[Tool/Web/Other] [PHP/SQL] View Bans/Vehicles/Users from browser

[Tool/Web/Other] [PHP/SQL] View Bans/Vehicles/Users from browser - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Filterscripts (https://sampforum.blast.hk/forumdisplay.php?fid=17)
+---- Forum: Tools and Files (https://sampforum.blast.hk/forumdisplay.php?fid=82)
+---- Thread: [Tool/Web/Other] [PHP/SQL] View Bans/Vehicles/Users from browser (/showthread.php?tid=249126)

[PHP/SQL] View Bans/Vehicles/Users from browser - Oliverraisk - 17.04.2011

Before we start. You will need to have an MySQL-able gamemode, an sql server and .php supporting server (doesnt count what OS). Otherwise it will NOT work!

What is it? The .zip file contains 3 *.php files: users.php, bans.php and vehicles.php. If they are correctly set up, you can view your info for these three things from sql in your web browser. Also the zip contains graphical files, css and js files. Also config.inc.

Preview. HERE

Setting up. Download the package (Link is in the end of the post) unpack them to your desktop or somewhere.
Open up config.inc and configure it for your needs

PHP код:



define ("DB_HOST", "localhost"); // set database host

define ("DB_USER", "root"); // set database user

define ("DB_PASS","x"); // set database password

define ("DB_NAME","sa-mp"); // set database name    

define ("DB_TABLE_VEHS","vehicles"); // set database table for vehs    

define ("DB_TABLE_PLAYER","playerinfo"); // players

define ("DB_TABLE_BANS","bans"); //bans

It should be no hard.

Next open up one of the .php files. I use Notepad++. For example i open users.php.
Firstly you will need to edit these lines:

PHP код:



$db_table_player = DB_TABLE_PLAYER;

$sql="SELECT * FROM $db_table_player";

It has to be same as in config.inc

Now we need to edit these lines for your needs

PHP код:



$user = ($rows['user']);

$money = $rows['money']; 

$skin = $rows['skin'];

$Level = $rows['Level'];  

$nLevel = $rows['nLevel'];

?>

<tr>

<td class="alt" ><?php echo "$user"; ?></td>

<td class="alt" ><?php echo "$money"; ?></td>                

<td class="alt" ><?php echo "$skin"; ?></td>

<td class="alt" ><?php echo "$Level"; ?></td>

<td class="alt" ><?php echo "$nLevel"; ?></td>

PHP код:



$user = ($rows['user']);

if in mysql you have named your row for usernames to usernames, instead of users, it has to be

PHP код:



$usernames = ($rows['usernames']);

, also you need to edit the following line:

PHP код:



<?php echo "$user"; ?>

PHP код:



<?php echo "$usernames"; ?>

Same for the other lines and other 3 files.

Download

Upload.ee

Solidfiles.com

The .inc replaced with .php

Solidfiles.com

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - royal_king - 17.04.2011

Hey mate, this is just awesome! why don't you sell it ?

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - Sergei - 17.04.2011

Код:

$db_table_player = DB_TABLE_PLAYER;
$sql="SELECT * FROM $db_table_player";

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - Oliverraisk - 17.04.2011

Quote:

Originally Posted by royal_king

Hey mate, this is just awesome! why don't you sell it ?

It's quite easy to make actually. Thanks

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - XFlawless - 17.04.2011

Quote:

Originally Posted by Sergei

Код:

$db_table_player = DB_TABLE_PLAYER;
$sql="SELECT * FROM $db_table_player";

It's defined. And player names are not escaped epic fail right ?

config.inc -_- people can easily see your mysql password and stuff.....

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - Oliverraisk - 17.04.2011

Quote:

Originally Posted by XFlawless

config.inc -_- people can easily see your mysql password and stuff.....

I used it just 4 myself. I also added

Quote:

EDIT: I forgot to mention, for higher security you should rename config.inc to config.inc.php (also edit the php files)

In the end of main post

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - XFlawless - 17.04.2011

Quote:

Originally Posted by Oliverraisk

I used it just 4 myself. I also added In the end of main post

But you still need to escape usernames and use htmlentites().Also you have not sanitized any vulnerable character.

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - Oliverraisk - 17.04.2011

Quote:

Originally Posted by XFlawless

But you still need to escape usernames and use htmlentites().

Quite dunno what you are talkin 'bout. The thing is, that the system worked :O

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - royal_king - 17.04.2011

Well i'm going to develop it with some more features

@Flawless - You are right people can see MySQL details, maybe he would make it in "PHP"

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - iJumbo - 17.04.2011

Wow awesome

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - XFlawless - 17.04.2011

Quote:

Originally Posted by Oliverraisk

Quite dunno what you are talkin 'bout. The thing is, that the system worked :O

Ex: html characters in php can be hacked by CrossSite Scripting. And $username can be mysql injected they can easily override the player password.

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - deather - 17.04.2011

For avoiding sql injection you can you htmlspecialchars() and mysql_real_escape_string() - This needs a mysql db connection

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - linuxthefish - 17.04.2011

This looks nice, but i don't think its secure enough for me. :P

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - Oliverraisk - 17.04.2011

Well I'm gonna try to fix it in evening. Thanks everybody for heads-up!

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - falenone1 - 21.04.2011

Naiss :P

Re: [PHP/SQL] View Bans/Vehicles/Users from browser - TheArcher - 29.04.2011

Nice release