BossManMenace Posted September 14, 2015 Share Posted September 14, 2015 Hello im using a old Script WOTM (Way Of The Mafia) Ive uploaded before and never had a problem and the script is unchanged from downloading.. i even had it working a few days ago Im just looking through the codes and building on them for fun and to learn any help i would be very greatfull Basically i register to the game and go to login and get a white page.. if i try to put anything onto the end of the url example (/logged_in.php) it bring up the termsofservice ive tried everything gone through functions and to try solve this i feel like im missing something simple please help the demo url is http://www.world-crime.com here are the scripts i think the problem could be in. [ATTACH]2191[/ATTACH] [ATTACH]2187[/ATTACH] [ATTACH]2188[/ATTACH] [ATTACH]2189[/ATTACH] [ATTACH]2190[/ATTACH] functions.txt functions1.txt index.txt logged_in.txt termofservice.txt Quote Link to comment Share on other sites More sharing options...
AdamHull Posted September 14, 2015 Share Posted September 14, 2015 Under the <?php tags in you page add error_reporting(E_ALL); ini_set('display_errors', 1); Then you should see the error 1 Quote Link to comment Share on other sites More sharing options...
BossManMenace Posted September 14, 2015 Author Share Posted September 14, 2015 Nice trick, thank you for your reply now on my index page im getting the error Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18 Notice: Undefined index: username in /home1/worldcri/public_html/index.php on line 36 LoginRegisterLost Password When i logg in its not redirecting to logged_in.php which it should do - - - Updated - - - logged_in.php has many errors. Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16 Notice: A session had already been started - ignoring session_start() in /home1/worldcri/public_html/includes/functions.php on line 2 Notice: Undefined index: username in /home1/worldcri/public_html/includes/functions.php on line 4 Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 7 Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 9 Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 16 Notice: Undefined index: tos_button in /home1/worldcri/public_html/termsofservice.php on line 3 Quote Link to comment Share on other sites More sharing options...
NonStopCoding Posted September 14, 2015 Share Posted September 14, 2015 (edited) Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16 i have seen this error a good few times on some games and every time i have its because of the session_start(); is being placed after content try move it up to the top of the page under the <? tag Question to anyone: Does it matter if you use short tags i remember reading some place not all hosts allow this in the php setting is this true? Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18 its saying that its not been defined yet a simple isset would fix that if(isset($_GET['logout']) && $_GET['logout'] == "true") - - - Updated - - - oops some reason it double posted :S Edited September 14, 2015 by NonStopCoding Quote Link to comment Share on other sites More sharing options...
G7470 Posted September 14, 2015 Share Posted September 14, 2015 These "Undefined index" errors/notices are because that index is not set before you are checking its value. As you (probably) don't want to actually set this value until you need to, you have to check if it is set or not before checking its value in any way. So, for example, this error: "Notice: Undefined index: logout in /home1/worldcri/public_html/index.php on line 18" can be fixed by doing the following: if (isset($_GET['logout']) && strip_tags($_GET['logout']) == "true") { See that I'm checking whether or not it is set first before accessing its value. That's how you can remedy those errors. ~G7470 Quote Link to comment Share on other sites More sharing options...
CaptainQuack Posted September 14, 2015 Share Posted September 14, 2015 if (isset($_GET['logout']) && strip_tags($_GET['logout']) == "true") { Why exactly are you using strip_tags()? Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 14, 2015 Share Posted September 14, 2015 Why exactly are you using strip_tags()? Yeah, should be: if(isset(mysql_real_escape_string($_GET['logout'])) & htmlentities(htmlspecialchars(url_encode(strip_tags($_GET['logout'])))) == 'true') { } /s Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted September 14, 2015 Share Posted September 14, 2015 Yeah, should be: if(isset(mysql_real_escape_string($_GET['logout'])) & htmlentities(htmlspecialchars(url_encode(strip_tags($_GET['logout'])))) == 'true') { } /s But why mres,htmlentities,ect... on a digit? If I recall it updates the database with a 1 or a 2 Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 14, 2015 Share Posted September 14, 2015 But why mres,htmlentities,ect... on a digit? If I recall it updates the database with a 1 or a 2 Notice the "/s". I was being sarcastic. There was no need for the strip_tags() in the first instance. G7 posted a snippet saying "if(strip_tags($_GET['logout']) == 'true')". Well, if "$_GET['logout']" is anything OTHER than "true", it will fail. If $_GET['logout'] = <script>alert("xss")</script>, that does not equal "true", so it'll fail. G7's code would ALLOW for something like this, though: $_GET['logout'] = '<script>true</script>'; because after the tags have been stripped, it will equal true. There's just no need for it at all. if(isset($var) && $var == 'true') is fine. By adding strip_tags() to it, you're not adding an extra layer of security or anything at all for that matter. 1 Quote Link to comment Share on other sites More sharing options...
~Rob0t Posted September 14, 2015 Share Posted September 14, 2015 Notice the "/s". I was being sarcastic. There was no need for the strip_tags() in the first instance. G7 posted a snippet saying "if(strip_tags($_GET['logout']) == 'true')". Well, if "$_GET['logout']" is anything OTHER than "true", it will fail. If $_GET['logout'] = <script>alert("xss")</script>, that does not equal "true", so it'll fail. G7's code would ALLOW for something like this, though: $_GET['logout'] = '<script>true</script>'; because after the tags have been stripped, it will equal true. There's just no need for it at all. if(isset($var) && $var == 'true') is fine. By adding strip_tags() to it, you're not adding an extra layer of security or anything at all for that matter. To add on to this; If doing a strict string comparison, I like to cast the strings to a singular case: strtolower / strtoupper - because of other devs :D Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 14, 2015 Share Posted September 14, 2015 To add on to this; If doing a strict string comparison, I like to cast the strings to a singular case: strtolower / strtoupper - because of other devs :D When doing strict comparisons, I like to cast the string to uppercase, then base64 encode it, then decode it and use md5(). Then I like to blowfish and salt it, store it in a database and then do another comparison and store it in a cookie, then store that cookie in the database and then do a check to see if the users cookie matches the stored cookie, then I'll destroy sessions. Duhhhh. Quote Link to comment Share on other sites More sharing options...
~Rob0t Posted September 14, 2015 Share Posted September 14, 2015 When doing strict comparisons, I like to cast the string to uppercase, then base64 encode it, then decode it and use md5(). Then I like to blowfish and salt it, store it in a database and then do another comparison and store it in a cookie, then store that cookie in the database and then do a check to see if the users cookie matches the stored cookie, then I'll destroy sessions. Duhhhh. Quote Link to comment Share on other sites More sharing options...
BossManMenace Posted September 14, 2015 Author Share Posted September 14, 2015 if (strip_tags($_POST['username']) && strip_tags($_POST['password'])){ $select = mysql_query("SELECT * FROM users WHERE online > '$timenow' ORDER by rank desc"); still having a error with this.. in index.php and i logg in on my site and it doesnt seem to redirect to logged_in.php Quote Link to comment Share on other sites More sharing options...
BossManMenace Posted September 14, 2015 Author Share Posted September 14, 2015 So i logg in and it doesnt redirect to logged_in.php when i type in and go to url myself it shows all this and the termsofservice. Everywere else ive installed the script ive never had all these issues Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home1/worldcri/public_html/logged_in.php:11) in /home1/worldcri/public_html/logged_in.php on line 16 Notice: A session had already been started - ignoring session_start() in /home1/worldcri/public_html/includes/functions.php on line 2 Notice: Undefined index: username in /home1/worldcri/public_html/includes/functions.php on line 4 Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 7 Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 9 Notice: Trying to get property of non-object in /home1/worldcri/public_html/includes/functions.php on line 16 Notice: Undefined index: tos_button in /home1/worldcri/public_html/termsofservice.php on line 3 Quote Link to comment Share on other sites More sharing options...
Uridium Posted September 14, 2015 Share Posted September 14, 2015 im on your site at the moment and cant get passed the login page Quote Link to comment Share on other sites More sharing options...
BossManMenace Posted September 14, 2015 Author Share Posted September 14, 2015 Same i dont understand i logg in and it goes to a white page...but the url doesnt change, doesnt redirect to logged_in.php when i put it in the url it comes up with the termsofservice so it must be logged in? Quote Link to comment Share on other sites More sharing options...
Uridium Posted September 14, 2015 Share Posted September 14, 2015 add me too Skype illusions2142 if you have it 1 Quote Link to comment Share on other sites More sharing options...
BossManMenace Posted September 14, 2015 Author Share Posted September 14, 2015 Done Quote Link to comment Share on other sites More sharing options...
Uridium Posted September 14, 2015 Share Posted September 14, 2015 hmmm didn't receive request from you send me your Skype name Quote Link to comment Share on other sites More sharing options...
BossManMenace Posted September 14, 2015 Author Share Posted September 14, 2015 menace.beasley75 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.