Error at line 71 and 74
Code:
<?php
include('../inc/webshop_config.php');
include('../inc/config.php');
/* E4Story Webshop Core File v1
Made by Glossy
*/
if ( !function_exists('login') ) {
function check ( $str, $email = false ) {
//convert special characters to a slash sign
$str = addslashes( $str );
//convert all the letters to lower-case
$str = strtolower( $str );
if ( $email ) {
if ( filter_var($email, FILTER_VALIDATE_EMAIL ) ) {
echo "The email address specified is not valid.";
}
} else {
//define strings that are strictly forbidden
$ddnstr = array( 'drop', 'union', 'select', 'exec', 'xp', 'var', 'set', 'update', 'where', 'and', '=', 'truncate', 'table', '*', 'top', 'null', 'delay', 'sleep', 'waitfor', 'from', 'execute' );
//check each string if it's including a forbidden string
foreach ( $ddnstr as $singlestr ) {
//check for strpos, including: return val true, otherwise return val false
$checkVal = strpos( $str, $singlestr );
//check the returned value
if ( $checkVal != false) {
//exit the current procedure
header('location: denied.html');
exit();
//check if there are any non-alphanumerical characters
} else if ( !ctype_alnum( $str ) ) {
//exit the current procedure
header('location: denied.html');
exit();
}
}
}
}
//logout
function logout() {
// Deleting all content in $_SESSION
$_SESSION = array();
// Destroying the session
session_destroy();
}
//check if logged in
function l_check() {
if ( !isset($_SESSION['4s_usr']) || !isset($_SESSION['4s_uid']) ) {
header('Location: login.php');
}
}
function login ( $username,$password ) {
///SQLi checks
check( $username );
check( $password );
//set up the required variables
71 $account = odbc_exec( $GLOBALS['TGLOBAL'], "SELECT * FROM TACCOUNT WHERE szUserID = '$username' AND szPasswd = '$password' " );
//check if the account is exists
74 if ( odbc_num_rows( $account ) > 0 )
//Logged in successful, set up sessions
session_start();
$accname = odbc_result( $account, 'szUserID');
$user_id = odbc_result ( $account, 'dwUserID');
$_SESSION['4s_usr'] = $accname;
$_SESSION['4s_uid'] = $user_id;
//Redirect to shop.php page
header('Location: shop.php');
} else {
//Bad password, or the account is not exists
echo "<font color='red'><b>The account is not exists or the password is not correct. Please try again!</b></font>";
}
}
//get cash
function cashNum($uid) {
$retn = odbc_exec( $GLOBALS['TGLOBAL'], "SELECT dwCash FROM TCASHTESTTABLE WHERE dwUserID = $uid" );
return odbc_result( $retn , 'dwCash' );
}
//buy function
function buy ( $id ) {
//sqli check
check($id);
//check if it's exists in the db
$item = odbc_exec( $GLOBALS['TGLOBAL'], "SELECT * FROM TWEB_CASHSHOP WHERE item = $id" );
$ex = odbc_num_rows($item);
if ( $ex == 1 ) {
//get more item details and cash value
$stack = odbc_result( $item, 'stack' );
$price = odbc_result( $item, 'price');
$uid = $_SESSION['4s_uid'];
$cash = cashNum($uid);
//check if the customer have enough cash
if ( $cash >= $price ) {
//add the item to db
//generate identification strings
//wID
//$lastwID = odbc_result( odbc_exec( $GLOBALS['TGLOBAL'], "SELECT TOP 1 dwID FROM TCASHITEMCABINETTABLE ORDER BY dwID DESC" ) ,'dwID' );
//$dwID = $lastwID+1;
//dlID
$lastdlID = odbc_result( odbc_exec( $GLOBALS['TGLOBAL'], "SELECT TOP 1 dlID FROM TCASHITEMCABINETTABLE ORDER BY dlID DESC" ) ,'dlID' );
$dlID=$lastdlID+1;
odbc_exec( $GLOBALS['TGLOBAL'], "INSERT INTO TCASHITEMCABINETTABLE ( wItemID, dwUserID, bLevel, bCount, bGLevel, dwDuraMax, dwDuraCur, bRefineCur, dEndTime,
bGradeEffect, bMagic1, bMagic2, bMagic3, bMagic4, bMagic5, bMagic6,wValue1, wValue2, wValue3, wValue4, wValue5, wValue6, dwTime1, dwTime2, dwTime3, dwTime4, dwTime5, dwTime6, bWorldID, dlID ) VALUES (
$id, $uid, 0, $stack, 0, 0, 0, 0, '1900-01-01 00:00:00', 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,$dlID
) " );
//decrease cash
$cash = $cash-$price;
odbc_exec( $GLOBALS['TGLOBAL'], "UPDATE TCASHTESTTABLE SET dwCash = $cash WHERE dwUseriD = $uid" );
header('location: suc.php');
} else {
//not enough cash
header('location: poor.php');
}
} else {
//not exists or db error
echo "EC_NOEXT";
}
}
}
