Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Software Development
Programming
Programming Q&A
Is this exploitable?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="zMagenta" data-source="post: 182333" data-attributes="member: 4512"><p>Just wondering.</p><p> </p><p>[PHP]<?php</p><p>if(isset($_POST['post_comment']))</p><p> $posted_on = date("M j, Y g:i A");</p><p>if (! isset($_POST['comment'])) {</p><p> $_POST['comment'] = ''; // nu bestaat de variabele ten minste</p><p>}</p><p> </p><p>$comment = strip_tags ($_POST['comment']);</p><p>if($comment == NULL){</p><p> $error_message = 'You have left a field empty.<br /><br />';</p><p> }else{</p><p>if (LOGGED_IN)</p><p>{</p><p> mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on) VALUES ('".</p><p> </p><p>$news_article_id."', '".$_SESSION['id']."', '".$comment."', '".$posted_on."');");</p><p> $error_message = 'You have successfully posted a comment.<br /><br />';</p><p> }</p><p>}</p><p>?></p><p> </p><p><div class="habblet-container "></p><p> <div class="cbb clearfix notitle "></p><p> <div id="article-wrapper"><h2>Post a comment!</h2></p><p> <div class="article-meta"></div></p><p> <div class="article-body"></p><p> <form action="" method="post"></p><p> <textarea name="comment" maxlength="500"></textarea><br /><br /></p><p> <input type="submit" name="post_comment" value="Post a comment!" /></p><p> </form></p><p> </div></p><p> </div></p><p> </div></p><p></div></p><p><style type="text/css"></p><p>input[type="text"], input[type="password"] {</p><p> background-color: #F1F1F1;</p><p> border: 1px solid #999999;</p><p> width: 175px;</p><p> padding: 5px;</p><p> font-family: verdana;</p><p> font-size: 10px;</p><p> color: #666666;</p><p>}</p><p>input[type="submit"] {</p><p> background-color: #F1F1F1;</p><p> border: 1px solid #999999;</p><p> padding: 5px;</p><p> font-family: verdana;</p><p> font-size: 10px;</p><p> color: #666666;</p><p>}</p><p>textarea {</p><p> background-color: #F1F1F1;</p><p> border: 1px solid #999999;</p><p> padding: 5px;</p><p> width: 517px;</p><p> height: 70px;</p><p> font-family: verdana;</p><p> font-size: 10px;</p><p> color: #666666;</p><p>}</p><p>select {</p><p> background-color: #F1F1F1;</p><p> border: 1px solid #999999;</p><p> padding: 5px;</p><p> font-family: verdana;</p><p> font-size: 10px;</p><p> color: #666666;</p><p>}</p><p></style></p><p><?php</p><p>$getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".$news_article_id."' ORDER by</p><p> </p><p>id DESC");</p><p>?></p><p><div class="habblet-container "></p><p> <div class="cbb clearfix notitle "></p><p> <div id="article-wrapper"><h2>Comments (<?php echo mysql_num_rows($getComments); ?>)</h2></p><p> <div class="article-meta"></div></p><p> <div class="article-body"></p><p> <?php</p><p> if(mysql_num_rows($getComments) == 0){</p><p> echo 'No comments yet, could yours be the first?';</p><p> }else{</p><p> echo '<table width="528px">';</p><p> while($Comments = mysql_fetch_array($getComments)){</p><p> $getUserInfo = mysql_query("SELECT * FROM users WHERE id = '".$Comments['userid']."'");</p><p> $userInfo = mysql_fetch_array($getUserInfo);</p><p> echo '</p><p> <tr></p><p> <td width="90px" valign="top"></p><p> <div style="float:left"><img src="http://www.habbo.fr/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=s"></div></p><p> ';</p><p> if($userInfo['rank'] > 8){</p><p> echo '<div style="position: absolute; z-index:1"><img</p><p> </p><p>src="http://%www%/r63/c_images/album1584/AD1.gif"></div>';</p><p> }</p><p> echo '</p><p> </td></p><p> <td width="427px" valign="top"></p><p> <strong>RE: %news_article_title%</strong><br /><br />'.$Comments['comment'].'</p><p> </td></p><p> </tr></p><p> <tr></p><p> <td width="90px" valign="top"></p><p> </td></p><p> <td width="427px" align="right"></p><p> <i>Posted by: <strong><a href="#">'.$userInfo['username'].'</a></strong> On '.$Comments</p><p> </p><p>['posted_on'].'</i><br /><br /></p><p> </td></p><p> </tr>';</p><p> }</p><p> echo '</table>';</p><p> }</p><p> ?></p><p> </div></p><p> </div></p><p> </p><p> </p><p> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) {</p><p> </p><p>Rounder.init(); }</script></p><p></div></p><p></div></p><p>[/PHP]</p></blockquote><p></p>
[QUOTE="zMagenta, post: 182333, member: 4512"] Just wondering. [PHP]<?php if(isset($_POST['post_comment'])) $posted_on = date("M j, Y g:i A"); if (! isset($_POST['comment'])) { $_POST['comment'] = ''; // nu bestaat de variabele ten minste } $comment = strip_tags ($_POST['comment']); if($comment == NULL){ $error_message = 'You have left a field empty.<br /><br />'; }else{ if (LOGGED_IN) { mysql_query("INSERT INTO site_news_comments (article, userid, comment, posted_on) VALUES ('". $news_article_id."', '".$_SESSION['id']."', '".$comment."', '".$posted_on."');"); $error_message = 'You have successfully posted a comment.<br /><br />'; } } ?> <div class="habblet-container "> <div class="cbb clearfix notitle "> <div id="article-wrapper"><h2>Post a comment!</h2> <div class="article-meta"></div> <div class="article-body"> <form action="" method="post"> <textarea name="comment" maxlength="500"></textarea><br /><br /> <input type="submit" name="post_comment" value="Post a comment!" /> </form> </div> </div> </div> </div> <style type="text/css"> input[type="text"], input[type="password"] { background-color: #F1F1F1; border: 1px solid #999999; width: 175px; padding: 5px; font-family: verdana; font-size: 10px; color: #666666; } input[type="submit"] { background-color: #F1F1F1; border: 1px solid #999999; padding: 5px; font-family: verdana; font-size: 10px; color: #666666; } textarea { background-color: #F1F1F1; border: 1px solid #999999; padding: 5px; width: 517px; height: 70px; font-family: verdana; font-size: 10px; color: #666666; } select { background-color: #F1F1F1; border: 1px solid #999999; padding: 5px; font-family: verdana; font-size: 10px; color: #666666; } </style> <?php $getComments = mysql_query("SELECT * FROM site_news_comments WHERE article = '".$news_article_id."' ORDER by id DESC"); ?> <div class="habblet-container "> <div class="cbb clearfix notitle "> <div id="article-wrapper"><h2>Comments (<?php echo mysql_num_rows($getComments); ?>)</h2> <div class="article-meta"></div> <div class="article-body"> <?php if(mysql_num_rows($getComments) == 0){ echo 'No comments yet, could yours be the first?'; }else{ echo '<table width="528px">'; while($Comments = mysql_fetch_array($getComments)){ $getUserInfo = mysql_query("SELECT * FROM users WHERE id = '".$Comments['userid']."'"); $userInfo = mysql_fetch_array($getUserInfo); echo ' <tr> <td width="90px" valign="top"> <div style="float:left"><img src="http://www.habbo.fr/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=s"></div> '; if($userInfo['rank'] > 8){ echo '<div style="position: absolute; z-index:1"><img src="http://%www%/r63/c_images/album1584/AD1.gif"></div>'; } echo ' </td> <td width="427px" valign="top"> <strong>RE: %news_article_title%</strong><br /><br />'.$Comments['comment'].' </td> </tr> <tr> <td width="90px" valign="top"> </td> <td width="427px" align="right"> <i>Posted by: <strong><a href="#">'.$userInfo['username'].'</a></strong> On '.$Comments ['posted_on'].'</i><br /><br /> </td> </tr>'; } echo '</table>'; } ?> </div> </div> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script> </div> </div> [/PHP] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Software Development
Programming
Programming Q&A
Is this exploitable?
Top