I need help please

Status
Not open for further replies.
K

K4TRIN4

Posting Freak
Jul 24, 2012
777
39
I have a user that keeps hacking into my database i guess he is ussing a sql injector obviously and im also guessing that he is getting in by my exploits i in my habbo theme i had an exploit in my values page as when i went onto it the values page no longer showed it just came up with hacked by then the name so im not sure howe to fix the exploits so i removed the values page so basially im saying i need someone who can help me fix my exploits over teamviewer there will be a reward if your able to help not sure what we can discuss it over pm.
Thanks alot guys
 
Sort by date Sort by votes
K

K4TRIN4

Posting Freak
Jul 24, 2012
777
39
LukeeDat said:
What m0nsta said...
They we would have something to work off.
Click to expand...
Ok dokie its
PHP: 
<!DOCTYPE html>
<?php
 
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// Credits to:
// KyleBarsby from DevBest.com
// Barsby from otaku-studios.com
// kyle30000 from *****.com
 
mysql_query( "CREATE TABLE IF NOT EXISTS `values` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, `price` varchar(255) NOT NULL, `imgurl` varchar(255) NOT NULL, `timestamp` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;" );
 
?>
</div>
 
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>{hotelName}: Rare Values!</title>
 
<script type="text/javascript">
var andSoItBegins = (new Date()).getTime();
var ad_keywords = "";
document.habboLoggedIn = true;
var habboName = "{username}";
var habboReqPath = "{url}";
var habboStaticFilePath = "{url}/app/tpl/skins/{skin}";
var habboImagerUrl = "/habrus-imaging/";
var habboPartner = "";
var habboDefaultClientPopupUrl = "{url}/client";
window.name = "habboMain";
if (typeof HabboClient != "undefined") { HabboClient.windowName = "ClientWnd"; }
</script>
<link rel="shortcut icon" href="{url}/app/tpl/skins/{skin}/v2/favicon.ico" type="image/vnd.microsoft.icon"/>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
<script type="text/rocketscript" "{url}/app/tpl/skins/{skin}/js/common.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/style.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/buttons.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/boxes.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/tooltips.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/personal.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/minimail.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/control.textarea.css" type="text/css"/>
<link rel="" href="{url}/app/tpl/skins/{skin}/styles/lightweightmepage.css" type="text/css"/>
<script type="text/rocketscript" "{url}/app/tpl/skins/{skin}/js/lightweightmepage.js"></script> <style type="text/css">body{background-image:url('{url}/app/tpl/skins/{skin}/images/bg.png')!important;}h1 a{height:51px!important;width:500px!important;background-image:url('{url}/app/tpl/skins/{skin}/images/logo.gif')!important;}</style>
 
<style type="text/css">body{background-image:url('{url}/app/tpl/skins/{skin}/images/bg.png')!important;}h1 a{height:51px!important;width:500px!important;background-image:url('{url}/app/tpl/skins/{skin}/images/logo.gif')!important;}</style>
 
<meta name="description" content="Force is a virtual world where you can meet and make friends. Make friends, join the fun, get noticed!"/>
<meta name="keywords" content="Force, habrus, ibobbax, habluck, ibx, ibobbaxhotel, ibobbax hotel, meth0d, nillus, uber, org, *****, retro, keep it real, private server, free, credits, habbo hotel , virtual, world, social network, free, community, avatar, chat, online, teen, roleplaying, join, social, groups, forums, safe, play, games, online, friends, teens, rares, rare furni, collecting, create, collect, connect, furni, furniture, pets , room design, sharing, expression, badges, hangout, music, celebrity, celebrity visits, celebrities, mmo, mmorpg, massively multiplayer"/>
<!--[if IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/v2/styles/ie8.css" type="text/css" />
<![endif]-->
<!--[if lt IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/v2/styles/ie.css" type="text/css" />
<![endif]-->
<!--[if lt IE 7]>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/v2/styles/ie6.css" type="text/css" />
<script src="{url}/app/tpl/skins/{skin}/js/pngfix.js" type="text/javascript"></script>
<script type="text/javascript">
try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
</script>
 
<style type="text/css">
body { behavior: url([URL]http://www.habbo.nl/js/csshover.htc);[/URL] }
</style>
<![endif]-->
<meta name="build" content=""/>
</head>
<script language="javascript" type="text/rocketscript" data-rocketsrc="[URL]http://simplexstream.com/system/streaminfo.js[/URL]"></script>
<script language="javascript" type="text/rocketscript" data-rocketsrc="[URL]http://simplexstream.com/js.php/xenonr/streaminfo/rnd0[/URL]"></script>
<body id="" class=" ">
<div id="overlay"></div>
<div id="header-container">
<div id="header" class="clearfix">
<h1><a href="[URL]http://force-hotel.net[/URL]"></a></h1>
<script type="text/rocketscript">
L10N.put("purchase.group.title", "Create a group");
document.observe("dom:loaded", function() {
$("signout").observe("click", function() {
HabboClient.close();
});
});
</script>
<ul id="navi">
<li class="metab"><a href="{url}/me">{username} <img src="{url}/app/tpl/skins/{skin}/images/id.png" style="vertical-align: middle;"></a><span></span></li>
<li><a href="{url}/Community">Community <img src="{url}/app/tpl/skins/{skin}/images/forum_2.gif" style="vertical-align: middle;"></a><span></span>
<li><a href="{url}/shop">Shop <img src="{url}/app/tpl/skins/{skin}/images/new_11.gif" style="vertical-align: middle;"></a><span></span></li>
 
<li class="metab selected"><strong>Rare Values <img src="{url}/app/tpl/skins/{skin}/images/new_11.gif" style="vertical-align: middle;"></strong><span></span></li>
<?php if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 6)
{ ?>
<li id="tab-register-now" class="tab-register-now"><a href="{url}/stafflogin/index.php?url=login">HouseKeeping</a><span></span></li>
<?php
} ?>
</ul>
<div id="ibxs-online"><div class="rounded">
<div style="padding-top:7px;">
<a href="/client" class="new-button green-button" style="float:left;" target="ClientWnd" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter {HotelName}</b><i></i></a></div>
<span style="margin-top:-2px">
{online} User(s) online </span>
</div></div>
</div>
</div>
<div id="content-container">
<div id="navi2-container" class="pngbg">
<div id="navi2" class="pngbg clearfix">
<ul>
<?php if( isset( $_GET['add'] ) ) { ?><li><a href="{url}/values">Rare Values</a></li>
<?php }else{ ?><li class="selected">Rare Values</li>
<?php } ?>
<?php if( $_SESSION['user']['rank'] >= 6 ) { ?><?php if( !isset( $_GET['add'] ) ) { ?><li class="last"><a href="{url}/index.php?url=values&add">Add Rare</a></li>
<?php }else{ ?><li class="selected last">Add Rare</li>
<?php } ?>
<?php } ?>
<li class=" last"><a href="/logout" class="userlink" id="signout">Sign Out</a></li>
</ul>
 
</div>
</div>
<div id="container">
<div id="content" style="position: relative" class="clearfix">
<div id="column1" class="column" style="width: 770px;">
<div class="habblet-container ">
<div class="cbb clearfix red">
<h2 class="title">Rare Values</h2>
<div style="padding:5px;">
<?php if( isset( $_GET['add'] ) and $_SESSION['user']['rank'] >= 6 ) {
 
if( $_GET['id'] ) {
 
$query = mysql_query( "SELECT * FROM `values` WHERE id = '{$_GET['id']}'" );
$array = mysql_fetch_assoc( $query );
 
}
 
if( $_POST['submit'] ) {
 
$rare_name = $_POST['rare_name'];
$rare_imgurl = $_POST['rare_imgurl'];
$rare_price = $_POST['rare_price'];
$time = time();
 
if( $_GET['id'] ) {
 
echo "<center><strong>Rare has been updated!</strong></center>";
mysql_query( "UPDATE `values` SET name = '{$rare_name}', imgurl = '{$rare_imgurl}', price = '{$rare_price}', timestamp = '{$time}' WHERE id = '{$_GET['id']}' " );
 
}else{
 
echo "<center><strong>Rare has been added!</strong></center>";
mysql_query( "INSERT INTO `values` ( name, imgurl, price, timestamp ) VALUES ( '{$rare_name}', '{$rare_imgurl}', '{$rare_price}', '{$time}' )" );
 
}
 
echo "<meta http-equiv=\"refresh\" content=\"3;url={url}/values\" />";
 
}else{
 
echo "<div>";
echo "<form method=\"post\">";
 
echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"5\">";
echo "<tr>";
echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_name\">Rare Name</label></td>";
echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_name\" size=\"50\" value=\"{$array['name']}\"></td>";
echo "</tr>";
echo "<tr>";
echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_imgurl\">Image Url</label></td>";
echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_imgurl\" size=\"50\" value=\"{$array['imgurl']}\"></td>";
echo "</tr>";
echo "</tr>";
echo "<tr>";
echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_price\">Price</label></td>";
echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_price\" size=\"50\" value=\"{$array['price']}\"></td>";
echo "</tr>";
echo "</table>";
 
echo "<div class=\"settings-buttons\">";
echo "<input type=\"submit\" value=\"Submit\" name=\"submit\" class=\"submit\" style=\"float: right;\">";
echo "</div>";
echo "</form>";
echo "</div>";
 
}
 
}elseif( isset( $_GET['delete'] ) and $_GET['id'] ) {
 
echo "<center><strong>Rare has been deleted!</strong></center>";
mysql_query( "DELETE FROM `values` WHERE id = '{$_GET['id']}'" );
echo "<meta http-equiv=\"refresh\" content=\"3;url={url}/values\" />";
 
}else{
 
$query = mysql_query( "SELECT * FROM `values`" );
$j = "a";
 
echo "<table width=\"100%\" border=\"0\" cellspacing=\"3\" cellpadding=\"5\">";
 
echo "<tr align=\"center\" style=\"font-weight: bold;\">";
echo "<td>Image</td>";
echo "<td>Name</td>";
echo "<td>Price</td>";
echo "<td>Last Edited</td>";
if( $_SESSION['user']['rank'] >= 6 ) {
echo "<td>Options</td>";
}
echo "</tr>";
 
while( $array = mysql_fetch_assoc( $query ) ) {
 
$credits = $array['price']." Credits";
$goldbars500 = ( $array['price'] / 500 )." (<img src=\"[URL='http://img204.imageshack.us/img204/5826/goldbar500.png\" target=']http://img204.imageshack.us/img204/5826/goldbar500.png\[/URL]" />)";
 
echo "<tr align=\"center\" id=\"rare-{$array['id']}\" class=\"rare {$j}\">";
echo "<td><img src=\"{$array['imgurl']}\" /></td>";
echo "<td>{$array['name']}</td>";
echo "<td>";
echo $credits;
echo "<br />";
echo $goldbars500;
echo "";
echo "</td>";
echo "<td>".date( "D, d F Y H:i (P)", $array['timestamp'] )."</td>";
if( $_SESSION['user']['rank'] >= 6 ) {
echo "<td>";
echo "<a href=\"{url}/index.php?url=values&add&id={$array['id']}\">Edit</a>";
echo "<br />";
echo "<a href=\"{url}/index.php?url=values&delete&id={$array['id']}\">Delete</a>";
echo "</td>";
}
echo "</tr>";
 
$j++;
if( $j == "c" ) { $j = "a"; }
 
}
 
echo "</table>";
 
}
 
?>
</div>
<?php include_once('bottom.php'); ?>
 
Upvote 0 Downvote
Sledmore

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,933
Yup the above snippet is vulnerable, replace it with this:

PHP: 
<!DOCTYPE html>
<?php
 
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// DO NOT EDIT ANYTHING BELOW HERE IF YOU DON'T KNOW WHAT YOUR DOING!!!!!!!!!!!!!!
// Credits to:
// KyleBarsby from DevBest.com
// Barsby from *****.com
// kyle30000 from *****.com
 
mysql_query( "CREATE TABLE IF NOT EXISTS `values` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, `price` varchar(255) NOT NULL, `imgurl` varchar(255) NOT NULL, `timestamp` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;" );
 
?>
</div>
 
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>{hotelName}: Rare Values!</title>
 
<script type="text/javascript">
var andSoItBegins = (new Date()).getTime();
var ad_keywords = "";
document.habboLoggedIn = true;
var habboName = "{username}";
var habboReqPath = "{url}";
var habboStaticFilePath = "{url}/app/tpl/skins/{skin}";
var habboImagerUrl = "/habrus-imaging/";
var habboPartner = "";
var habboDefaultClientPopupUrl = "{url}/client";
window.name = "habboMain";
if (typeof HabboClient != "undefined") { HabboClient.windowName = "ClientWnd"; }
</script>
<link rel="shortcut icon" href="{url}/app/tpl/skins/{skin}/v2/favicon.ico" type="image/vnd.microsoft.icon"/>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
<script type="text/rocketscript" "{url}/app/tpl/skins/{skin}/js/common.js"></script>
<script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/style.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/buttons.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/boxes.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/tooltips.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/personal.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/minimail.css" type="text/css"/>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/control.textarea.css" type="text/css"/>
<link rel="" href="{url}/app/tpl/skins/{skin}/styles/lightweightmepage.css" type="text/css"/>
<script type="text/rocketscript" "{url}/app/tpl/skins/{skin}/js/lightweightmepage.js"></script> <style type="text/css">body{background-image:url('{url}/app/tpl/skins/{skin}/images/bg.png')!important;}h1 a{height:51px!important;width:500px!important;background-image:url('{url}/app/tpl/skins/{skin}/images/logo.gif')!important;}</style>
 
<style type="text/css">body{background-image:url('{url}/app/tpl/skins/{skin}/images/bg.png')!important;}h1 a{height:51px!important;width:500px!important;background-image:url('{url}/app/tpl/skins/{skin}/images/logo.gif')!important;}</style>
 
<meta name="description" content="Force is a virtual world where you can meet and make friends. Make friends, join the fun, get noticed!"/>
<meta name="keywords" content="Force, habrus, ibobbax, habluck, ibx, ibobbaxhotel, ibobbax hotel, meth0d, nillus, uber, org, *****, retro, keep it real, private server, free, credits, habbo hotel , virtual, world, social network, free, community, avatar, chat, online, teen, roleplaying, join, social, groups, forums, safe, play, games, online, friends, teens, rares, rare furni, collecting, create, collect, connect, furni, furniture, pets , room design, sharing, expression, badges, hangout, music, celebrity, celebrity visits, celebrities, mmo, mmorpg, massively multiplayer"/>
<!--[if IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/v2/styles/ie8.css" type="text/css" />
<![endif]-->
<!--[if lt IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/v2/styles/ie.css" type="text/css" />
<![endif]-->
<!--[if lt IE 7]>
<link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/v2/styles/ie6.css" type="text/css" />
<script src="{url}/app/tpl/skins/{skin}/js/pngfix.js" type="text/javascript"></script>
<script type="text/javascript">
try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
</script>
 
<style type="text/css">
body { behavior: url([URL]http://www.habbo.nl/js/csshover.htc);[/URL] }
</style>
<![endif]-->
<meta name="build" content=""/>
</head>
<script language="javascript" type="text/rocketscript" data-rocketsrc="[URL]http://simplexstream.com/system/streaminfo.js[/URL]"></script>
<script language="javascript" type="text/rocketscript" data-rocketsrc="[URL]http://simplexstream.com/js.php/xenonr/streaminfo/rnd0[/URL]"></script>
<body id="" class=" ">
<div id="overlay"></div>
<div id="header-container">
<div id="header" class="clearfix">
<h1><a href="[URL]http://force-hotel.net[/URL]"></a></h1>
<script type="text/rocketscript">
L10N.put("purchase.group.title", "Create a group");
document.observe("dom:loaded", function() {
$("signout").observe("click", function() {
HabboClient.close();
});
});
</script>
<ul id="navi">
<li class="metab"><a href="{url}/me">{username} <img src="{url}/app/tpl/skins/{skin}/images/id.png" style="vertical-align: middle;"></a><span></span></li>
<li><a href="{url}/Community">Community <img src="{url}/app/tpl/skins/{skin}/images/forum_2.gif" style="vertical-align: middle;"></a><span></span>
<li><a href="{url}/shop">Shop <img src="{url}/app/tpl/skins/{skin}/images/new_11.gif" style="vertical-align: middle;"></a><span></span></li>
 
<li class="metab selected"><strong>Rare Values <img src="{url}/app/tpl/skins/{skin}/images/new_11.gif" style="vertical-align: middle;"></strong><span></span></li>
<?php if(mysql_result(mysql_query("SELECT rank FROM users WHERE id = '" . $_SESSION['user']['id'] . "'"), 0) >= 6)
{ ?>
<li id="tab-register-now" class="tab-register-now"><a href="{url}/stafflogin/index.php?url=login">HouseKeeping</a><span></span></li>
<?php
} ?>
</ul>
<div id="ibxs-online"><div class="rounded">
<div style="padding-top:7px;">
<a href="/client" class="new-button green-button" style="float:left;" target="ClientWnd" onclick="HabboClient.openOrFocus(this); return false;"><b>Enter {HotelName}</b><i></i></a></div>
<span style="margin-top:-2px">
{online} User(s) online </span>
</div></div>
</div>
</div>
<div id="content-container">
<div id="navi2-container" class="pngbg">
<div id="navi2" class="pngbg clearfix">
<ul>
<?php if( isset( $_GET['add'] ) ) { ?><li><a href="{url}/values">Rare Values</a></li>
<?php }else{ ?><li class="selected">Rare Values</li>
<?php } ?>
<?php if( $_SESSION['user']['rank'] >= 6 ) { ?><?php if( !isset( $_GET['add'] ) ) { ?><li class="last"><a href="{url}/index.php?url=values&add">Add Rare</a></li>
<?php }else{ ?><li class="selected last">Add Rare</li>
<?php } ?>
<?php } ?>
<li class=" last"><a href="/logout" class="userlink" id="signout">Sign Out</a></li>
</ul>
 
</div>
</div>
<div id="container">
<div id="content" style="position: relative" class="clearfix">
<div id="column1" class="column" style="width: 770px;">
<div class="habblet-container ">
<div class="cbb clearfix red">
<h2 class="title">Rare Values</h2>
<div style="padding:5px;">
<?php if( isset( $_GET['add'] ) and $_SESSION['user']['rank'] >= 6 ) {
 
if( $_GET['id'] ) {
 
$query = mysql_query( "SELECT * FROM `values` WHERE `id` = '".filter($_GET['id']."'" );
$array = mysql_fetch_assoc( $query );
 
}
 
if( $_POST['submit'] ) {
 
$rare_name= filter($_POST['rare_name']);
$rare_imgurl= filter($_POST['rare_imgurl']);
$rare_price= filter($_POST['rare_price']);
$time = time();
 
if( $_GET['id'] ) {
 
echo "<center><strong>Rare has been updated!</strong></center>";
mysql_query( "UPDATE `values` SET name = '{$rare_name}', imgurl = '{$rare_imgurl}', price = '{$rare_price}', timestamp = '{$time}' WHERE `id` = '".filter($_GET['id']."'" );
 
}else{
 
echo "<center><strong>Rare has been added!</strong></center>";
mysql_query( "INSERT INTO `values` ( name, imgurl, price, timestamp ) VALUES ( '{$rare_name}', '{$rare_imgurl}', '{$rare_price}', '{$time}' )" );
 
}
 
echo "<meta http-equiv=\"refresh\" content=\"3;url={url}/values\" />";
 
}else{
 
echo "<div>";
echo "<form method=\"post\">";
 
echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"5\">";
echo "<tr>";
echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_name\">Rare Name</label></td>";
echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_name\" size=\"50\" value=\"{$array['name']}\"></td>";
echo "</tr>";
echo "<tr>";
echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_imgurl\">Image Url</label></td>";
echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_imgurl\" size=\"50\" value=\"{$array['imgurl']}\"></td>";
echo "</tr>";
echo "</tr>";
echo "<tr>";
echo "<td style=\"width: 25%; text-align: right;\"><label for=\"rare_price\">Price</label></td>";
echo "<td style=\"padding: 0 0 0 10px;\"><input type=\"text\" name=\"rare_price\" size=\"50\" value=\"{$array['price']}\"></td>";
echo "</tr>";
echo "</table>";
 
echo "<div class=\"settings-buttons\">";
echo "<input type=\"submit\" value=\"Submit\" name=\"submit\" class=\"submit\" style=\"float: right;\">";
echo "</div>";
echo "</form>";
echo "</div>";
 
}
 
}elseif( isset( $_GET['delete'] ) and $_GET['id'] ) {
 
echo "<center><strong>Rare has been deleted!</strong></center>";
mysql_query( "DELETE FROM `values` WHERE `id` = '".filter($_GET['id']."'" );
echo "<meta http-equiv=\"refresh\" content=\"3;url={url}/values\" />";
 
}else{
 
$query = mysql_query( "SELECT * FROM `values`" );
$j = "a";
 
echo "<table width=\"100%\" border=\"0\" cellspacing=\"3\" cellpadding=\"5\">";
 
echo "<tr align=\"center\" style=\"font-weight: bold;\">";
echo "<td>Image</td>";
echo "<td>Name</td>";
echo "<td>Price</td>";
echo "<td>Last Edited</td>";
if( $_SESSION['user']['rank'] >= 6 ) {
echo "<td>Options</td>";
}
echo "</tr>";
 
while( $array = mysql_fetch_assoc( $query ) ) {
 
$credits = $array['price']." Credits";
$goldbars500 = ( $array['price'] / 500 )." (<img src=\"[URL='http://img204.imageshack.us/img204/5826/goldbar500.png\" target=']http://img204.imageshack.us/img204/5826/goldbar500.png\[/URL]" />)";
 
echo "<tr align=\"center\" id=\"rare-{$array['id']}\" class=\"rare {$j}\">";
echo "<td><img src=\"{$array['imgurl']}\" /></td>";
echo "<td>{$array['name']}</td>";
echo "<td>";
echo $credits;
echo "<br />";
echo $goldbars500;
echo "";
echo "</td>";
echo "<td>".date( "D, d F Y H:i (P)", $array['timestamp'] )."</td>";
if( $_SESSION['user']['rank'] >= 6 ) {
echo "<td>";
echo "<a href=\"{url}/index.php?url=values&add&id={$array['id']}\">Edit</a>";
echo "<br />";
echo "<a href=\"{url}/index.php?url=values&delete&id={$array['id']}\">Delete</a>";
echo "</td>";
}
echo "</tr>";
 
$j++;
if( $j == "c" ) { $j = "a"; }
 
}
 
echo "</table>";
 
}
 
?>
</div>
<?php include_once('bottom.php'); ?>
 
Upvote 0 Downvote
Status
Not open for further replies.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top