Sim Posted February 25, 2009 Posted February 25, 2009 lets see who can explain what this does ;] if(isset($_POST['Submit'])) { $names = $_POST['textName']; $width = $_POST['textWidth']; $height = $_POST['textHeight']; $players = $_POST['textPlayers']; $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); if(mysql_num_rows($result) == 0) { mkdir("../images/tiles/$names", 0777); $file_typ = array(); $file_typ = explode('.',strtolower($_FILES["file"]["name"])); $file_type = $file_typ[count($file_typ)-1]; if($file_type == "png") { move_uploaded_file($_FILES["file"]["tmp_name"], "../images/tiles/$names/preview.png"); $src = imagecreatefrompng("../images/tiles/$names/preview.png"); $w = imagesx($src) / 32; $h = imagesy($src) / 32; if( (is_int($w)) && (is_int($h)) ) { mysql_query("INSERT INTO maps (name, width, height, players) VALUES ('$names','$width','$height','$players')") or die(mysql_error()); $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); $map = mysql_fetch_object($result); for($x=0; $x < $h; $x++) { for($y=0; $y < $w; $y++) { $im = imagecreate(32, 32); imagecopy($im, $src, 0, 0, $x*32,$y*32, 32, 32); imagepng($im ,"../images/tiles/$names/$x-$y.png"); imagedestroy($im); $tilefile = file_get_contents("../images/tiles/$names/$x-$y.png"); $found = false; if ($dh = opendir("../images/tiles/$names")) { while (($Tfile = readdir($dh)) !== false) { if(($Tfile != ".") && ($Tfile != "..")) { $tempfile = file_get_contents("../images/tiles/$names/$Tfile"); if($filefile == $tempfile) { unlink("../images/tiles/$names/$x-$y.png"); mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$Tfile','$x','$y')") or die(mysql_error()); $found = true; break; } } } closedir($dh); if($found == false) { mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$x-$y.png','$x','$y')") or die(mysql_error()); } } } } } header("Location: mapedit.php?map=$map->id"); } } } Quote
POG1 Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols it gets post data magically. Then it will create a folder and put an image in, then save to the DB Why is this in pro php as wel :S Quote
Isomerizer Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols cause i'm pro? lol, that's a gooden. Quote
Sim Posted February 25, 2009 Author Posted February 25, 2009 Re: IM GOD lols cause i'm pro? Call this pro programming issues? Related to Killah by any chance? :/ Lets see some of your pro coding skills? Quote
Isomerizer Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols Lets see some of your pro coding skills? I don't think hes saying hes "pro"... Just stating the obvious, your code example would not be classed as pro php. Not many class themself as "pro", and can be seen as being big headed... I don't know why you even bothered posting this... It's as if your trying to show off. Noone likes a show off. Quote
CtrlFreq Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols lets see who can explain what this does ;] It gets your database wiped out because it takes somewhere around half a second to inject a massive delete. Quote
AlabamaHit Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols cause i'm pro? LOL thats funny.... lets see who can explain what this does ;] if(isset($_POST['Submit'])) { $names = $_POST['textName']; $width = $_POST['textWidth']; $height = $_POST['textHeight']; $players = $_POST['textPlayers']; $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); if(mysql_num_rows($result) == 0) { mkdir("../images/tiles/$names", 0777); $file_typ = array(); $file_typ = explode('.',strtolower($_FILES["file"]["name"])); $file_type = $file_typ[count($file_typ)-1]; if($file_type == "png") { move_uploaded_file($_FILES["file"]["tmp_name"], "../images/tiles/$names/preview.png"); $src = imagecreatefrompng("../images/tiles/$names/preview.png"); $w = imagesx($src) / 32; $h = imagesy($src) / 32; if( (is_int($w)) && (is_int($h)) ) { mysql_query("INSERT INTO maps (name, width, height, players) VALUES ('$names','$width','$height','$players')") or die(mysql_error()); $result = mysql_query("SELECT id FROM maps WHERE name='$names'") or die(mysql_error()); $map = mysql_fetch_object($result); for($x=0; $x < $h; $x++) { for($y=0; $y < $w; $y++) { $im = imagecreate(32, 32); imagecopy($im, $src, 0, 0, $x*32,$y*32, 32, 32); imagepng($im ,"../images/tiles/$names/$x-$y.png"); imagedestroy($im); $tilefile = file_get_contents("../images/tiles/$names/$x-$y.png"); $found = false; if ($dh = opendir("../images/tiles/$names")) { while (($Tfile = readdir($dh)) !== false) { if(($Tfile != ".") && ($Tfile != "..")) { $tempfile = file_get_contents("../images/tiles/$names/$Tfile"); if($filefile == $tempfile) { unlink("../images/tiles/$names/$x-$y.png"); mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$Tfile','$x','$y')") or die(mysql_error()); $found = true; break; } } } closedir($dh); if($found == false) { mysql_query("INSERT INTO mapdata (map_id, tile, x, y) VALUES ('$map->id', '$names/$x-$y.png','$x','$y')") or die(mysql_error()); } } } } } header("Location: mapedit.php?map=$map->id"); } } } pro would know what that does lol Quote
Haunted Dawg Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols cause i'm pro? Call this pro programming issues? Related to Killah by any chance? :/ Why bring me into this? :/ Quote
a_bertrand Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols Not only it has some issues with SQL injections, but it has issues with the files too. $names is directly taken from the $_POST, which means sent by the user basically, and this is then used to compose a path... which could contain basically anything. Be careful to not do things like that on a live server, or you will end up with some odd files, or even worse some security issue... Like somebody uploading a new PHP on your server... Quote
Sim Posted February 25, 2009 Author Posted February 25, 2009 Re: IM GOD lols has no issues with security since i'm the only one who has access to this. Quote
Haunted Dawg Posted February 25, 2009 Posted February 25, 2009 Re: IM GOD lols So what was the reason of this post with the topic. "IM GOD lols". Then one of your post's. "cause i'm pro?". Your far from pro. Quote
Sim Posted February 26, 2009 Author Posted February 26, 2009 Re: IM GOD lols i had a post written up but we'll leave it as that. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.