[PHP] Webmall with Paypal & IPN

Page 3 of 3

04/20/2016 15:59 B1Q#31

Quote:

Originally Posted by mialuisa

I have a problem as good as everything works just the admin not so the admin menu webmall /? act = admin

and when i open http:// (myip ) /webmall/include/admin.php
i get this error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [Only registered and activated users can see links. Click Here To Register...] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

show me your admin.php code

and you should access it like this http:// (myip ) /webmall/?act=admin

04/21/2016 19:46 NorseGodTyr#32

Quote:

Originally Posted by hazemooking

show me your admin.php code

and you should access it like this http:// (myip ) /webmall/?act=admin

PHP Code:


			
<center>
<? if(empty($_SESSION['username']) && empty($_SESSION['password']) || $_SESSION['username'] != $adminuser) { die("Please Login!"); } ?>
<div class="container">
 <div class="table-responsive">          
<table class="table table-striped table-responsive">
<form class="form-control" action="" method="POST" enctype="multipart/form-data">
<tr>
    <td><label class="form-control">Title: </label><input class="form-control" type="text" name="itemname" /><br>
    <label class="form-control">Code: </label><input class="form-control" type="text" name="itemcode" /><br>
    <label class="form-control">Plus: </label><input class="form-control" type="text" name="itemplus" /><br>
    <label class="form-control">Price: </label><input class="form-control" type="number" name="price" /><br>
    <label class="form-control">Quantity: </label><input class="form-control" type="number" name="quan" /><br>
    <label class="form-control">Description: </label><textarea  class="form-control" cols="2" rows="3"  type="text" name="desc"></textarea><br>
    <label class="form-control">Image: </label><input class="form-control" type="file" name="image"/><br>
    <button class="btn btn-lg btn-primary btn-block" name="submit" type="submit">Add</td>
    </tr>
</form>
</table><br>
</div>
</div>
<?php 
if(isset($_FILES['image']))
{
$itemname = $sql->secure($_POST['itemname']);
$itemcode = $sql->secure($_POST['itemcode']);
$itemplus = $sql->secure($_POST['itemplus']);
$itemprice = $sql->secure($_POST['price']);
$itemDesc = $sql->secure($_POST['desc']);
$quantity = $sql->secure($_POST['quan']);
$uniqueID = uniqid();

$allow = array("jpg", "jpeg", "gif", "png");

$todir = 'images/items/';

if ( !!$_FILES['image']['tmp_name'] ) // is the file uploaded yet?
{
    $info = explode('.', strtolower( $_FILES['image']['name']) ); // whats the extension of the file

    if ( in_array( end($info), $allow) ) // is this file allowed
    {
        if ( move_uploaded_file( $_FILES['image']['tmp_name'], $todir . basename($_FILES['image']['name'] ) ) )
        {
            $imgname = $_FILES['image']['name'];
            $add = $sql->query("
            insert into $webDB.._donateItems 
            (itemname,itemCode,itemPrice,itemImage,itemDescription,itemPlus,uniqueID,quantity)
            values
            ('$itemname','$itemcode','$itemprice','$todir/$imgname','$itemDesc','$itemplus','$uniqueID','$quantity')");
            if($add->execute())
            {
                echo "<label class=bg-success>Item Was Added!</label>";
            }
            else
                echo $add->errorInfo()[2];
        }
    }
    else
    {
        echo "<label class=bg-danger>Something Went Wrong!</label>";
    }
}

}
?>
</center>

http:// (myip ) /webmall/?act=admin = [Only registered and activated users can see links. Click Here To Register...]

04/22/2016 09:32 B1Q#33

Quote:

Originally Posted by mialuisa

Spoiler

PHP Code:

<center> <? if(empty($_SESSION['username']) && empty($_SESSION['password']) || $_SESSION['username'] != $adminuser) { die("Please Login!"); } ?> <div class="container"> <div class="table-responsive"> <table class="table table-striped table-responsive"> <form class="form-control" action="" method="POST" enctype="multipart/form-data"> <tr> <td><label class="form-control">Title: </label><input class="form-control" type="text" name="itemname" /><br> <label class="form-control">Code: </label><input class="form-control" type="text" name="itemcode" /><br> <label class="form-control">Plus: </label><input class="form-control" type="text" name="itemplus" /><br> <label class="form-control">Price: </label><input class="form-control" type="number" name="price" /><br> <label class="form-control">Quantity: </label><input class="form-control" type="number" name="quan" /><br> <label class="form-control">Description: </label><textarea class="form-control" cols="2" rows="3" type="text" name="desc"></textarea><br> <label class="form-control">Image: </label><input class="form-control" type="file" name="image"/><br> <button class="btn btn-lg btn-primary btn-block" name="submit" type="submit">Add</td> </tr> </form> </table><br> </div> </div> <?php if(isset($_FILES['image'])) { $itemname = $sql->secure($_POST['itemname']); $itemcode = $sql->secure($_POST['itemcode']); $itemplus = $sql->secure($_POST['itemplus']); $itemprice = $sql->secure($_POST['price']); $itemDesc = $sql->secure($_POST['desc']); $quantity = $sql->secure($_POST['quan']); $uniqueID = uniqid(); $allow = array("jpg", "jpeg", "gif", "png"); $todir = 'images/items/'; if ( !!$_FILES['image']['tmp_name'] ) // is the file uploaded yet? { $info = explode('.', strtolower( $_FILES['image']['name']) ); // whats the extension of the file if ( in_array( end($info), $allow) ) // is this file allowed { if ( move_uploaded_file( $_FILES['image']['tmp_name'], $todir . basename($_FILES['image']['name'] ) ) ) { $imgname = $_FILES['image']['name']; $add = $sql->query(" insert into $webDB.._donateItems (itemname,itemCode,itemPrice,itemImage,itemDescription,itemPlus,uniqueID,quantity) values ('$itemname','$itemcode','$itemprice','$todir/$imgname','$itemDesc','$itemplus','$uniqueID','$quantity')"); if($add->execute()) { echo "<label class=bg-success>Item Was Added!</label>"; } else echo $add->errorInfo()[2]; } } else { echo "<label class=bg-danger>Something Went Wrong!</label>"; } } } ?> </center>

http:// (myip ) /webmall/?act=admin = [Only registered and activated users can see links. Click Here To Register...]

i can't see any problem in this script i guess it's your webserver :S i use ZendServer 8.5 PHP 5.6

04/22/2016 13:27 NorseGodTyr#34

Quote:

Originally Posted by hazemooking

i can't see any problem in this script i guess it's your webserver :S i use ZendServer 8.5 PHP 5.6

i have test it with ZendServer-CE-php-5.3.14-5.6.0-SP2 & ZendServer-8.5.3-php-5.6.18-Windows_x86

04/22/2016 18:04 B1Q#35

Quote:

Originally Posted by mialuisa

i have test it with ZendServer-CE-php-5.3.14-5.6.0-SP2 & ZendServer-8.5.3-php-5.6.18-Windows_x86

re-extract the webmall folder because it works with me

06/04/2016 21:00 hellspawn800#36

adding an option to put item 100% stats and Blue will be nice .. can you do it ?

thanks

06/05/2016 10:08 B1Q#37

Quote:

Originally Posted by hellspawn800

adding an option to put item 100% stats and Blue will be nice .. can you do it ?

thanks

nope to do that you will have to add the item manually to the player inventory and i'm too busy atm i won't be able to do it

06/07/2016 17:35 .TheKraken.#38

PHP Code:


			
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/", "", $sql);

Very bad solution.

PHP Code:


			
public function CharsByUser($username)
    {
        $q = "SELECT TOP 4 * FROM $this->shardDB.._Char tb1, $this->shardDB.._User tb2 WHERE tb1.CharID = tb2.CharID AND tb2.UserJID=(select JID from $this->accDB..TB_User where StrUserID='$username')";
        return $this->query($q);
    }

It can be more than 4 characters, better you will count them..

Get used to use require_once function instead of include function, it can prevent few problems in the future./

That's what I saw in the 2 minutes that I was looking at your code,
maybe I'll find more later, then I'll edit this comment.

06/07/2016 19:54 B1Q#39

Quote:

Originally Posted by .TheKraken.

PHP Code:

$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/", "", $sql);

Very bad solution.

PHP Code:

public function CharsByUser($username) { $q = "SELECT TOP 4 * FROM $this->shardDB.._Char tb1, $this->shardDB.._User tb2 WHERE tb1.CharID = tb2.CharID AND tb2.UserJID=(select JID from $this->accDB..TB_User where StrUserID='$username')"; return $this->query($q); }

It can be more than 4 characters, better you will count them..

Get used to use require_once function instead of include function, it can prevent few problems in the future./

That's what I saw in the 2 minutes that I was looking at your code,
maybe I'll find more later, then I'll edit this comment.

Quote:

The require() function is identical to include(), except that it handles errors differently. If an error occurs, the include() function generates a warning, but the script will continue execution. The require() generates a fatal error, and the script will stop.

Quote:

The require_once() statement is identical to require() except PHP will check if the file has already been included, and if so, not include (require) it again.

i agree that using preg_replace isn't the best solution I just didn't want to use bindparam to make the code understandable for people who never used PDO

more than 4 chars in vsro? idk about that the only server that has more than 4 chars was myth i'm not sure if this name was correct

you will find a lot of useless shit in my code i don't recommend using it!

i will probably post a new version later :3

idk how require_once will prevent few problems in the future. would you explain more?

06/23/2016 01:00 .TheKraken.#40

Quote:

Originally Posted by hazemooking

i agree that using preg_replace isn't the best solution I just didn't want to use bindparam to make the code understandable for people who never used PDO

more than 4 chars in vsro? idk about that the only server that has more than 4 chars was myth i'm not sure if this name was correct

you will find a lot of useless shit in my code i don't recommend using it!

i will probably post a new version later :3

idk how require_once will prevent few problems in the future. would you explain more?

Require_Once is more efficient.
[Only registered and activated users can see links. Click Here To Register...]

About the part of more than 4 characters on vsro,
I commented about that because I had a problem because of that shit,
in the server that I'm working on now there is option to open more than 4 characters, and while I was doing some tests to the server, I had a bug because of that..

Waiting for the next version, good job :)

06/23/2016 06:36 B1Q#41

Quote:

Originally Posted by .TheKraken.

Require_Once is more efficient.
[Only registered and activated users can see links. Click Here To Register...]

About the part of more than 4 characters on vsro,
I commented about that because I had a problem because of that shit,
in the server that I'm working on now there is option to open more than 4 characters, and while I was doing some tests to the server, I had a bug because of that..

Waiting for the next version, good job :)

idk how you see require_once more efficient while it's basically the same except it handles errors differently and checks if the file was already included in this case we include the file only once in the index and never include it again i don't see why you're obsessed with require_once maybe you didn't read the quotes on Stackoverflow?

Thank you and i will improve it in my free time

06/23/2016 17:21 RedWoman#42

Quote:

Originally Posted by hazemooking

idk how you see require_once more efficient while it's basically the same except it handles errors differently and checks if the file was already included in this case we include the file only once in the index and never include it again i don't see why you're obsessed with require_once maybe you didn't read the quotes on Stackoverflow?

Thank you and i will improve it in my free time

He's right, require_once is better than include because it includes the files just once, in some times, include will include the page few times then you will see the page few times.

06/23/2016 21:43 B1Q#43

Quote:

Originally Posted by NanoKid

He's right, require_once is better than include because it includes the files just once, in some times, include will include the page few times then you will see the page few times.

if you like require_once you can use it :3 i prefer using include if possible

06/25/2016 16:13 Mr.Rover#44

ummm ..... very useful thanks.

06/27/2016 06:21 B1Q#45

Quote:

Originally Posted by elaraby1

Nice Work ...

yeah suck my dick you spamming piece of shit

Page 3 of 3