Show DevBest [PHP] Simple Arcade Script

Status
Not open for further replies.

Ari

Member
Sep 29, 2010
320
48
Did this in about 15 minutes so its not my best work but meh its useable

Live Demo:

config.php
PHP:
<?php

        $dbhost  = 'localhost';
        $dbname  = 'game_website';
        $dbusername  = 'root';
        $dbuserpass = 'blah';

mysql_connect ($dbhost, $dbusername, $dbuserpass);
mysql_select_db($dbname) or die('Cannot select database');
?>

index.php
PHP:
<?php
include'config.php';
?>

Category 1:
<?php
    $sql = "SELECT
                id,cat,name
            FROM
                games
            WHERE
                cat = 1
            ORDER BY
                id DESC";
    $result = mysql_query($sql) OR die(mysql_error());
    if(mysql_num_rows($result)) {
        while($row = mysql_fetch_assoc($result)) {

echo "<p><a href=./game.php?id=".$row['id'].">".$row['name']."</a><br/></p>";
        }
}
?>

Category 2:
<?php
    $sql = "SELECT
                id,cat,name
            FROM
                games
            WHERE
                cat = 2
            ORDER BY
                id DESC";
    $result = mysql_query($sql) OR die(mysql_error());
    if(mysql_num_rows($result)) {
        while($row = mysql_fetch_assoc($result)) {

echo "<p><a href=./game.php?id=".$row['id'].">".$row['name']."</a><br/></p>";
        }
}
?>

Category 3:
<?php
    $sql = "SELECT
                id,cat,name
            FROM
                games
            WHERE
                cat = 3
            ORDER BY
                id DESC";
    $result = mysql_query($sql) OR die(mysql_error());
    if(mysql_num_rows($result)) {
        while($row = mysql_fetch_assoc($result)) {

echo "<p><a href=./game.php?id=".$row['id'].">".$row['name']."</a><br/></p>";
        }
}
?>

Category 4:
<?php
    $sql = "SELECT
                id,cat,name
            FROM
                games
            WHERE
                cat = 4
            ORDER BY
                id DESC";
    $result = mysql_query($sql) OR die(mysql_error());
    if(mysql_num_rows($result)) {
        while($row = mysql_fetch_assoc($result)) {

echo "<p><a href=./game.php?id=".$row['id'].">".$row['name']."</a><br/></p>";
        }
}
?>

game.php
PHP:
<?php
include'config.php';
$id = $_GET['id']
?>

<?php
    $sql = "SELECT name FROM games WHERE id = ".$id."";
    $result = mysql_query($sql) OR die(mysql_error());
    if(mysql_num_rows($result)) {
        while($row = mysql_fetch_assoc($result)) {

echo "".$row['name']."";
}
    }?>

<?php
    $sql = "SELECT src FROM games WHERE id = ".$id."";
    $result = mysql_query($sql) OR die(mysql_error());
    if(mysql_num_rows($result)) {
        while($row = mysql_fetch_assoc($result)) {

echo "<center><embed src='".$row['src']."' quality='high' pluginspage='http://www.macromedia.com/go/getflashplayer' type='application/x-shockwave-flash' height='480' width='640'></embed></center>";
        }
}
?>

admin.php
Code:
<?php
include'config.php';
?>

<?php
    if(isset($_POST['add_game']))
{
    $name = $_POST['name'];
    $cat = $_POST['cat'];
  $src = $_POST['src'];
  if($name == NULL || $src == NULL || $cat == NULL){
    $error_message = '<font color="red"><strong>You have left a field blank.</strong></font><br /><br />';
      }else{
          if(!is_numeric($cat) || $cat != "1" || $cat != "2" || $cat != "3" || $cat != "4"){
          $error_message = '<font color="red"><strong>Invailid Category<br />1 = Action<br>2 = Advanture<br>3 = Shooting<br>4 = Strategy</strong></font>';
          }else{
            mysql_query("INSERT INTO games (name, cat, src) VALUES ('".$name."', '".$cat."', '".$src."')");
            $error_message = '<font color="green"><strong>You Have Sucessfully Added The Game</strong></font><br /><br />';
          }
      }
}
?>

<center><?php echo $error_message; ?><table width="200px">
                            <tr>
                              <td><center><form action="" method="post" name="post" id="post">
                                Name:<br>
                                <input type="text" name="name"><br />
                                Category:<br>
                                <input type="text" name="cat" /><br />SFW Source:<br /><input type="text" name="src"/>
                                <br />
                                <center>
                                <br />
                                  <input type="submit" name="add_game" value="Add Game" />
                                </center>
                                <br />
                              </form></center></td>
                            </tr>
                          </table></center>

<table width="400" border="0">
                          <tr>
    <td>ID</td>
    <td>Name</td>
    <td>&nbsp;</td>
  </tr>
                            <?php
    $sql = "SELECT
                id,name
            FROM
                games
            ORDER BY
                id ASC";
    $result = mysql_query($sql) OR die(mysql_error());
    if(mysql_num_rows($result)) {
        while($row = mysql_fetch_assoc($result)) {

echo "<tr>
    <td>".$row['id']."</td>
    <td>".$row['name']."</td>
    <td><a href='./delete-game.php?id=".$row['id']."'>Delete</a></td>
  </tr>";
        }
}
?>
</table>

delete-game.php
PHP:
<?php
require_once('config.php');
$id = $_GET['id'];
  mysql_query("DELETE FROM games WHERE id = '".$id."' LIMIT 1");
  header("Location: ./admin.php");
?>
 

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,638
2,393
I love the effect on the buttons on your demo link.

Nice coding too, you should comment the code for people new to PHP.
 

Ari

Member
Sep 29, 2010
320
48
Thanks I'm not that good at php I just did this for the lulz I needa code a little login system for the admin panel to
 

Kryptos

prjRev.com
Jul 21, 2010
2,205
1,252
Nice, but game.php and delete-game.php are exploitable. You need to filter $id.

And, admin.php is also exploitable, you need to filter every var that goes in the database.

Anywho thanks for releasing :)
 
Status
Not open for further replies.

Users who are viewing this thread

Top