Sim Posted February 25, 2009 Share Posted February 25, 2009 lets see who can explain what this does ;] if(isset($_POST['Submit'])) { $names = $_POST['textName']; $width = $_POST['textWidth']; $height = $_POST['textHeight']; $players = $_POST['textPlayers']; $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); if(mysql_num_rows($result) == 0) { mkdir("../images/tiles/$names", 0777); $file_typ = array(); $file_typ = explode('.',strtolower($_FILES["file"]["name"])); $file_type = $file_typ[count($file_typ)-1]; if($file_type == "png") { move_uploaded_file($_FILES["file"]["tmp_name"], "../images/tiles/$names/preview.png"); $src = imagecreatefrompng("../images/tiles/$names/preview.png"); $w = imagesx($src) / 32; $h = imagesy($src) / 32; if( (is_int($w)) && (is_int($h)) ) { mysql_query("INSERT INTO maps (name, width, height, players) VALUES ('$names','$width','$height','$players')") or die(mysql_error()); $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); $map = mysql_fetch_object($result); for($x=0; $x < $h; $x++) { for($y=0; $y < $w; $y++) { $im = imagecreate(32, 32); imagecopy($im, $src, 0, 0, $x*32,$y*32, 32, 32); imagepng($im ,"../images/tiles/$names/$x-$y.png"); imagedestroy($im); $tilefile = file_get_contents("../images/tiles/$names/$x-$y.png"); $found = false; if ($dh = opendir("../images/tiles/$names")) { while (($Tfile = readdir($dh)) !== false) { if(($Tfile != ".") && ($Tfile != "..")) { $tempfile = file_get_contents("../images/tiles/$names/$Tfile"); if($filefile == $tempfile) { unlink("../images/tiles/$names/$x-$y.png"); mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$Tfile','$x','$y')") or die(mysql_error()); $found = true; break; } } } closedir($dh); if($found == false) { mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$x-$y.png','$x','$y')") or die(mysql_error()); } } } } } header("Location: mapedit.php?map=$map->id"); } } } Quote Link to comment Share on other sites More sharing options...
POG1 Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols it gets post data magically. Then it will create a folder and put an image in, then save to the DB Why is this in pro php as wel :S Quote Link to comment Share on other sites More sharing options...
Sim Posted February 25, 2009 Author Share Posted February 25, 2009 Re: IM GOD lols cause i'm pro? Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols cause i'm pro? lol, that's a gooden. Quote Link to comment Share on other sites More sharing options...
Sim Posted February 25, 2009 Author Share Posted February 25, 2009 Re: IM GOD lols cause i'm pro? Call this pro programming issues? Related to Killah by any chance? :/ Lets see some of your pro coding skills? Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols Lets see some of your pro coding skills? I don't think hes saying hes "pro"... Just stating the obvious, your code example would not be classed as pro php. Not many class themself as "pro", and can be seen as being big headed... I don't know why you even bothered posting this... It's as if your trying to show off. Noone likes a show off. Quote Link to comment Share on other sites More sharing options...
CtrlFreq Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols lets see who can explain what this does ;] It gets your database wiped out because it takes somewhere around half a second to inject a massive delete. Quote Link to comment Share on other sites More sharing options...
AlabamaHit Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols cause i'm pro? LOL thats funny.... lets see who can explain what this does ;] if(isset($_POST['Submit'])) { $names = $_POST['textName']; $width = $_POST['textWidth']; $height = $_POST['textHeight']; $players = $_POST['textPlayers']; $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); if(mysql_num_rows($result) == 0) { mkdir("../images/tiles/$names", 0777); $file_typ = array(); $file_typ = explode('.',strtolower($_FILES["file"]["name"])); $file_type = $file_typ[count($file_typ)-1]; if($file_type == "png") { move_uploaded_file($_FILES["file"]["tmp_name"], "../images/tiles/$names/preview.png"); $src = imagecreatefrompng("../images/tiles/$names/preview.png"); $w = imagesx($src) / 32; $h = imagesy($src) / 32; if( (is_int($w)) && (is_int($h)) ) { mysql_query("INSERT INTO maps (name, width, height, players) VALUES ('$names','$width','$height','$players')") or die(mysql_error()); $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); $map = mysql_fetch_object($result); for($x=0; $x < $h; $x++) { for($y=0; $y < $w; $y++) { $im = imagecreate(32, 32); imagecopy($im, $src, 0, 0, $x*32,$y*32, 32, 32); imagepng($im ,"../images/tiles/$names/$x-$y.png"); imagedestroy($im); $tilefile = file_get_contents("../images/tiles/$names/$x-$y.png"); $found = false; if ($dh = opendir("../images/tiles/$names")) { while (($Tfile = readdir($dh)) !== false) { if(($Tfile != ".") && ($Tfile != "..")) { $tempfile = file_get_contents("../images/tiles/$names/$Tfile"); if($filefile == $tempfile) { unlink("../images/tiles/$names/$x-$y.png"); mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$Tfile','$x','$y')") or die(mysql_error()); $found = true; break; } } } closedir($dh); if($found == false) { mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$x-$y.png','$x','$y')") or die(mysql_error()); } } } } } header("Location: mapedit.php?map=$map->id"); } } } pro would know what that does lol Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols cause i'm pro? Call this pro programming issues? Related to Killah by any chance? :/ Why bring me into this? :/ Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols Not only it has some issues with SQL injections, but it has issues with the files too. $names is directly taken from the $_POST, which means sent by the user basically, and this is then used to compose a path... which could contain basically anything. Be careful to not do things like that on a live server, or you will end up with some odd files, or even worse some security issue... Like somebody uploading a new PHP on your server... Quote Link to comment Share on other sites More sharing options...
Sim Posted February 25, 2009 Author Share Posted February 25, 2009 Re: IM GOD lols has no issues with security since i'm the only one who has access to this. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 25, 2009 Share Posted February 25, 2009 Re: IM GOD lols So what was the reason of this post with the topic. "IM GOD lols". Then one of your post's. "cause i'm pro?". Your far from pro. Quote Link to comment Share on other sites More sharing options...
Sim Posted February 26, 2009 Author Share Posted February 26, 2009 Re: IM GOD lols i had a post written up but we'll leave it as that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.