Muy buenas, quisiera que alguien me ayudase con esto, quisiera modificar los datos de un tabla, pero los códigos que uso no hacen nada, si alguien fuera tan amable, acá os paso el archivo conexion y el function.
<?php
session_start();
###################################################
// SQL Config
###################################################
$info = array (
'hostname' => 'localhost', // Host
'username' => 'root', // User
'password' => '', // Password
'database' => 'apk', // Database Name
'path' => '', // URL
'path_images' => 'http://localhost/styles/beta', // URL of Styles And Images
'path_hk' => 'http://localhost/housekeeping',
'badges_image' => 'http://habboo-a.akamaihd.net/c_images/album1584/',
'name' => 'xd', // Hotel Name
'Me_Ad' => 'xd', // Text me
'footer' => 'xd'
);
###################################################
// SQL Connect
###################################################
mysql_connect ($info['hostname'], $info['username'], $info['password']) or die(mysql_error());
mysql_select_db($info['database']) or die(mysql_error());
mysql_query("SET NAMES 'utf8'");
###################################################
ini_set('display_errors', 0);
require_once 'functions.php';
$function=new functions();
###################################################
// Usuarios Online
###################################################
$ons = mysql_fetch_assoc(mysql_query("SELECT * FROM server_status"));
###################################################
// Definiciones
###################################################
$H = date('H');
$i = date('i');
$s = date('s');
$m = date('m');
$d = date('d');
$Y = date('Y');
$j = date('j');
$n = date('n');
$today = $d;
$month = $m;
$year = $Y;
$getmoney_date = date('d.m.Y',mktime($m,$d,$Y));
$birthday_date = date('d.m', mktime($m,$d));
$date_normal = date('d.m.Y',mktime($m,$d,$Y));
$date_full = date('d.m.Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));
define("KrCMS", TRUE);
define("PATH", $info['path']);
define("PATH_I", $info['path_images']);
define("PATH_HK", $info['path_hk']);
define("AvatarI", "http://www.habbo.nl/habbo-imaging/avatarimage?figure=");
define("Name", $info['name']);
define("BETA", TRUE);
define('CHARSET','UTF-8');
define('UsersOnline', $ons['users_online']);
###################################################
header('Content-type: text/html; charset='.CHARSET);
###################################################
if($html == true){
if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
foreach($_POST as $key => $p){
$_POST[$key] = htmlentities($function->filternews($p));
$_POST[$key] = mysql_real_escape_string($function->filternews($p));
$_POST[$key] = $function->filternews(html_entity_decode($p));
}
//Filtro las entradas vía GET
foreach($_GET as $key => $g){
$_GET[$key] = mysql_real_escape_string($function->filternews($g));
}
foreach($_COOKIE as $key => $s){
$_COOKIE[$key] = mysql_real_escape_string($function->filternews($s));
}
//Filtro las entradas vía REQUEST
foreach($_REQUEST as $key => $k){
$_REQUEST[$key] = mysql_real_escape_string($function->filternews($k));
}
}if(isset($_GET)){
//Filtro las entradas vía GET
foreach($_GET as $key => $f){
$_GET[$key] = strip_tags(htmlentities($function->filternews($f)));
}
}
}else{
if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
foreach($_POST as $key => $p){
$_POST[$key] = htmlentities($function->filter($p));
$_POST[$key] = mysql_real_escape_string($function->filter($p));
$_POST[$key] = $function->filter(html_entity_decode($p));
}
//Filtro las entradas vía GET
foreach($_GET as $key => $g){
$_GET[$key] = mysql_real_escape_string($function->filter($g));
}
foreach($_COOKIE as $key => $s){
$_COOKIE[$key] = mysql_real_escape_string($function->filter($s));
}
//Filtro las entradas vía REQUEST
foreach($_REQUEST as $key => $k){
$_REQUEST[$key] = mysql_real_escape_string($function->filter($k));
}
}if(isset($_GET)){
//Filtro las entradas vía GET
foreach($_GET as $key => $f){
$_GET[$key] = strip_tags(htmlentities($function->filter($f)));
}
}
}
if($function->checkLogin($_SESSION['username'], $_SESSION['password'])){
$u = $function->filter($_SESSION['username']);
//$a = mysql_query("SELECT username, motto, password, look, id, last_online, online, rank, credits FROM users WHERE username = '{$u}' LIMIT 1");
$a = mysql_query("SELECT * FROM users WHERE username = '{$u}' LIMIT 1");
$myrow = mysql_fetch_assoc($a);
if($function->CheckBanned($_SESSION['username'], $function->GetIP())){
$error = $_SESSION['BAN_LOGIN_ERROR'];
$_SESSION['W_LOGIN_ERROR'] = $error;
$bu = $_SESSION['username'];
unset($_SESSION['BAN_LOGIN_ERROR']);
unset($_SESSION['username']);
unset($_SESSION['password']);
header("LOCATION: ". PATH ."/?username=". $bu ."&rememberme=false&focus=login-username");
exit;
}
if($myrow['rank'] > '5'){
mysql_query("INSERT INTO private_logs (id,user,time,description,ip) VALUES (NULL,'{$myrow['username']}','{$date_full}','En el archivo: {$_SERVER['PHP_SELF']} con rango: {$myrow['rank']}','{$function->GetIP()}')");
}
}else{
$myrow['username'] = "Guest";
}
###################################################
?>
<?php
// Funciones
###################################################
class functions {
public function HoloHash($password){
$password = sha1(md5($password));
$password = hash('gost', $password);
$password = hash('whirlpool', $password);
$password = hash('sha512', $password);
return $password;
}
public function filter($texto) {
$texto = mysql_real_escape_string(htmlspecialchars($texto));
$texto = stripslashes(htmlspecialchars($texto));
$texto = trim($texto); // Eliminamos espacios en blanco o caracteres al principio y final del post
$texto = htmlspecialchars($texto); // funciona casi igual que htmlentities
$texto = str_replace("INSERT","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD
$texto = str_replace("DELETE","DE-LE-TE",$texto);
$texto = str_replace("TRUNCATE","TRUN-CA-TE",$texto);
$texto = str_replace("SELECT","SE-LEC-T",$texto);
$texto = str_replace("ALTER","AL-TER",$texto);
$texto = str_replace("UPDATE","UP-DA-TE",$texto);
$texto = str_replace("inert","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD
$texto = str_replace("delete","DE-LE-TE",$texto);
$texto = str_replace("truncate","TRUN-CA-TE",$texto);
$texto = str_replace("select","SE-LEC-T",$texto);
$texto = str_replace("alter","AL-TER",$texto);
$texto = str_replace("update","UP-DA-TE",$texto);
$texto = str_replace("script","",$texto);
$texto = str_replace("SCRIPT","",$texto);
$texto = str_replace('"','&#34;',$texto);
$texto = str_replace("'","&#39;",$texto);
$texto = str_replace("<","&#60;",$texto);
$texto = str_replace(">","&#62;",$texto);
$texto = str_replace("(","",$texto);
$texto = str_replace(")","",$texto);
return $texto;
}
public function filternews($texto) {
$texto = trim($texto); // Eliminamos espacios en blanco o caracteres al principio y final del post
$texto = str_replace("INSERT","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD
$texto = str_replace("DELETE","DE-LE-TE",$texto);
$texto = str_replace("TRUNCATE","TRUN-CA-TE",$texto);
$texto = str_replace("SELECT","SE-LEC-T",$texto);
$texto = str_replace("ALTER","AL-TER",$texto);
$texto = str_replace("UPDATE","UP-DA-TE",$texto);
$texto = str_replace("inert","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD
$texto = str_replace("delete","DE-LE-TE",$texto);
$texto = str_replace("truncate","TRUN-CA-TE",$texto);
$texto = str_replace("select","SE-LEC-T",$texto);
$texto = str_replace("alter","AL-TER",$texto);
$texto = str_replace("update","UP-DA-TE",$texto);
$texto = str_replace("script","",$texto);
$texto = str_replace("SCRIPT","",$texto);
$texto = str_replace('"','',$texto);
$texto = str_replace("'","",$texto);
return $texto;
}
function GetIP() {
if($_SERVER) {
if($_SERVER["HTTP_X_FORWARDED_FOR"]) {
$realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} elseif ($_SERVER["HTTP_CLIENT_IP"]) {
$realip = $_SERVER["HTTP_CLIENT_IP"];
} else {
$realip = $_SERVER["REMOTE_ADDR"];
}
} else {
if(getenv("HTTP_X_FORWARDED_FOR")) {
$realip = getenv("HTTP_X_FORWARDED_FOR");
} elseif(getenv("HTTP_CLIENT_IP")) {
$realip = getenv("HTTP_CLIENT_IP");
} else {
$realip = getenv("REMOTE_ADDR");
}
}
return $realip;
}
public function GenerateTicket(){
$data = "ST-";
for ($i=1; $i<=6; $i++){
$data = $data . rand(0,9);
}
$data = $data . "-";
for ($i=1; $i<=20; $i++){
$data = $data . rand(0,9);
}
$data = $data . "-habbo-beta-fe";
$data = $data . rand(0,5);
return $data;
}
public function checkLogin($u, $p){
$u = $this->filter($u);
$p = $this->filter($p);
$check = mysql_query("SELECT * FROM users WHERE username = '{$u}' AND password = '{$p}' OR mail = '{$u}' AND password = '{$p}' LIMIT 1");
if(mysql_num_rows($check) > 0) return true; return false;
}
public function userExist($u){
$u = $this->filter($u);
$g = mysql_query("SELECT null FROM users WHERE username = '{$u}' OR mail = '{$u}' LIMIT 1");
if(mysql_num_rows($g) > 0) return true; return false;
}
public function AddUser($u, $p, $m, $b){
$user = $this->filter($u);
$pass = $this->filter($p);
$mail = $this->filter($m);
$birth = $this->filter($b);
$credits = "900000";
$rank = "1";
$look = "hr-893-42.hd-180-1.ch-225-64.lg-280-64.sh-300-64.ha-1002-64.ea-1404-62.ca-1802";
$motto = "Hola, soy un usuario nuevo!";
mysql_query("INSERT INTO users(`id`, `username`, `password`, `mail`, `credits`, `rank`, `ip_reg`, `ip_last`, `look`, `account_created`, `gender`, `motto`, `birth`, `auth_ticket`)
VALUES(NULL, '{$user}', '{$pass}', '{$mail}', '{$credits}', '{$rank}', '".$this->GetIP()."', '".$this->GetIP()."', '{$look}', '". time() ."', 'M', '{$motto}', '{$birth}', '" .$this->GenerateTicket()."')");
$userd = mysql_query("SELECT * FROM users WHERE username = '{$user}'");
$userd = mysql_fetch_assoc($userd);
mysql_query("INSERT INTO `user_info` (user_id,reg_timestamp) VALUES ('".$userd['id']."','".time()."')");
//mysql_query("INSERT INTO `user_stats` (id) VALUES ('".$userd['id']."')");
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}
function CheckBanned($u, $ip){
$H = date('H');
$i = date('i');
$s = date('s');
$m = date('m');
$d = date('d');
$Y = date('Y');
$j = date('j');
$n = date('n');
$today = $d;
$month = $m;
$year = $Y;
$u = $this->filter($u);
$ip = $this->filter($ip);
$checkban = mysql_query("SELECT * FROM bans WHERE value = '{$u}' or value = '{$ip}' LIMIT 1");
if(mysql_num_rows($checkban) < 1){ return false;} else {
$bandata = mysql_fetch_assoc($checkban);
$reason = $bandata['reason'];
$expire = $bandata['expire'];
$xbits = explode(" ", $expire);
$xtime = explode(":", $xbits[1]);
$xdate = explode("-", $xbits[0]);
$stamp_now = mktime(date('H'),date('i'),date('s'),$today,$month,$year);
$datetoex = date("d-m-y",$expire);
if($stamp_now < $expire){
$login_error = "Has sido banedo por esta razón: \"".$reason."\". Tu baneo expira el: ".$datetoex.".";
$_SESSION['BAN_LOGIN_ERROR'] = $login_error;
return $login_error;
} else {
mysql_query("DELETE FROM bans WHERE value = '{$u}' OR value = '{$ip}' LIMIT 1");
return false;
}
}
}
public function session($s){
if($s == "no" && $this->checkLogin($_SESSION['username'], $_SESSION['password'])){
header("LOCATION: ". PATH ."../dashboard");
}elseif($s == "yes" && $this->checkLogin($_SESSION['username'], $_SESSION['password']) == false){
header("LOCATION: ". PATH ."/index.php");
}
}
public function hk_access(){
$user = $this->filter($_SESSION['username']);
$pass = $this->filter($_SESSION['password']);
$r = mysql_fetch_assoc(mysql_query("SELECT rank FROM users WHERE username = '{$user}' AND password = '{$pass}' LIMIT 1"));
if($r['rank'] >= "5"){}else{header("LOCATION: ". PATH ."dashboard");}
}
public function GetLast($a){
$a = $this->filter($a);
if(!empty($a) || !$a == ''){
if(is_numeric($a)){
$date = $a;
$date_now = time();
$difference = $date_now - $date;
if($difference <= '59'){ $echo = 'Justo Ahora'; }
elseif($difference <= '3599' && $difference >= '60'){
$minutos = date('i', $difference);
if($minutos[0] == 0) { $minutos = $minutos[1]; }
if($minutos == 1) { $minutos_str = 'minuto'; }
else { $minutos_str = 'minutos'; }
$echo = 'Hace '.$minutos.' '.$minutos_str;//Minutos
}elseif($difference <= '82799' && $difference >= '3600'){
$horas = date('G', $difference);
if($horas == 1) { $horas_str = 'hora'; }
else { $horas_str = 'horas'; }
$echo = 'Hace '.$horas.' '.$horas_str;//Minutos
}elseif($difference <= '518399' && $difference >= '82800'){
$dias = date('j', $difference);
if($dias == 1) { $dias_str = 'día'; }
else { $dias_str = 'días'; }
$echo = 'Hace '.$dias.' '.$dias_str;//Minutos
}elseif($difference <= '2678399' && $difference >= '518400'){
$semana = floor(date('j', $difference) / 7).'<!-- WTF -->';
if($semana == 1) { $semana_str = 'semana'; }
else { $semana_str = 'semanas'; }
$echo = 'Hace '.floor($semana).' '.$semana_str;//Minutos
}else { $echo = 'Hace '.date('n', $difference).' mes(es)'; }
return $echo;
}else{ return $a; }
}else{ return 'Aún no te has conectado'; }
}
public function RankName($a){
$a = mysql_fetch_assoc(mysql_query("SELECT name FROM ranks WHERE id = '{$a}' LIMIT 1"));
return $a['name'];
}
public function UpdateProfile($a, $b, $u){
$a = $this->filter($a);
$b = $this->filter($b);
$u = $this->filter($u);
mysql_query("UPDATE users SET profile_bg = '{$a}', profile_image = '{$b}' WHERE username = '{$u}'");
}
public function Username_check($a){
$a = $this->filter($a);
$filter = preg_replace("/[^a-z\d\-=\?!@:\.]/i", "", $a);
# USERNAME CHECK #
if($a !== $filter || strlen($a) < 2 || strlen($a) > 32){ $error = "Insertaste un nombre iválido</div>"; }
elseif($this->userExist($a)){ $error = "Ese nombre ya esta en uso"; }
return $error;
}
public function Emails_check($a, $b){
$a = $this->filter($a); // Email 1
$b = $this->filter($b); // Email 2
$email_check = preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $a);
# EMAIL CHECK #
if($email_check !== 1){ $error = "Insertaste un email inválido"; }
elseif($this->userExist($a)){ $error = "Ese email ya esta en uso"; }
elseif($a !== $b){ $error = "Tus emails no coinciden"; }
return $error;
}
public function Password_Check($a, $b){
$a = $this->filter($a); // pass 1
$b = $this->filter($b); // pass 2
# PASSWORD CHECK #
if(strlen($a) < 6 || strlen($a) > 32){ $error = "Escribiste una contraseña inválida (debe tener más de 6 caracteristicas)";}
elseif($a !== $b){ $error = "Tus contraseñas no coinciden"; }
return $error;
}
}
?>
Mod: Obligatorio el uso de etiquetas GeSHi. Temas sobre PHP van al subforo de PHP.
USA ETIQUETAS GeSHi Para codigo PHP.
Te aparece algún error?
ALGÚN MOD QUE MUEVA ESTO AL FORO PHP
Mod: En vez de gritar, usa la función "Reportar al moderador" para avisar.