|
You last visited: Today at 23:28
Advertisement
Change User
Discussion on Change User within the CO2 Private Server forum part of the Conquer Online 2 category.
05/23/2012, 13:25
|
#1
|
elite*gold: 0
Join Date: Mar 2009
Posts: 67
Received Thanks: 3
|
Change User
Hey there,
I have a question about PHP but it also fits in here because of the Conquer Database.
I wanna change some stuff through PHP. Only wanna look the Username up so I can change the rest. Don't wanna change the Username.
Code for the page:
PHP Code:
<?php include("include/header.php"); ?> <div id="abouttitleblank"></div> <div id="abouttext"> <div align="center" style="height:600px;"> <?php if(isset($_SESSION['User_Name'])) { if(isset($_SESSION['User_Pass'])) { } ?> <form action="?op=ChangeUser" method="post"> <div align="center">User Changer<br /> <br /> </div> <table width="306" border="0" align="center"> <tr> <td width="130" class="liteoption">Username: </td> <td width="166"><input name="newCP" type="text" class="liteoption" id="newCP" size="15" maxlength="13" /></td> </tr> <tr> <td width="130" class="liteoption">CPs: </td> <td width="166"><input name="CP" type="text" class="liteoption" id="CP" size="15" maxlength="13" /></td> </tr> <tr> <td width="130" class="liteoption">Silver: </td> <td width="166"><input name="Money" type="text" class="liteoption" id="Money" size="15" maxlength="13" /></td> </tr> <tr> <td width="130" class="liteoption">Vip: </td> <td width="166"><input name="Vip" type="text" class="liteoption" id="Vip" size="15" maxlength="13" /></td> </tr> <tr> <td width="130" class="liteoption">Reborn: </td> <td width="166"><input name="Reborn" type="text" class="liteoption" id="Reborn" size="15" maxlength="13" /></td> </tr> <tr> <td width="130" class="liteoption">Level: </td> <td width="166"><input name="Level" type="text" class="liteoption" id="Level" size="15" maxlength="13" /></td> </tr> </table> <p align="center"> <input type="submit" class="liteoption" name="submit" value="Change it" /> </p></form> </p> <br /> <?php if(isset($_POST['submit'])) { $mdfive = $_POST['Username']; //Change User $mdfive = $_POST['CP']; $mdfive = $_POST['Money']; $mdfive = $_POST['Vip']; $mdfive = $_POST['Reborn']; $mdfive = $_POST['Level']; $results = mysql_query("UPDATE `characters` GET Username = '".$mdfive."'"); $results = mysql_query("UPDATE `characters` SET CP = '".$mdfive."'"); $results = mysql_query("UPDATE `characters` SET Money = '".$mdfive."'"); $results = mysql_query("UPDATE `characters` SET Vip = '".$mdfive."'"); $results = mysql_query("UPDATE `characters` SET Reborn = '".$mdfive."'"); $results = mysql_query("UPDATE `characters` SET Level = '".$mdfive."'"); if(!$results) { echo('Result: Password could not be changed.'); } else { echo('Result: Passwords changed successfully!'); } } ?> <br /> <a href="user_controlpanel.php">Back To User CMD</a> <?php } ?> </div> </div> <div id="newscontent"></div> <?php include("include/footer.php"); ?>
Only wanna look the Username up so I can change the rest.
|
|
|
05/23/2012, 16:15
|
#2
|
elite*gold: 130
Join Date: Oct 2007
Posts: 1,652
Received Thanks: 701
|
here is the sql query: UPDATE cps From characters WHERE username='usernamehere' Set cps += 100
|
|
|
05/23/2012, 21:45
|
#3
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,142
|
Quote:
Originally Posted by turk55
here is the sql query: UPDATE cps From characters WHERE username='usernamehere' Set cps += 100
|
Is that even correct MySQL syntax..?
Code:
UPDATE `characters` SET `cps` = `cps` + 100 WHERE `username` = 'MyUserName'
Edit: Also, that script is complete ****. You're not even cleaning the content of the user input before passing it to MySQL. That's an SQL injection waiting to happen. ALL user input should AT LEAST be run through mysql_real_escape_string before even THINKING of passing it to the database...
Anyway, elaborate more on what you're trying to do, and I may help you.
|
|
|
05/23/2012, 23:11
|
#4
|
elite*gold: 130
Join Date: Oct 2007
Posts: 1,652
Received Thanks: 701
|
Quote:
Originally Posted by Zeroxelli
Is that even correct MySQL syntax..?
Code:
UPDATE `characters` SET `cps` = `cps` + 100 WHERE `username` = 'MyUserName'
Edit: Also, that script is complete ****. You're not even cleaning the content of the user input before passing it to MySQL. That's an SQL injection waiting to happen. ALL user input should AT LEAST be run through mysql_real_escape_string before even THINKING of passing it to the database...
Anyway, elaborate more on what you're trying to do, and I may help you.
|
Ughh still had the select query in my head, was close tho.
|
|
|
05/23/2012, 23:13
|
#5
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,142
|
Quote:
Originally Posted by turk55
Ughh still had the select query in my head, was close tho.
|
Sadly, I don't think MySQL supports the '+=' operator anyway. So you basically have to do FieldName = FieldName + Value
|
|
|
05/24/2012, 11:00
|
#6
|
elite*gold: 0
Join Date: Dec 2011
Posts: 1,537
Received Thanks: 785
|
His code will not work anyways. He's missing a bracket.
|
|
|
05/24/2012, 11:14
|
#7
|
elite*gold: 0
Join Date: Mar 2009
Posts: 67
Received Thanks: 3
|
Quote:
Originally Posted by I don't have a username
His code will not work anyways. He's missing a bracket.
|
The rest is working though.
Quote:
Originally Posted by Zeroxelli
Is that even correct MySQL syntax..?
Code:
UPDATE `characters` SET `cps` = `cps` + 100 WHERE `username` = 'MyUserName'
Edit: Also, that script is complete shit. You're not even cleaning the content of the user input before passing it to MySQL. That's an SQL injection waiting to happen. ALL user input should AT LEAST be run through mysql_real_escape_string before even THINKING of passing it to the database...
Anyway, elaborate more on what you're trying to do, and I may help you.
|
I do not wanna give 100 but my own value. Just like the same of changing the password.
But thanks for helping me guys and girls.
|
|
|
05/24/2012, 11:28
|
#8
|
elite*gold: 0
Join Date: Dec 2011
Posts: 1,537
Received Thanks: 785
|
Also you can sqlinject your code.
|
|
|
05/24/2012, 18:15
|
#9
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,142
|
Quote:
Originally Posted by warzie005
The rest is working though.
I do not wanna give 100 but my own value. Just like the same of changing the password.
But thanks for helping me guys and girls.
|
Then just change the 100 with your own value lol
Quote:
Originally Posted by I don't have a username
Also you can sqlinject your code.
|
I said that man, he no learny learny.
|
|
|
05/25/2012, 01:43
|
#10
|
elite*gold: 0
Join Date: Mar 2009
Posts: 67
Received Thanks: 3
|
Quote:
Originally Posted by Zeroxelli
Then just change the 100 with your own value lol
I said that man, he no learny learny.
|
I know I can just sqlinject it. But I also wanna do that through the website. I don't wanna add the same every time. Just my OWN value that changes every time.
|
|
|
05/25/2012, 01:54
|
#11
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,142
|
Quote:
Originally Posted by warzie005
I know I can just sqlinject it. But I also wanna do that through the website. I don't wanna add the same every time. Just my OWN value that changes every time.
|
PHP Code:
<?php // FreeCPs.php if (isset($_POST['cps']) && isset($_POST['charname']) && !empty($_POST['charname'])) { $cps = intval($_POST['cps']); $charname = mysql_escape_string($_POST['charname']); if ($cps > 0 && $cps < 999999 && strlen($charname) >= 3 && strlen($charname) <= 16) { $db = mysql_connect('localhost', 'MyDatabaseUsername', 'MyDatabasePassword'); mysql_select_db('myConquerDatabase', $db); mysql_query("UPDATE `characters` SET `cps` = '{$cps}' WHERE `name` = '{$charname}' LIMIT 1", $db); mysql_close($db); } } ?> <form action="./FreeCPs.php" method="post"> <b>Char name:</b> <input name="charname" type="text" /><br /> <b>CPs:</b> <input name="cps" type="text" /><br /> <input type="submit" value="Gimme my CPs!" /> </form>
Have fun.
|
|
|
05/26/2012, 01:23
|
#12
|
elite*gold: 130
Join Date: Oct 2007
Posts: 1,652
Received Thanks: 701
|
Quote:
Originally Posted by Zeroxelli
[php].
|
Ty for making me look up the empty function :P didn't know that yet
|
|
|
05/26/2012, 04:07
|
#13
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,142
|
Quote:
Originally Posted by turk55
Ty for making me look up the empty function :P didn't know that yet
|
Oh, no problem. Haha.
|
|
|
05/27/2012, 03:31
|
#14
|
elite*gold: 0
Join Date: Nov 2005
Posts: 548
Received Thanks: 93
|
I am a bit surprised I never had issues with mysql inject on the hellmouth website..
|
|
|
05/27/2012, 05:47
|
#15
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,142
|
Quote:
Originally Posted by BioHazarxPaul
I am a bit surprised I never had issues with mysql inject on the hellmouth website..
|
Most people don't think to check for these exploits, and that's how most websites get taken down; either ****** scripting/security or mysql injection.
|
|
|
|
Similar Threads
|
Do you get E-Mail to change User Datas?
05/22/2012 - DarkOrbit - 4 Replies
Can anyone of you please try, if you get an E-Mail if you want to change the Password, Username or E-Mail Adress?
I tryed it more then once and I never get any E-Mail to confirm the changes!
Earlier I always got the E-Mail after max. 1 minute..
I have an E-Mail at >> Windows Live <<.
So anyone who can try it ? Thanks :)
|
[Name Change] niedrigere Preise für NonPremium User
05/15/2012 - Off Topic - 8 Replies
Moin moin,
ich bin der Meinung, dass der Name Change zu überteuert ist! Klar, kostenlos geht es nicht und da bin ich auch überhaupt nicht für, aber der Preis, für User die kein Premium besitzen, ist einfach viel zu hoch! Da für das Forum bzw. die Adminstration (keinerlei) Arbeit anfällt und es sonst auch nicht viele Umstände macht. Wie ist eure Meinung dazu? Soll der Preis gesenkt werden?
Momentaner Stand:
http://www.fotos-hochladen.net/uploads/unbenannt1 kfhcbsi4a.png
|
Any way to change my 2moons user ID
03/26/2010 - Dekaron - 4 Replies
Topic says it all
Wondering if there is anyway to change the User ID to something esle or is it impossible?
|
how change user and password Datebase in binary 5065
07/24/2009 - CO2 Private Server - 3 Replies
can any one tell me how change user name and password in binary tq 5065
any one know user test password test
how change it??????? help
|
model change als Mac User?
10/27/2007 - World of Warcraft - 0 Replies
Nun ich wollte eigentlich schon lange mal meinen Menschen Krieger in einen Tauren krieger verwandeln allerdings hab icha uch nach langer langer LANGER suche nichts gefunden was mir weiterhelfen könnte.
Da ich keine Programme gefunden habe welche ich als Mac User benützen kann um model changes vorzunehmen.
Eventuell kann mir da jemand von euch weiterhelfen oder hat eine Idee.
mfg rul
|
All times are GMT +2. The time now is 23:28.
|
|