<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER['PATH_TRANSLATED'];
$sql_inj = array(";" => "", "'" => "", "%" => "", "\"" => """); //Need to be replaced
/*begin clear $_GET */
foreach($_GET as $key => $val) {
foreach($sql_inj as $skey => $sval) {
$key = str_replace($skey, $sval, $key);
}
//if($real_get[$i] != $_GET[$GET_KEY[$i]]) - wäre eigentlich hier, macht aber keinen Sinn, da du immer den selben Inhalt in beiden Variablen haben wirst. So würde es praktisch aussehen: if($key != $key)
file_put_contents("IP: ".$ip."\r\nMethod: GET\r\nValue: ".$key."\r\nScript: ".$script."\r\nTime: ".$time."\r\n==================================\r\n", "GuildRejoin.txt", FILE_APPEND);
}
/*end clear $_GET */
/*begin clear $_POST */
foreach($_POST as $key => $val) {
foreach($sql_inj as $skey => $sval) {
$key = str_replace($skey, $sval, $key);
}
//if($real_post[$i] != $_POST[$POST_KEY[$i]]) - das selbe hier
file_put_contents("IP: ".$ip."\r\nMethod: POST\r\nValue: ".$key."\r\nScript: ".$script."\r\nTime: ".$time."\r\n==================================\r\n", "GuildRejoin.txt", FILE_APPEND);
}
/*end clear $_POST */
/*begin clear $_COOKIE */
foreach($_COOKIE as $key => $val) {
foreach($sql_inj as $skey => $sval) {
$key = str_replace($skey, $sval, $key);
}
//if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]]) - das selbe hier
file_put_contents("IP: ".$ip."\r\nMethod: COOKIE\r\nValue: ".$key."\r\nScript: ".$script."\r\nTime: ".$time."\r\n==================================\r\n", "GuildRejoin.txt", FILE_APPEND);
}
/*end clear $_COOKIE */
//Der Rest ist ganz okay.
if(isset($_POST['submit5'])){
$char = $_POST['charname'];
$link = @mssql_connect("MSSQL", "sa", "PW") or die ("Down ?");
$db = @mssql_select_db('CHARACTER_01_DBF') or die ("Down?");
$query = mssql_query("SELECT m_szName FROM CHARACTER_TBL WHERE m_szName = '$char'");
$result = mssql_fetch_row($query);
if($char =='') {$error1 = '<font color="red">Please type in all the description fields.</font>';}
else if ($result[0] != $char) {$error1 = '<font color="red">There is no character called "'.$char.'".</font>';}
else { mssql_query("UPDATE CHARACTER_TBL SET m_tGuildMember = '20110101000000' WHERE m_szName = '$char'");
$error1 = '<font color="green">Your Rejoin Time has been successfully reset</font>';}
mssql_close();}
echo ''.$error1;
?>
<form action="misc.php?page=rejoin" method="post"><br/>
<label style="">Charaktername:</label> <input type="text" name="charname" />
<br>
<input style="" type="submit" name="submit5" value="Reset Character"/></center>