['id']).'">'.$roomInfo['id'].' - '.clean($roomInfo['caption']).' </option>'; } ?> </select> <select id="choose"> <option selected="selected">Choose Image</option> <option data-image="http://aeon-hotel.net/r63/c_images/groups/POKE1.gif"> Image One </option> <option data-image="http://aeon-hotel.net/r63/c_images/groups/ES079.gif"> Image Two </option> <option data-image="http://aeon-hotel.net/r63/c_images/groups/ES078.gif"> Image Three </option> </select> <img id="selected" src="http://placehold.it/50x50/aaaaaa" /> Group name: <input type="text" name="name" /> Group Description: <textarea name="desc" rows="4" cols="40"></textarea> Group Privacy: <select name="priv"> <option value="open">Open</option> <option value="blocked">Blocked</option> </select> Group Status: <select name="stat"> <option value="open">Open</option> <option value="locked">Locked</option> <option value="closed">Closed</option> </select> <input type="submit" name="Groups" value="Create" class="submit"> </form>[/CODE] PHP [CODE] <?php if(isset($_POST['Groups'])) { $rid = filter($_POST['room_id']); $name = filter($_POST['name']); $desc = filter($_POST['desc']); $Priv = filter($_POST['priv']); $Stat = filter($_POST['stat']); $badge = filter($_POST['choose']); $hope = dbquery("SELECT * FROM rooms WHERE id='".$rid."'"); $room = dbquery("SELECT * FROM groups WHERE roomid='".$rid."'"); $room2 = mysql_fetch_assoc($room); $hope2 = mysql_fetch_assoc($hope); if(mysql_num_rows($room) > 1) { echo '<center><div class="rounded rounded-red">Room already has a group</div></center>'; }elseif(strstr($desc, "<") || strstr($desc, ">") || strstr($desc, "?") || strstr($desc, "&") || strstr($desc, "#") || strstr($desc, "@") || strstr($desc, "*") || strstr($desc, "%")) { echo '<center><div class="rounded rounded-red">Why are you trying to exploit?</div></center>'; }elseif(strstr($name, "<") || strstr($name, ">") || strstr($name, "?") || strstr($name, "&") || strstr($name, "#") || strstr($name, "@") || strstr($name, "*") || strstr($name, "%")) { echo '<center><div class="rounded rounded-red">Why are you trying to exploit?</div></center>'; }elseif(is_numeric($name)) { echo '<center><div class="rounded rounded-red">No numbers in the group name please</div></center>'; }elseif($hope2['owner'] != $users->Id2name(USER_ID)) { echo '<center><div class="rounded rounded-red">That room doesn\'t belong to you.</div></center>'; }elseif(strlen($name) < 1 || strlen($name) > 12) { echo '<center><div class="rounded rounded-red">The Group Name must be between 1 - 12 characters.</div></center>'; }elseif(strlen($desc) > 120) { echo '<center><div class="rounded rounded-red">The Group Desc must be less than 120 characters.</div></center>'; }elseif($Priv != "open" && $Priv != "blocked") { echo '<center><div class="rounded rounded-red">Privacy Invalid Response</div></center>'; }elseif($Stat != "open" && $Stat != "closed" && $Stat != "locked") { echo '<center><div class="rounded rounded-red">Status Invalid Response</div></center>'; }else { dbquery("INSERT INTO groups (name,desc,badge,owner_id,created,roomid,locked,privacy) VALUES ('".$name."','".$desc."','".$badge."','".USER_ID."','" . date('j F Y h:i') . "','".$rid."','".$Priv."','".$Stat."')"); echo '<center><div class="rounded rounded-green">Your bot has been added, unload your room and bam your bot is there! :)</div></center>'; } } ?>[/CODE] [/QUOTE]

Verification

Reply to thread

Connect with us

Newest members