Jump to content
MakeWebGames

Hello need help please


BossManMenace

Recommended Posts

Hello im using a old Script WOTM (Way Of The Mafia)

Ive uploaded before and never had a problem and the script is unchanged from downloading.. i even had it working a few days ago

Im just looking through the codes and building on them for fun and to learn any help i would be very greatfull

Basically i register to the game and go to login and get a white page.. if i try to put anything onto the end of the url example (/logged_in.php)

it bring up the termsofservice ive tried everything gone through functions and to try solve this i feel like im missing something simple please help

the demo url is http://www.world-crime.com

here are the scripts i think the problem could be in.

[ATTACH]2191[/ATTACH]

[ATTACH]2187[/ATTACH]

[ATTACH]2188[/ATTACH]

[ATTACH]2189[/ATTACH]

[ATTACH]2190[/ATTACH]

functions.txt

functions1.txt

index.txt

logged_in.txt

termofservice.txt

Link to comment
Share on other sites

Nice trick, thank you for your reply

now on my index page im getting the error

Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18

Notice: Undefined index: username in /home1/worldcri/public_html/index.php on line 36

LoginRegisterLost Password

When i logg in its not redirecting to logged_in.php which it should do

- - - Updated - - -

logged_in.php has many errors.

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16

Notice: A session had already been started - ignoring session_start() in /home1/worldcri/public_html/includes/functions.php on line 2

Notice: Undefined index: username in /home1/worldcri/public_html/includes/functions.php on line 4

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 7

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 9

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 16

Notice: Undefined index: tos_button in /home1/worldcri/public_html/termsofservice.php on line 3

Link to comment
Share on other sites

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16

i have seen this error a good few times on some games and every time i have its because of the session_start(); is being placed after content try move it up to the top of the page under the <? tag

Question to anyone: Does it matter if you use short tags i remember reading some place not all hosts allow this in the php setting is this true?

Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18

its saying that its not been defined yet a simple isset would fix that

if(isset($_GET['logout']) && $_GET['logout'] == "true")

- - - Updated - - -

oops some reason it double posted :S

Edited by NonStopCoding
Link to comment
Share on other sites

These "Undefined index" errors/notices are because that index is not set before you are checking its value.

As you (probably) don't want to actually set this value until you need to, you have to check if it is set or not before checking its value in any way.

So, for example, this error: "Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18" can be fixed by doing the following:

 

if (isset($_GET['logout']) && strip_tags($_GET['logout']) == "true") {

 

See that I'm checking whether or not it is set first before accessing its value. That's how you can remedy those errors.

~G7470

Link to comment
Share on other sites

But why mres,htmlentities,ect... on a digit? If I recall it updates the database with a 1 or a 2

Notice the "/s". I was being sarcastic.

There was no need for the strip_tags() in the first instance. G7 posted a snippet saying "if(strip_tags($_GET['logout']) == 'true')". Well, if "$_GET['logout']" is anything OTHER than "true", it will fail. If $_GET['logout'] = <script>alert("xss")</script>, that does not equal "true", so it'll fail.

G7's code would ALLOW for something like this, though: $_GET['logout'] = '<script>true</script>'; because after the tags have been stripped, it will equal true. There's just no need for it at all.

if(isset($var) && $var == 'true')

is fine. By adding strip_tags() to it, you're not adding an extra layer of security or anything at all for that matter.

  • Like 1
Link to comment
Share on other sites

Notice the "/s". I was being sarcastic.

There was no need for the strip_tags() in the first instance. G7 posted a snippet saying "if(strip_tags($_GET['logout']) == 'true')". Well, if "$_GET['logout']" is anything OTHER than "true", it will fail. If $_GET['logout'] = <script>alert("xss")</script>, that does not equal "true", so it'll fail.

G7's code would ALLOW for something like this, though: $_GET['logout'] = '<script>true</script>'; because after the tags have been stripped, it will equal true. There's just no need for it at all.

 

if(isset($var) && $var == 'true')

is fine. By adding strip_tags() to it, you're not adding an extra layer of security or anything at all for that matter.

To add on to this;

If doing a strict string comparison, I like to cast the strings to a singular case: strtolower / strtoupper - because of other devs :D

Link to comment
Share on other sites

To add on to this;

If doing a strict string comparison, I like to cast the strings to a singular case: strtolower / strtoupper - because of other devs :D

When doing strict comparisons, I like to cast the string to uppercase, then base64 encode it, then decode it and use md5(). Then I like to blowfish and salt it, store it in a database and then do another comparison and store it in a cookie, then store that cookie in the database and then do a check to see if the users cookie matches the stored cookie, then I'll destroy sessions.

Duhhhh.

Link to comment
Share on other sites

When doing strict comparisons, I like to cast the string to uppercase, then base64 encode it, then decode it and use md5(). Then I like to blowfish and salt it, store it in a database and then do another comparison and store it in a cookie, then store that cookie in the database and then do a check to see if the users cookie matches the stored cookie, then I'll destroy sessions.

Duhhhh.

needs%20more%20dragons.jpg

Link to comment
Share on other sites

So i logg in and it doesnt redirect to logged_in.php when i type in and go to url myself it shows all this and the termsofservice.

Everywere else ive installed the script ive never had all these issues

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16

Notice: A session had already been started - ignoring session_start() in /home1/worldcri/public_html/includes/functions.php on line 2

Notice: Undefined index: username in /home1/worldcri/public_html/includes/functions.php on line 4

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 7

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 9

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 16

Notice: Undefined index: tos_button in /home1/worldcri/public_html/termsofservice.php on line 3

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...