Faction Change [PHP]

03/25/2019 17:14 [GameAdvisor]Finn#1
removed. base on Unix comment i think is not helping.. :)
03/25/2019 17:38 {Skrillex}#2
Hi,
first at all: thank you for your release. This Script is really outdated. It uses old mssql drivers wich will not supported by PHP 5.3 or higher.
I just opened the index.php and can see a lot of sql injections.

PHP Code:
$userid $_POST['userid'];
$pass   $_POST['pass'];
//Check if UserID Exists
        {
        $useruid = [MENTION=1039734]mss[/MENTION]ql_query('SELECT UserID,Pw FROM  PS_UserData.dbo.Users_Master WHERE UserID = \'' $userid '\'');
        if (mssql_num_rows($useruid) == 0)
            die('"<center>Account Dosent Exist! Redirect Please wait..</center> <meta http-equiv="refresh" content="2;url=index.php">"');
        else
        // Check if UserID and Password match
            $useruid1 = [MENTION=1039734]mss[/MENTION]ql_query('SELECT UserID,Pw FROM  PS_UserData.dbo.Users_Master WHERE UserID = \'' $userid '\' and PW = \'' $pass '\'');
    }
    if (mssql_num_rows($useruid1) == 0)
        die('"<center>Account and Password mixmatch! Redirect Please wait..</center> <meta http-equiv="refresh" content="2;url=index.php">"');
    else {
        $useruid2 = [MENTION=1039734]mss[/MENTION]ql_query('SELECT * FROM  PS_UserData.dbo.Users_Master WHERE UserID = \'' $userid '\' and PW = \'' $pass '\'');
    } 
Every user input will executed directly into database without escaping.

Nobody should use this script for public bcs of missing security.


Regards