Hello need help please

BossManMenace · September 14, 2015

Hello im using a old Script WOTM (Way Of The Mafia)

Ive uploaded before and never had a problem and the script is unchanged from downloading.. i even had it working a few days ago

Im just looking through the codes and building on them for fun and to learn any help i would be very greatfull

Basically i register to the game and go to login and get a white page.. if i try to put anything onto the end of the url example (/logged_in.php)

it bring up the termsofservice ive tried everything gone through functions and to try solve this i feel like im missing something simple please help

the demo url is http://www.world-crime.com

here are the scripts i think the problem could be in.

[ATTACH]2191[/ATTACH]

[ATTACH]2187[/ATTACH]

[ATTACH]2188[/ATTACH]

[ATTACH]2189[/ATTACH]

[ATTACH]2190[/ATTACH]

AdamHull · September 14, 2015

Under the <?php tags in you page add

error_reporting(E_ALL);
ini_set('display_errors', 1);

Then you should see the error

BossManMenace · September 14, 2015

Nice trick, thank you for your reply

now on my index page im getting the error

Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18

Notice: Undefined index: username in /home1/worldcri/public_html/index.php on line 36

LoginRegisterLost Password

When i logg in its not redirecting to logged_in.php which it should do

- - - Updated - - -

logged_in.php has many errors.

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16

Notice: A session had already been started - ignoring session_start() in /home1/worldcri/public_html/includes/functions.php on line 2

Notice: Undefined index: username in /home1/worldcri/public_html/includes/functions.php on line 4

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 7

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 9

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 16

Notice: Undefined index: tos_button in /home1/worldcri/public_html/termsofservice.php on line 3

NonStopCoding · September 14, 2015

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16

i have seen this error a good few times on some games and every time i have its because of the session_start(); is being placed after content try move it up to the top of the page under the <? tag

Question to anyone: Does it matter if you use short tags i remember reading some place not all hosts allow this in the php setting is this true?

Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18

its saying that its not been defined yet a simple isset would fix that

if(isset($_GET['logout']) && $_GET['logout'] == "true")

- - - Updated - - -

oops some reason it double posted :S

Edited September 14, 2015 by NonStopCoding

G7470 · September 14, 2015

These "Undefined index" errors/notices are because that index is not set before you are checking its value.

As you (probably) don't want to actually set this value until you need to, you have to check if it is set or not before checking its value in any way.

So, for example, this error: "Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18" can be fixed by doing the following:

if (isset($_GET['logout']) && strip_tags($_GET['logout']) == "true") {

See that I'm checking whether or not it is set first before accessing its value. That's how you can remedy those errors.

~G7470

CaptainQuack · September 14, 2015

if (isset($_GET['logout']) && strip_tags($_GET['logout']) == "true") {

Why exactly are you using strip_tags()?

IllegalPigeon · September 14, 2015

Why exactly are you using strip_tags()?

Yeah, should be:

if(isset(mysql_real_escape_string($_GET['logout'])) & htmlentities(htmlspecialchars(url_encode(strip_tags($_GET['logout'])))) == 'true') { }

/s

lucky3809 · September 14, 2015

Yeah, should be:

if(isset(mysql_real_escape_string($_GET['logout'])) & htmlentities(htmlspecialchars(url_encode(strip_tags($_GET['logout'])))) == 'true') { }

/s

But why mres,htmlentities,ect... on a digit? If I recall it updates the database with a 1 or a 2

IllegalPigeon · September 14, 2015

But why mres,htmlentities,ect... on a digit? If I recall it updates the database with a 1 or a 2

Notice the "/s". I was being sarcastic.

There was no need for the strip_tags() in the first instance. G7 posted a snippet saying "if(strip_tags($_GET['logout']) == 'true')". Well, if "$_GET['logout']" is anything OTHER than "true", it will fail. If $_GET['logout'] = <script>alert("xss")</script>, that does not equal "true", so it'll fail.

G7's code would ALLOW for something like this, though: $_GET['logout'] = '<script>true</script>'; because after the tags have been stripped, it will equal true. There's just no need for it at all.

if(isset($var) && $var == 'true')

is fine. By adding strip_tags() to it, you're not adding an extra layer of security or anything at all for that matter.

~Rob0t · September 14, 2015

Notice the "/s". I was being sarcastic.
There was no need for the strip_tags() in the first instance. G7 posted a snippet saying "if(strip_tags($_GET['logout']) == 'true')". Well, if "$_GET['logout']" is anything OTHER than "true", it will fail. If $_GET['logout'] = <script>alert("xss")</script>, that does not equal "true", so it'll fail.

G7's code would ALLOW for something like this, though: $_GET['logout'] = '<script>true</script>'; because after the tags have been stripped, it will equal true. There's just no need for it at all.
if(isset($var) && $var == 'true')
is fine. By adding strip_tags() to it, you're not adding an extra layer of security or anything at all for that matter.

To add on to this;

If doing a strict string comparison, I like to cast the strings to a singular case: strtolower / strtoupper - because of other devs :D

IllegalPigeon · September 14, 2015

To add on to this;
If doing a strict string comparison, I like to cast the strings to a singular case: strtolower / strtoupper - because of other devs :D

When doing strict comparisons, I like to cast the string to uppercase, then base64 encode it, then decode it and use md5(). Then I like to blowfish and salt it, store it in a database and then do another comparison and store it in a cookie, then store that cookie in the database and then do a check to see if the users cookie matches the stored cookie, then I'll destroy sessions.

Duhhhh.

~Rob0t · September 14, 2015

When doing strict comparisons, I like to cast the string to uppercase, then base64 encode it, then decode it and use md5(). Then I like to blowfish and salt it, store it in a database and then do another comparison and store it in a cookie, then store that cookie in the database and then do a check to see if the users cookie matches the stored cookie, then I'll destroy sessions.
Duhhhh.

BossManMenace · September 14, 2015

if (strip_tags($_POST['username']) && strip_tags($_POST['password'])){

$select = mysql_query("SELECT * FROM users WHERE online > '$timenow' ORDER by rank desc");

still having a error with this.. in index.php and i logg in on my site and it doesnt seem to redirect to logged_in.php

BossManMenace · September 14, 2015

So i logg in and it doesnt redirect to logged_in.php when i type in and go to url myself it shows all this and the termsofservice.

Everywere else ive installed the script ive never had all these issues

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16

Notice: A session had already been started - ignoring session_start() in /home1/worldcri/public_html/includes/functions.php on line 2

Notice: Undefined index: username in /home1/worldcri/public_html/includes/functions.php on line 4

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 7

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 9

Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 16

Notice: Undefined index: tos_button in /home1/worldcri/public_html/termsofservice.php on line 3

Uridium · September 14, 2015

im on your site at the moment and cant get passed the login page

BossManMenace · September 14, 2015

Same i dont understand i logg in and it goes to a white page...but the url doesnt change, doesnt redirect to logged_in.php

when i put it in the url it comes up with the termsofservice so it must be logged in?

Uridium · September 14, 2015

add me too Skype illusions2142 if you have it

BossManMenace · September 14, 2015

Done

Uridium · September 14, 2015

hmmm didn't receive request from you send me your Skype name

BossManMenace · September 14, 2015

menace.beasley75

Hello need help please

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation