Jump to content

millionexchange

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by millionexchange

  1. admin/mainTemplate.php: <?php session_start(); if (!isset($_SESSION['letmein'])) { header ("Location: index.php?invalid=PLEASE LOGIN"); } require_once('Connections/dbConnect.php'); require_once('../include.inc'); mysql_select_db($database_dbConnect, $dbConnect); $query_menuItems = "select * from adminMenu where active='y'"; $menuItems = mysql_query($query_menuItems, $dbConnect) or die(mysql_error()); $row_menuItems = mysql_fetch_assoc($menuItems); $totalRows_menuItems = mysql_num_rows($menuItems); ?> <html> <head> <title> </title> <link href="default.css" rel="stylesheet" type="text/css"> </head> <META content="text/html; charset=windows-1252" http-equiv=Content-Type> <body bgcolor="#EFEFEF"> <table bgcolor="WHITE" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="800"> <!--- top menu ---> <TABLE bgColor="WHITE" border="0" cellPadding="0" cellSpacing="0" width="800"> <TBODY> <TR> <TD bgColor="WHITE" width="75"></TD> <TD width="650"><div align="center">ADMINISTRATION PANEL</div></TD> <TD bgColor="WHITE" width="75"> </TD> </TR> <TR> <TD bgColor="WHITE" width=75></TD> <TD align="CENTER" bgColor="WHITE" height=20 vAlign="MIDDLE" width="650"> <P align=left> <span class="smallstatsText"> </span> </P> </TD> <TD bgColor="WHITE" width=75> </TD> </TR> </TBODY> </TABLE> <!--- top menu end ---> </td> </tr> <tr> <td width="800"> <table width="100%" border="0" align="center" cellpadding="4"> <tr> <td width="20%" align="center" valign="top"> <div align="center"> <br><br></div> </td> <td width="61%" valign="top"> <font color="#CCCCCC"> <?php do { $Zoption=$row_menuItems['id']; $Zfile = $row_menuItems['adminFile']; switch ($option) { case $Zoption: require_once($Zfile); break; //default: //require_once('adminMenu.php'); case XXXX: require_once('adminMenu.php'); break; } } while ($row_menuItems = mysql_fetch_assoc($menuItems)); ?> <span class="smallstatsText"> <a href="mainTemplate.php?option=XXXX"><<back to main menu</a> </span><br> </font> </TD> <td width="19%" valign="top"> </TD> </TR> </TABLE> <!-- END body area ---> </tr> <tr> <td width="800" align="center"> <table> <TR> <td class="smallstatsText"> </td> </tr> </table> </td> </tr> </table> </body> </html> /start.php <? session_start(); require 'include.inc'; if (!isset($_SESSION['letmein'])){ header ("Location: index.php?invalid=PLEASE LOGIN"); } ?> <SCRIPT language=JavaScript type=text/javascript> <!-- if(window != window.top) { top.location.href=location.href; } // --> </SCRIPT> <?php $option=$_GET['option']; //$userid=$_GET['userid']; //$id=$_GET['id']; ?> <?php include("common.php"); ?> <? pageHeader($title, $bgColor, $styleSheet); ?> <style type="text/css"> <!-- .style1 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: large; color: #CC0000; font-weight: bold; } body { background-image: url(images/bluegradient.gif); } a:link { color: #000066; text-decoration: none; } a:visited { text-decoration: none; color: #000066; } a:hover { text-decoration: underline; color: #FF9900; } a:active { text-decoration: none; color: #000066; } --> </style> <body> <table bgcolor="#FFFFFF" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="700"> <!--- top menu ---> <DIV align=left> <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF"> <tbody> <tr> <td width="650" height="24"><div align="center" class="style1"><a href="index.php"> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="780" height="200"> <param name="movie" value="traffic.swf"> <param name="quality" value="high"> <embed src="traffic.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="780" height="200"></embed> </object> </a></div></td> </tr> <tr> <td class="coolFont" align="center" bgcolor="#333333" height="20" valign="middle" width="650"><p align="center" > <script type="text/javascript"><!-- google_ad_client = "pub-<?php echo $google ?>"; google_ad_width = 728; google_ad_height = 90; google_ad_format = "728x90_as"; google_ad_type = "text_image"; google_ad_channel =""; google_color_border = "333333"; google_color_bg = "333333"; google_color_link = "ffffff"; google_color_text = "999999"; google_color_url = "CCCCCC"; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> </p></td> </tr> </tbody> </table> </DIV> <!--- top menu end ---> </td> </tr> <tr> <td width="700"> <table width="100%" border="0" align="center" cellpadding="4"> <tr> <td width="20%" align="center" valign="top"> <? navigation($id, $headerColor, $tableColor2); ?> <br> <br> <div align="center"> <? startSurfing($id, $username, $headerColor, $tableColor2); ?> <BR> <BR> <? if ($sellPoints == 'true') { purchasePoints($headerColor, $tableColor2);} ;?> <br> </div></td> <td width="61%" valign="top"> <table class="supermenuNoShadow" border=0 cellpadding="2" cellspacing="0" bgcolor="<? echo $tableColor; ?>"> <TR> <TD valign="top" bgcolor="<? echo $tableColor2; ?>" width="645"> <B>Welcome, <? echo $username; ?></B> <font color="<? echo $alertColor; ?>"><B><? print $option; ?>:</b></font> <BR> <BR> <? switch ($option) { case 'Url Deleted': urlDelete($id, $webid); personalStats($id, $username); break; case 'personal stats': personalStats($id, $username); break; case 'personal link': personalLink($id, $title, $siteUrl); break; case "Top25": top25(); break; case "purchase banner ads": include("ba.php"); break; case "purchase points": include("pp.php"); break; case "frequently asked questions": faq(); break; case "thank you for purchasing points": $bodyFile = "ty.php"; break; default: mainStats($id,$username); } ?> <center> </center></td> </tr> </table> </TD> </TR> </TABLE> </tr> <tr> <td width="700" align="center"> <? footer("$contact_email"); ?> </td> </tr> </table> </body> </html> index.php <?php ob_start(); ?> <?php include("common.php"); ?> <? session_start(); // Unset all of the session variables. session_unset(); // Finally, destroy the session. session_destroy(); /* if ($_GET('signup')) { error("SIGNUP"); echo "Error Checking<br>"; while(list($name, $value) = each($signup)) { echo "$name - $value<br>"; } } */ require 'include.inc'; if ($signup) { if ($signup[repassword] != $signup[password]) { $err_msg = "Your passwords do not match."; error($err_msg); } if(!eregi("^[_\.0-9a-z-]+$",$signup[username])) { $err_msg = "Invalid Username! Usernames can consist of letters and numbers only."; error($err_msg); } if(!eregi("^[_\.0-9a-z-]+$",$signup[password])) { $err_msg = "Invalid Password! Passwords can consist of letters and numbers only."; } if(!$signup[password] || !$signup[username] || !$signup[email] || !$signup[username]) $err_msg = "Oops! You forgot some important fields!"; if (!$err_msg) { $usercheck = @mysql_query("INSERT INTO user values( 'NULL','$signup[fname]','$signup[lname]', '$signup[username]','$signup[password]','$signup[email]', 1, ".$pointInc.", '$signup[referral]', NOW(), 'n', 'y')"); // done, you are entered correctly, Now Enter the points and URL info $sql = "Select id from user where username='$signup[username]'"; $result = mysql_query( $sql ); if ( $result != false ) { while ( $data = mysql_fetch_assoc( $result ) ) { $point_set = $data['id']; } } else { echo mysql_error(); } // add rerral points if ($signup[referral]) { $referralSql="UPDATE points SET points=points+ ".$refPoints . " WHERE userid=".$signup[referral]; $result = mysql_query( $referralSql ); if ( $result != false ) { } else { echo mysql_error(); } } // add URL $sql="INSERT INTO url_table ( userid, website, active, datechanged) VALUES ($point_set,'".$signup[site_url]."','n', '".date("Ymd")."')"; $result = mysql_query( $sql ); if ( $result != false ) { } else { echo mysql_error(); } // add points $sql="INSERT INTO points (userid, username, points) VALUES ($point_set,' ',$signPoints)"; $result = mysql_query( $sql ); if ( $result != false ) { } else { echo mysql_error(); } } echo mysql_errno().": ".mysql_error()."<br>"; if (!$usercheck) { $err_msg = "Database error:<br>There was an error entering your account.<br>It is possible that username already exists, please try another one.<br>"; } else { include ("reg.php"); exit; } } if (!$err_msg) { // done, you are entered correctly } pageHeader($title, $bgColor, $styleSheet); ?> <style type="text/css"> <!-- .style1 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: large; font-weight: bold; color: #CC0000; } body { background-image: url(images/bluegradient.gif); } a:link { color: #000066; text-decoration: none; } a:visited { text-decoration: none; color: #000066; } a:hover { text-decoration: underline; color: #FF9900; } a:active { text-decoration: none; color: #000000; } .style2 {color: #000066} --> </style> <body> <table bgcolor="#FFFFFF" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="780"> <TABLE width="100%" border="0" align="center" cellPadding="0" cellSpacing="0" bgColor="<? echo $tableColor; ?>"> <TBODY> <TR> <TD width="100%" height="46"><div align="center" class="style1"> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="780" height="200"> <param name="movie" value="traffic.swf"> <param name="quality" value="high"> <embed src="traffic.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="780" height="200"></embed> </object> </div></TD> </TR> <TR> <TD class="coolFont" align="CENTER" bgColor="#FFCC00" height=20 vAlign="MIDDLE" width="100%"> <P><center > <script type="text/javascript"><!-- google_ad_client = "pub-<?php echo $google ?>"; google_ad_width = 728; google_ad_height = 90; google_ad_format = "728x90_as"; google_ad_type = "text_image"; google_ad_channel =""; google_color_border = "ffcc00"; google_color_bg = "ffcc00"; google_color_link = "000066"; google_color_text = "999999"; google_color_url = "ffffff"; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> </center> </P></TD> </TR> </TBODY> </TABLE> </td> </tr> <tr> <td width="780"> <table width="100%" border="0" align="center" cellpadding="4"> <tr> <td width="50%" valign="top"><TABLE bgcolor="<? echo $tableColor2; ?>" cellPadding=2 cellSpacing=0 class="supermenu" width=100%> <TR> <TD class="coolFont"> <font color="red"><B><?php print $_GET['invalid']; ?></b></font> </TD> </TR> <TR> <TD vAlign="MIDDLE" bgColor="<? echo $headerColor; ?>" class="menuHeader">member login </TD> </TR> <TR> <TD colSpan="2"> <form name="login" method="post" action="validate.php"> <table class="font" border=0 align="center"> <tr> <td>User ID: </td> <td><input name="uname" type="text" size="10"></td> </tr> <tr> <td> Password: </td> <td><input name="password" type="password" size="10"></td> </tr> <tr> <td colspan=2><div align="right"> <input name="submit" type="submit" value="Login"> </div></td> </tr> <tr> <td colspan=2><div align="right"><a href="reset.php">Lost Password</a></div></td> </tr> </table> </form></TD> </TR> </TABLE> <div align="center"><?php $sql = "SELECT * from rightBlock where active='y' and position='l'"; $result = mysql_query( $sql ); if ( $result != false ) { while ( $data = mysql_fetch_assoc( $result ) ) { $title=$data['title']; $bodyText=$data['body']; ?> <TABLE bgcolor="<? echo $tableColor2; ?>" class="supermenu" cellPadding=4 cellSpacing=0 width=100%> <TR> <TD class="menuheader" bgColor="<? echo $headerColor; ?>" vAlign="MIDDLE"> <? echo $title; ?> </TD> </TR> <TR> <TD height="32" colSpan="2" valign="top" > <table border=0> <tr> <td valign="top" width="392" class="font"><? echo $bodyText; ?></td> </tr> </table></TD> </TR> </TABLE><BR> <?php } } else { echo mysql_error(); } ?><br> <br> </div></td> <td width="50%" align="right" valign="top"><table width=100% border=0 align="right" cellpadding=2 cellspacing=0> <tr> <td width="100%" colspan="2" align="CENTER"></td> </tr> <tr> <td colspan=2 valign="TOP"><Table width=100% cellpadding="2" cellspacing="0" class="supermenuNoshadow"><TR><TD> <?php echo $mainText; ?> </td></tr></table> <form name="form" action="<? echo $PHP_SELF; ?>" method="post"> <input type="hidden" name="signup" value="true"> <table bgcolor="<? echo $tableColor2; ?>" class="signupTable" width=100% cellpadding="2" cellspacing="0" align=center> <tr> <td class="menuheader" bgColor="<? echo $headerColor; ?>" colspan=2> <? if ($err_msg) echo "<font color=red size=2>$err_msg</font><br>"; ?> <b>Please Enter Your Information:</b></td> <tr valign="top"> <td>First Name:</td> <td> <blockquote> <input type="text" name="signup[fname]" maxlength="36" size="25" value="<? echo ($signup[fname])?$signup[fname]:""; ?>"> </blockquote></td> </tr> <tr valign="top"> <td> Last Name:</td> <td> <blockquote> <input type="text" name="signup[lname]" maxlength="36" size="25" value="<? echo ($signup[lname])?$signup[lname]:""; ?>"> </blockquote></td> </tr> <tr valign="top"> <td> E-mail:</td> <td> <blockquote> <input type="text" name="signup[email]" maxlength="255" size="25" value="<? echo ($signup[email])?$signup[email]:""; ?>"> </blockquote></td> </tr> <tr> <td class="menuheader" bgColor="<? echo $headerColor; ?>" colspan = 2> <b>Please supply a Username and Password.</b></td> </tr> <tr valign="top"> <td> Username:</td> <td> <blockquote> <input type="text" name="signup[username]" maxlength="10" size="25" value="<? echo ($signup[username])?$signup[username]:""; ?>"> </blockquote></td> </tr> <tr valign="top"> <td> Password:</td> <td> <blockquote> <input type="password" name="signup[password]" maxlength="10" size="25"> </blockquote></td> </tr> <tr valign="middle"> <td> Re-Enter Password:</td> <td> <blockquote> <input type="password" name="signup[repassword]" size="25"> </blockquote></td> </tr> <tr valign="top"> <td> URL to your site:</td> <td> <blockquote> <input type="text" name="signup[site_url]" maxlength="255" size="25" value="<? echo ($signup[site_url])?$signup[site_url]:"http://"; ?>"> </blockquote></td> </tr> <tr valign="top"> <td> Referral ID:</td> <td> <blockquote> <?php print $_GET['referral']; ?><input type="hidden" name="signup[referral]" maxlength="10" size="25" value="<? echo ($signup[referral])?$signup[referral]:"$referral"; ?>"> </blockquote></td> </tr> <tr> <td class="yell" colspan=2>Please be patient as we process your account. Thank you. </td> </tr> <tr> <td colspan=2> <input name="submit2" type="submit" value="Signup"> </td> </tr> </table> </form></td> </tr> <tr> <td colspan=2 valign="TOP"><? switch ($option) { case "Contact Me": contactMe($contact_email); break; case "frequently asked questions": faq(); break; case "marketing resources": marketingResources($clickBank, $title); break; default: } ?></td> </tr> </table> </TD> </TR> </TABLE> </tr> <tr> <td width="100%" align="center"> <? footer("$contact_email"); ?> </td> </tr> </table> </body> </html>
  2. Should be $query = \"DELETE FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; You don't need to specify columns when you're deleting rows from a table Also in this query Where are $custid, $user_name, $pass, $authtype, and $qns coming from? It also looks like you missed the '$'s on a few of the variables so the query should look like INSERT INTO banned_users(userid, user_name, user_password, user_type, question, ans, suspend_date) VALUES( '$custid', '$user_name', '$pass', '$authtype', '$qns', '$ans', '$suspend_date') You should really be using prepared statements though. Even if the data is coming from a "trusted source" they're much safer and prevent SQL-Injection attacks Thanks for the help on the first part; it makes sense. Now, "user_name," "pass," "authtype," "qns," and "ans" are login table fields. "custid" is a customer table field. Now, like I said. Since, I'm suspending the login, I'm not sure if I need the following: '$custid,' '$qns', and '$ans.' I just added them for security reasons in order to keep customers or tellers from going through a back door and entering their account if I suspend them. Maybe, I just need the "user_name," "pass," "authtype," and "suspend_date" fields along with the '$user_name', '$pass', '$authtype' and '$suspend_date' variables. Also need help with making sure that the info will delete from "login" and insert into "banned_users." Thanks. I even just tried the following for the version 6 code, but it didn't work either: <?php require '. ./db_connect.php'; //Connect mysql database if (isset($_GET['custid'])) { $query = "SELECT user_name FROM login\"; if ($r = mysql_query($query, $link)) { if (isset($_POST['custid'])) { $query = \"DELETE FROM login WHERE user_name\"; $r = mysql_query($query, $link); $query = \"INSERT INTO banned_users ( user_name, user_password, user_type, question, ans, suspend_date) VALUES ( '$user_name', '$pass', '$authtype', '$qns', '$ans', '$suspend_date')\"; if (@mysql_query($query, $link)) { echo \"Account Suspended Successfully\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another\"; exit(0); } else { echo \"Could not suspend account\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again\"; exit(0); } } } } $db_close=mysql_close(); ?> Really, $custid is for echoing the info into the dropdown menu on the previous page.
  3. Are you talking about with my script, or someone else script? If you're talking about with mine, it's not about the fact that I excaped the echos; they work. The thing is that in both PHP versions, it's not deleting from the "user_name" field of "login" table and inserting into the "banned_users" table fields.
  4. Hi. On my home banking system, I added a database table called "banned_users" in phpMyAdmin. However, when I test the script, the login of the customer id that I choose doesn't delete from the "login" table and insert into "banned_users". In my code, the first one is a PHP6 version and the second one about 10 lines down is a different version. Now, I rather someone edit the PHP6 version, because, the banking system I downloaded, I'm gonna eventually work on making all of the PHP version 6. Also, the "custid" comes from the "customer" table. I'm really trying to move the login, so, when I suspend a user, the user will not be able to login. I'm not even sure if I need "custid" in the "banned_users" table. I just put it there, because, on the previous page, I'm echoing the "custid" into the drop-down. When editing version 6, please feel free to remove "custid" if not needed and I will remove it from "banned_users" in phpMyAdmin. Thanks. <?php session_start(); if(isset($_SESSION['username'])) { ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>Suspend Account Details</title> <link rel="stylesheet" href=". ./css/main1.css" type="text/css"> </head> <body> <?php require '. ./db_connect.php'; //Connect mysql database <!-- BEGIN VERSION 6 --> if (isset($_GET['custid'])) { $query = "SELECT user_name FROM login WHERE custID=\{$_GET['custid']}\"; if ($r = mysql_query($query, $link)) { if (isset($_POST['custid'])) { $query = \"DELETE user_name FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; $r = mysql_query($query, $link); $query = \"INSERT INTO banned_users (custid, user_name, user_password, user_type, question, ans, suspend_date) VALUES ('$custid', '$user_name', '$pass', '$authtype', '$qns', 'ans', 'suspend_date')\"; if (@mysql_query($query, $link)) { echo \"Account Suspended Successfully\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another\"; exit(0); } else { echo \"Could not suspend account\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again\"; exit(0); } } } } $db_close=mysql_close(); <!-- END VERSION 6 --> /*$result = mysql_query("select user_name FROM login"); if(isset($_POST['Submit'])) ///forsubmit data { $user_name=$_POST['user_name']; $result = mysql_query("DELETE FROM login WHERE user_name"); $result = mysql_query("INSERT INTO banned_users(custid, user_name, user_password, user_type, question, ans, suspend_date)values('".$custid."', '".$user_name."', '".$pass."', '".$authtype."', '".$qns."', '".$ans."' '".$suspend_date."')"); /* $result = mysql_query("DELETE FROM login WHERE 'user_name', 'user_password', 'user_type', 'question', 'ans'"); $result = mysql_query("INSERT INTO banned_users(user_name, user_password, user_type, question, ans)values('".$custid."', '".$pass."', '".$authtype."', '".$qns."', '".$ans."')");*/ $db_close=mysql_close(); /* if($result) { echo "Account Suspended Successfully"; echo "<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another"; exit(0); } else { echo "Could not suspend account"; echo "<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again"; exit(0); } }*/ ?> </body> </html> <?php } else { echo "Please click here to login " . "<a href=index.php>Login Page</a>"; } ?>
  5. Hi. I just uploaded the following traffic exchange, but, I've came across a few errors. FOLLOWING ERRORS: Unable to create account and add URL. USER ACCOUNT ERROR: Logged in with test account and unable to add URL to account. http://themillionsexchange.heliohost.org Login: henryb Password: 209mul Login is not being echoed. Surfbar doesn't work, nor shows username in browser. Get the following error on the start.php page when I click on some links: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1" and "Error in query: SELECT username, joindate from user where referral=. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1" ADMIN ACCOUNT ERROR: Logged into http://themillionsexchange.heliohost.org/admin. Login: admin Password: password Only shows the link: "<<back to main menu" on the "admin/mainTemplate.php" page. When I click the link, it goes nowhere, so I can't edit my site, user, etc. MY FTP INFO: FTP server: ftp.themillionsexchange.heliohost.org FTP and explicit FTPS port: 21 Login: traffic@themillionsexchange.heliohost.org Password: d)D#wzvEeMCS
×
×
  • Create New...