Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Downloads (http://www.bvlist.com/forumdisplay.php?f=16)
-   -   New Generation torrent (http://www.bvlist.com/showthread.php?t=9251)

gaba89 26th June 2013 12:33
New Generation torrent
 
1 Attachment(s)
NewGeneration Torrent v1.2

joeroberts 26th June 2013 13:16
attention

Attention

this Code needs a little securing




Your Way open for a sql injection on this so bad
PHP Code:
if ($_GET["act"] == "Arcade") {

    switch ($_POST['gname'])
    {
        case "asteroids":
            $game 1;
            $level 1;
            $score $_POST['score'];
            break;

        case "breakout":
            $game 2;
            $level 1;
            $score $_POST['gscore'];
            break;

        case "hexxagon":
            $game 3;
            $level 1;
            $score $_POST['gscore'];
            break;

        case "invaders":
            $game 4;
            $level 1;
            $score $_POST['score'];
            break;

        case "moonlander":
            $game 5;
            $level 1;
            $score $_POST['gscore'];
            break;

        case "pacman":
            $game 6;
            $level 1;
            $score $_POST['gscore'];
            break;

        case "psol":
            $game 7;
            $level 1;
            $score $_POST['gscore'];
            break;

        case "simon":
            $game 8;
            $level 1;
            $score $_POST['gscore'];
            break;

        case "snake":
            $game 9;
            if($_POST['levelName'] == "LEVEL: SLUG"$level 1;
                elseif($_POST['levelName'] == "LEVEL: WORM"$level 2;
                    elseif($_POST['levelName'] == "LEVEL: PYTHON"$level 3;
            $score $_POST['score'];
            break;

        case "tetris":
            $game 10;
            $level $_POST['level'];
            $score $_POST['gscore'];
            break;
    }

    db::run("SELECT count(*), min(score) FROM flashscores WHERE game = $game");
    $arr db::firstrow(MYSQL_NUM);
    if ($arr[0] < 15 or $arr[1] < $score) {
        db::run("INSERT INTO flashscores (game , user , level , score, date) VALUES ('".$game."', '".$CURUSER['id']."', '".$level."', '".$score."', NOW())");
        if ($arr[0] >= 15
            db::run("DELETE FROM flashscores WHERE game = $game AND score = $arr[1]");
        header("Location: games.php?gametype=7&act=win&gameid=$game");
    } else
        header("Location: games.php?gametype=7&act=notwin&gameid=$game");

    die;
}

//Szavazas megkapása

if (is_valid_id($_GET["pollid"])) {
    $choice $_GET["choice"];
    $pollid $_GET["pollid"];
    
    header("Content-Type: text/html; charset=iso-8859-2");

    if (($choice 100) || !is_numeric($choice) || !(round($choice) == $choice))
        die("Rossz szavazat!");

    if (!db::count("polls WHERE id = $pollid"))
        die("Rossz szavazás ID.");

    if (db::count("pollanswers WHERE pollid = $pollid and userid = ".$CURUSER['id']))
        die("Már szavaztál ebben a szavazásban.");

    db::run("INSERT INTO pollanswers VALUES($pollid, ".$CURUSER['id'].", $choice)");
    
    if (!db::$aff)
        die("Hiba lépett fel.");

    db::run("UPDATE users SET new_poll = 0 WHERE id = ".$CURUSER["id"]);
    bonus("+2");

    polltable($pollid);

    die;

Chez 26th June 2013 13:36
Screen or something?


All times are GMT +2. The time now is 04:47.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.