Page 1 of 2
Uploading and displaying game replay files.
Posted: Wed Jul 20, 2005 10:39 am
by Citizen
I am not a php programmer, but I routinely install php programs for websites. After installing a gaming ladder system at one of my websites, other admins are unable to login to the script and one of the members asked if we could include a posting of replays along with reporting results.
I do not know how to do this, or enough php code to get even close. I do know enough, however, to insert the code if someone could help me out. If anyone can help me with this, I will give you full credit and as thanks I can give you $10 via paypal. I know its not a lot, but its all that I can spare. I dont make much money from sites.
Here's more detail:
Problem 1:
Here is the "add admin" script. I can run this script fine I think, becuase after adding an admin and trying to add them again, it gives me a message that that name was already taken.
Code: Select all
<?PHP
session_start();
$page = "addadmin";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
?>
<?php
$sql="SELECT * FROM $admintable WHERE name = '$username' AND password = '$password'";
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
?>
<p class="header">Add admin.</p>
<?php
if ($submit) {
$sql="SELECT * FROM $admintable WHERE name = '$name'";
$result=mysql_query($sql,$db);
$samenick = mysql_num_rows($result);
if ($samenick < 1) {
$sql = "INSERT INTO $admintable (name, password) VALUES ('$name','$password')";
$result = mysql_query($sql);
echo "<p class='text'>Thank you! Information entered.<br><br><a href='$directory/Admin/addadmin.php'><font color='$color1'>Add another admin</font>.</a></p>";
}
else {
echo "<p class='text'>The name you entered already exist.</p>";
}
}
else{
?>
<form method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class="text">Name:</p></td>
<td><input type="Text" name="name" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><p class="text">Password:</p></td>
<td><input type="password" name="password" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
<p align="left">
<input type="Submit" name="submit" value="Submit." style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"><br><br>
</form>
</p>
<?php
}
?>
<?php
}
else {
echo "<p class='header'>You are not allowed to view this part of the site.<br><br>
<p class='text'><a href='$directory/Admin/index.php'><font color='$color1'>Login.</font></a></p>";
}
require('bottom2.php');
?>
Here is the admin login page, this is where I think the problem is:
Code: Select all
<?PHP
session_start();
$page = "login";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
?>
<p class="header">Admin section.</p>
<?php
$sql="SELECT * FROM $admintable WHERE name = '$username' AND password = '$password'";
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
session_register("password");
session_register("username");
?>
<p class='text'>You are logged in as <b><?php echo "$username" ?></b>.</p>
<?
}
else {
if($submit) {
$error = "";
?>
<p class='text'>Login failed.</p>
<?php
}
?>
<form name="form1" method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class='text'>Name:</p></td>
<td><input type="text" name="username" size="20" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><p class='text'>Password:</p></td>
<td><input type="password" name="password" size="20" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><input type="submit" value="Log in." name="submit" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
</form>
<?php
}
?>
<?php
require('bottom2.php');
?>
Problem 2:
Each time a user plays a game, they enter the results in this page:
http://www.gunzfactor.com/ladder/report.php
I want to add another field to the report results page, where the user uploads the replay file for that game, and then the replay file will be downloadable from the "recently played games" page.
Here is the "recently played games" page:
http://www.gunzfactor.com/ladder/played ... hplayed=20
Thanks!
JCART | Please use Code: Select all
tags when posting php code. Review [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Posted: Wed Jul 20, 2005 12:29 pm
by nielsene
First question:
Do you have register_globals turned on or off? It looks like its ON (security risk). If its off, then then we might need to see one of your includes to see how/when the $_GET string is unpacked to local variables.
Posted: Wed Jul 20, 2005 12:36 pm
by pickle
Problem 1:
Depending on what variables are declared, you might be adding a new admin with a blank username.
Just after line 10 in your second code snippet, type this code:
That'll let us know what the query actually is. It might be wonky see if you can get some other admins to login too, and see what their query looks like (Note: make sure you delete/change their password before posting the queries here).
By the way, it looks like passwords are stored in plain-text. This is a big no-no (just FYI - I know you didn't code this).
Problem 2:
This is a bit more complex. You'll going to have to incorporate file uploads into this. I'd suggest moving this post to the 'Volunteer Work' forum (an admin'll have to do it).
Posted: Wed Jul 20, 2005 1:24 pm
by Citizen
Thanks guys!
This is the query that comes up, but it includes the real name and password that I type in. (not sure if this constitutes code, but ill tag it anyway)
Code: Select all
SELECT * FROM webl_admin WHERE name = 'fakename' AND password = 'fakepassword'
As for globals, I know what a global variable is but I'm not sure why the script would need it. Here's the 'variables.php' include code:
Code: Select all
<?php
//start
//configure database info
$databaseserver = "localhost"; //usually localhost
$databasename = "fakename"; //the name of your database
$databaseuser = "fakeuser"; //the name of the database-user
$databasepass = "fakepass"; // the password to your database
$directory ="http://www.gunzfactor.com/ladder" ; //the location of your WebLeague directory (no trailing slash)
//configure the tables in the database
$playerstable = "webl_players"; //the name of the table that contains information about the players
$gamestable = "webl_games"; //the name of the table that stores the played games
$newstable = "webl_news"; // the name of the table that stores the news
$varstable = "webl_vars"; //the name of the table that stores various information
$admintable = "webl_admin"; //name of the table that stores the admin login information
$pagestable = "webl_pages"; //name of the table that stores additional pages
//finish
?>
Here's the code from the variabledb.php file:
Code: Select all
<?php
$db = mysql_connect($databaseserver, $databaseuser, $databasepass);
mysql_select_db($databasename,$db);
$sql="SELECT * FROM $varstable WHERE vars_id = 1";
$result=mysql_query($sql,$db);
$row = mysql_fetch_array($result);
$color1 = $row["color1"];
$color2 = $row["color2"];
$color3 = $row["color3"];
$color4 = $row["color4"];
$color5 = $row["color5"];
$color6 = $row["color6"];
$color7 = $row["color7"];
$font = $row["font"];
$fontweight = $row["fontweight"];
$fontsize = $row["fontsize"];
$header = $fontsize + 2;
$numgamespage = $row["numgamespage"];
$numplayerspage = $row["numplayerspage"];
$statsnum = $row["statsnum"];
$standingsnogames = $row["standingsnogames"];
$pctnum = $row["pctnum"];
$hotcoldnum = $row["hotcoldnum"];
$gamesmaxday = $row["gamesmaxday"];
$gamesmaxdayplayer = $row["gamesmaxdayplayer"];
$approve = $row["approve"];
$approvegames = $row["approvegames"];
$system = $row["system"];
$pointswin = $row["pointswin"];
$pointsloss = $row["pointsloss"];
$report = $row["report"];
$leaguename = $row["leaguename"];
$titlebar = $row["titlebar"];
$newsitems = $row["newsitems"];
$copyright = $row["copyright"];
?>
Posted: Wed Jul 20, 2005 1:41 pm
by nielsene
OK, yes, register_globals is on. (This is a setting in the php.ini file. Looks like you're probably using a relatively ancient version of PHP from your hosting service. But it sounds like you're not an PHP coder yourself, so talking more about that won't help you right now ... and its highly possible you have no control over the php.ini file.)
Ahha, and the bug is a register_globals related bug! Here we go, try the following:
this is your add admin page:
Code: Select all
<?php
session_start();
$page = "addadmin";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
?>
<?php
$user_username=$_SESSION["username"]; // NEW LINE
$user_password=$_SESSION["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$user_username' AND password = '$user_password'"; // modified
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
?>
<p class="header">Add admin.</p>
<?php
if ($submit) {
$newUser_username=$_GET["name"]; // NEW LINE
$newUser_password=$_GET["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$newUser_username'"; // modified
$result=mysql_query($sql,$db);
$samenick = mysql_num_rows($result);
if ($samenick < 1) {
$sql = "INSERT INTO $admintable (name, password) VALUES ('$newUser_username','$newUser_password')"; // modified
$result = mysql_query($sql);
echo "<p class='text'>Thank you! Information entered.<br><br><a href='$directory/Admin/addadmin.php'><font color='$color1'>Add another admin</font>.</a></p>";
}
else {
echo "<p class='text'>The name you entered already exist.</p>";
}
}
else{
?>
<form method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class="text">Name:</p></td>
<td><input type="Text" name="name" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><p class="text">Password:</p></td>
<td><input type="password" name="password" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
<p align="left">
<input type="Submit" name="submit" value="Submit." style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"><br><br>
</form>
</p>
<?php
}
else {
echo "<p class='header'>You are not allowed to view this part of the site.<br><br>
<p class='text'><a href='$directory/Admin/index.php'><font color='$color1'>Login.</font></a></p>";
}
require('bottom2.php');
?>
Here is the admin login page
Code: Select all
session_start();
$page = "login";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
?>
<p class="header">Admin section.</p>
<?php
$user_username=$_GET["username"]; // NEW LINE
$user_password=$_GET["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$user_username' AND password = '$user_password'"; // modified
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
$_SESSION["password"]=$user_password; //modified
$_SESSION["username"]=$user_username; //modified
?>
<p class='text'>You are logged in as <b><?php echo "$username" ?></b>.</p>
<?php
}
else {
if($submit) {
$error = "";
?>
<p class='text'>Login failed.</p>
<?php
}
?>
<form name="form1" method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class='text'>Name:</p></td>
<td><input type="text" name="username" size="20" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><p class='text'>Password:</p></td>
<td><input type="password" name="password" size="20" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><input type="submit" value="Log in." name="submit" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
</form>
<?php
}
?>
<?php
require('bottom2.php');
?>
Please try this, it might fail if your version of PHP is truly ancient. If so I can post the work around for that too....
The problem was that YOUR password was getting inserted into the database for the NEW user when you added.
Register Globals causes all variables in Sessions, Cookies, Post, and Get sources to be loaded automatically. You had Session and Get variables with the same name there for the Session version of Password was overwriting the Get one.
Posted: Wed Jul 20, 2005 1:52 pm
by Citizen
I replaced the code with the ones that you gave me and now I am unable to login using username and pw that worked before and I get a "Parse error: parse error, unexpected T_ELSE in /home/gunz/public_html/ladder/Admin/addadmin.php on line 52" when I click on add admin, which I wouldnt be able to get to anyway becuase I'm not logged in.
Posted: Wed Jul 20, 2005 1:55 pm
by nielsene
Oops, do a global change of GET to POST, first
Then I think there is one other problem.
Posted: Wed Jul 20, 2005 2:00 pm
by nielsene
OK here you go again, GETs changed to POST and the missing '}' added back
this is your add admin page:
Code: Select all
<?php
session_start();
$page = "addadmin";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
$user_username=$_SESSION["username"]; // NEW LINE
$user_password=$_SESSION["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$user_username' AND password = '$user_password'"; // modified
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
echo '<p class="header">Add admin.</p>';
if ($submit) {
$newUser_username=$_POST["name"]; // NEW LINE
$newUser_password=$_POST["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$newUser_username'"; // modified
$result=mysql_query($sql,$db);
$samenick = mysql_num_rows($result);
if ($samenick < 1) {
$sql = "INSERT INTO $admintable (name, password) VALUES ('$newUser_username','$newUser_password')"; // modified
$result = mysql_query($sql);
echo "<p class='text'>Thank you! Information entered.<br><br><a href='$directory/Admin/addadmin.php'><font color='$color1'>Add another admin</font>.</a></p>";
}
else {
echo "<p class='text'>The name you entered already exist.</p>";
}
}
else{
?>
<form method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class="text">Name:</p></td>
<td><input type="Text" name="name" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><p class="text">Password:</p></td>
<td><input type="password" name="password" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
<p align="left">
<input type="Submit" name="submit" value="Submit." style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"><br><br>
</form>
</p>
<?php
}
}
else {
echo "<p class='header'>You are not allowed to view this part of the site.<br><br>
<p class='text'><a href='$directory/Admin/index.php'><font color='$color1'>Login.</font></a></p>";
}
require('bottom2.php');
?>
Here is the admin login page
Code: Select all
<?php
session_start();
$page = "login";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
?>
<p class="header">Admin section.</p>
<?php
$user_username=$_POST["username"]; // NEW LINE
$user_password=$_POST["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$user_username' AND password = '$user_password'"; // modified
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
$_SESSION["password"]=$user_password; //modified
$_SESSION["username"]=$user_username; //modified
?>
<p class='text'>You are logged in as <b><?php echo "$username" ?></b>.</p>
<?php
}
else {
if($submit) {
$error = "";
?>
<p class='text'>Login failed.</p>
<?php
}
?>
<form name="form1" method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class='text'>Name:</p></td>
<td><input type="text" name="username" size="20" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><p class='text'>Password:</p></td>
<td><input type="password" name="password" size="20" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
<tr>
<td><input type="submit" value="Log in." name="submit" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
</form>
<?php
}
?>
<?php
require('bottom2.php');
?>
Posted: Wed Jul 20, 2005 4:16 pm
by Citizen
Yay! Thanks man, it worked! Do you want to help with the other part? If so I'll send you the $10 paypal if you want. (Sorry again that its not a lot)
Edit to add: What would I need to put on a page to delete admin accounts?
Posted: Wed Jul 20, 2005 4:32 pm
by nielsene
nyah, dealing with file uploads isn't something I know a lot about. perhaps someone else here can help with that.
For the delete admin, you could probably do: deladmin.php
Code: Select all
<?php
session_start();
$page = "deladmin";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
$user_username=$_SESSION["username"]; // NEW LINE
$user_password=$_SESSION["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$user_username' AND password = '$user_password'"; // modified
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
echo '<p class="header">Delete admin.</p>';
if ($submit) {
$newUser_username=$_POST["name"]; // NEW LINE
if ($newUser_username!=$user_username) {
$sql="DELETE FROM $admintable WHERE name = '$newUser_username'"; // modified
$result=mysql_query($sql,$db);
$samenick = mysql_affected_rows($result);
if ($samenick != 1) {
echo "<p class='text'>No such user.</p>";
}
else {
echo "<p class='text'>Thank you! Admin Deleted.<br><br><a href='$directory/Admin/deladmin.php'><font color='$color1'>Delete another admin</font>.</a></p>";
}
}
else {
echo "<p class='text'>You may not delete yourself.</p>";
}
}
else{
?>
<form method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class="text">Name:</p></td>
<td><input type="Text" name="name" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
<p align="left">
<input type="Submit" name="submit" value="Submit." style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"><br><br>
</form>
</p>
<?php
}
}
else {
echo "<p class='header'>You are not allowed to view this part of the site.<br><br>
<p class='text'><a href='$directory/Admin/index.php'><font color='$color1'>Login.</font></a></p>";
}
require('bottom2.php');
?>
This hasn't been tested, and its not too secure, but then again neither are the other pages you already had. I did add a test to make sure an admin can't delete themself. (Thus you can't end up admin-less)
[EDIT: typo fixed, don't worry about creditting me for this, its simple enough stuff]
Posted: Wed Jul 20, 2005 4:38 pm
by Citizen
Thanks again! I'll probably post the upload thing in the volunteer section as I was previously advised. What name do I use to give you recognition when it goes live? Eric or nielsene?
Edit to add: I get this message "Parse error: parse error, unexpected T_STRING, expecting ',' or ';' in /home/gunz/public_html/ladder/Admin/deladmin.php on line 34" on the deladmin.php page.
Posted: Wed Jul 20, 2005 4:43 pm
by nielsene
I fixed the typo in the code.
Posted: Wed Jul 20, 2005 4:56 pm
by Citizen
Awesome. The delete admin works, but what do I put in to see the list of administrator names?
Posted: Wed Jul 20, 2005 6:13 pm
by nielsene
Adding list of admins:
If this doesn't work, I'm likely to be less of a help. I'm too used to either PostGreSQL or my own custome DB abstraction layer. I have 0 familiarity with MySQL.....
deladmin.php
Code: Select all
<?php
session_start();
$page = "deladmin";
require('./../variables.php');
require('./../variablesdb.php');
require('top2.php');
$user_username=$_SESSION["username"]; // NEW LINE
$user_password=$_SESSION["password"]; // NEW LINE
$sql="SELECT * FROM $admintable WHERE name = '$user_username' AND password = '$user_password'"; // modified
$result=mysql_query($sql,$db);
$number = mysql_num_rows($result);
if ($number == "1") {
echo '<p class="header">Delete admin.</p>';
if ($submit) {
$newUser_username=$_POST["name"]; // NEW LINE
if ($newUser_username!=$user_username) {
$sql="DELETE FROM $admintable WHERE name = '$newUser_username'"; // modified
$result=mysql_query($sql,$db);
$samenick = mysql_affected_rows($result);
if ($samenick != 1) {
echo "<p class='text'>No such user.</p>";
}
else {
echo "<p class='text'>Thank you! Admin Deleted.<br><br><a href='$directory/Admin/deladmin.php'><font color='$color1'>Delete another admin</font>.</a></p>";
}
}
else {
echo "<p class='text'>You may not delete yourself.</p>";
}
}
else{
$sql="SELECT username FROM $admintable ORDER BY username"; // modified
$result=mysql_query($sql,$db);
echo "<b>List of Current Admins</b>: ";
$i=0;
while ($temp = mysql_fetch_row($result)) {
if ($i!=0) echo ", ";
echo $temp[0];
$i++;
}
echo "<br />";
?>
<form method="post" action="<?php echo $PHP_SELF?>">
<table border="0" cellpadding="0">
<tr>
<td><p class="text">Name:</p></td>
<td><input type="Text" name="name" style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"></td>
</tr>
</table>
<p align="left">
<input type="Submit" name="submit" value="Submit." style="background-color: <?php echo"$color5" ?>; border: 1 solid <?php echo"$color1" ?>" class="text"><br><br>
</form>
</p>
<?php
}
}
else {
echo "<p class='header'>You are not allowed to view this part of the site.<br><br>
<p class='text'><a href='$directory/Admin/index.php'><font color='$color1'>Login.</font></a></p>";
}
require('bottom2.php');
?>
This hasn't been tested, and its not too secure, but then again neither are the other pages you already had. I did add a test to make sure an admin can't delete themself. (Thus you can't end up admin-less)
[EDIT: typo fixed, don't worry about creditting me for this, its simple enough stuff][/quote]
Posted: Wed Jul 20, 2005 6:36 pm
by Citizen
Delete admin works but I got this error:
"Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/gunz/public_html/ladder/Admin/deladmin1.php on line 37"
Edit: I also got this error when typing in an admin that was already deleted:
Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in /home/gunz/public_html/ladder/Admin/deladmin1.php on line 20