26.11.2009, 22:06
I'm getting complaints from people who went to http://ucp.south-westrp.com/UCP.php and they said there received Trojan warning from AVAST, Can someone look at this code and see where the problem is at?
edit: Someone told me it was Iframe, How do I remove it? ( The IFrame?)
Код:
<html>
<head>
<?php
$sql = mysql_connect("BLOCKED", "BLOCKED", "BLOCKED");
mysql_select_db(BLOCKED, $sql);
if($_POST["fname"] && $_POST["ppassword"])
{
if(!isset($_POST['fname']) || !trim($_POST['fname'])) die('Please enter a name.');
//foreach($_POST as $name=>$val)
// {
// $_POST[$name] = mysql_real_escape_string($val);
//}
$fname = $_POST["fname"];
$ppassword = $_POST["ppassword"];
$sql = mysql_query("SELECT * FROM players WHERE Name = '$fname' AND Password = '$ppassword' LIMIT 1");
if(mysql_num_rows($sql)>0)
{
echo("You are logged in!");
}
else
{
echo("Password does not match, or there is no account!");
return 0;
}
}
else
{
echo("Password does not match, or there is no account!");
return 0;
}
?>
<?php
$sql = mysql_connect("BLOCKED", "BLOCKED", "BLOCKED");
$select = "SELECT * FROM players WHERE Name = '".mysql_real_escape_string($_POST['fname'])."'";
$query = mysql_query($select) or die('MySQL error: '.mysql_error());
mysql_select_db(BLOCKED, $sql);
while($list = mysql_fetch_array($query)) {
?>
<div style="color: #FFFFFF;">
Name: <?=$list['Name']?><br />
Level: <?=$list['PlayerLevel']?><br />
Admin Level: <?=$list['AdminLevel']?><br />
Moderator: <?=$list['Moderator']?><br />
Helper: <?=$list['Helper']?><br />
Money: <?=$list['Cash']?><br />
Skin: <?=$list['Skin']?><br />
Faction ID: <?=$list['Faction']?><br />
Faction Rank ID: <?=$list['Rank']?><br />
House Key: <?=$list['HouseKey']?><br />
Rent House Key: <?=$list['RHouseKey']?>
</div><br />
<?php
}
?>
</head>
<body>
<p><center><b>_</center></p>
<body background="/imageshack/img43/7428/hometu.jpg">
</body>
</html>