1. 首頁
  2. 問答
  3. GET,將不會收到我的POST? PHP

GET,將不會收到我的POST? PHP

2014-06-11 26 views
-3

我爲我的在線遊戲創建了一個動態簽名製造商。

您可以通過手動GET,將不會收到我的POST? PHP

http://pernix-rsps.com/sig/pcard.php?user=usernamehere
我試圖讓一個USERBOX並提交創建的簽名,讓人們不必訪問

http://pernix-rsps.com/sig/pcard.php?user=USERNAME

和編輯它,我想它在輸入用戶名時爲他們創建鏈接

我的用戶名框的代碼

<center> 



<form name="sig" id="sig" method="get" action="pcard.php"> 
<table border="0"> 
<tr><td colspan="2"><?php echo isset($_GET["user"])?$_GET["user"]:"";?> </td></tr> 
<tr><td width="30">Username</td><td width="249"><input name="username" type="text" id="username" width="150px" placeholder="Username" /> </td></tr> 

<tr><td></td><td><input name="btnsubmit" type="submit" id="btnsubmit" title="create sig" /></td></tr> 
</table> 
</form> 

      </center>

然後pcard.php

<?php 

    if (isset($_GET['user'])) { 
     $image_path = "img/saved_cards/".$_GET['user'].".png"; 
     if (file_exists($image_path)) { 
      if (time() < filemtime($image_path) + 300) { // every 5 minutes ? 
       pullFromCache($image_path); 
       exit; 
      } 
     } 
     generate(); 
    } 

    function pullFromCache($image_path) { 
     header("Content-type: image/png"); 
     $image = imagecreatefrompng($image_path); 
     imagepng($image); 
    } 

    function generate() { 

     $DB_HOST = "localhost"; 
     $DB_USER = ""; 
     $DB_PASS = ""; 
     $DB_NAME = ""; 

     $user = clean($_GET['user']); 
     $con = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME) or die($con->error); 
     $res = $con->query("SELECT * FROM hs_users WHERE username='$user'"); 

     if($res->num_rows > 0) { 
      header("Content-type: image/png"); 
      getSig($res->fetch_assoc()); 
     } else { 
      header("Content-type: image/png"); 
      $image = imagecreatefrompng('./img/sigbg.png'); 
      $color = imagecolorallocate($image, 255, 255, 255); 
      imagestring($image, 3, 251, 10, 'Invalid User', $color); 
      imagepng($image); 
     } 
    } 
    function getSig($row) { 
     $image = imagecreatefrompng('./img/sigbg.png'); 

     $color = imagecolorallocate($image, 255, 255, 255); 
     $yellow = imagecolorallocate($image, 255, 255, 0); 

     $total = getTotalLevel($row); 
     $combat = getCombatLevel($row); 
     imagestring($image, 5, 250, 10, ''.$row['username'].'', $yellow); 
     imagestring($image, 2, 250, 26, 'Exp: '.number_format($row['overall_xp']).'', $color); 
     imagestring($image, 2, 250, 39, 'Total: '.number_format($total).'', $color); 
     imagestring($image, 2, 250, 51, 'Pernix-Rsps.com ', $color);   
     $array = array("Attack", "Defence", "Strength", "hitpoints", "Range", "Prayer", "Magic", "Cooking", "Woodcutting", "Fletching", "Fishing", "Firemaking", "Crafting", "Smithing", "Mining", "Herblore", "Agility", "Thieving", "Slayer", "Farming", "Runecrafting", "Hunter", "pk", "Summoning", "Dungeoneering"); 

     $baseX = 28; 
     $baseY = 4; 

     foreach ($array as $i => $value) { 
      imagestring($image, 2, $baseX, $baseY, ''.getRealLevel($row[''.strtolower($array[$i]).'_xp'], strtolower($array[$i])).'', $color); 
      $baseY += 15; 
      if ($baseY > 64) { 
       $baseY = 4; 
       $baseX += 45; 
      } 
     } 
     ImagePNG($image, "img/saved_cards/".$row['username'].".png"); 
     imagepng($image); 
    } 



    function getTotalLevel($row) { 
     $total = 0; 
     $array = array("Attack", "Defence", "Strength", "Hitpoints", "Range", "Prayer", "Magic", "Cooking", "Woodcutting", "Fletching", "Fishing", "Firemaking", "Crafting", "Smithing", "Mining", "Herblore", "Agility", "Thieving", "Slayer", "Farming", "Runecrafting", "Hunter", "pk", "Summoning", "Dungeoneering"); 
     foreach ($array as $i => $value) { 
      $skillName = strtolower($array[$i]); 
      $total += getRealLevel($row[$skillName.'_xp'], strtolower($skillName)); 
     } 
     return $total; 
    } 

    function getLevel($exp) { 
     $points = 0; 
     $output = 0; 
     for ($lvl = 1; $lvl <= 99; $lvl++) { 
      $points += floor($lvl + 300.0 * pow(2.0, $lvl/7.0)); 
      $output = (int) floor($points/4); 
      if (($output - 1) >= $exp) { 
       return $lvl; 
      } 
     } 
     return 99; 
    } 

    function getRealLevel($exp, $skill) { 
     $points = 0; 
     $output = 0; 
     $skillId = $skill == "dungeoneering" ? 1 : 0; 
     for ($lvl = 1; $lvl <= ($skillId == 1 ? 120 : 99); $lvl++) { 
      $points += floor($lvl + 300.0 * pow(2.0, $lvl/7.0)); 
      $output = (int) floor($points/4); 
      if (($output - 1) >= $exp) { 
       return $lvl; 
      } 
     } 
     return ($skillId == 1 ? 120 : 99); 
    } 

    function getDungLevel($exp) { 
     $points = 0; 
     $output = 0; 
     for ($lvl = 1; $lvl <= 120; $lvl++) { 
      $points += floor($lvl + 300.0 * pow(2.0, $lvl/7.0)); 
      $output = (int) floor($points/4); 
      if (($output - 1) >= $exp) { 
       return $lvl; 
      } 
     } 
     return 120; 
    } 

    function clean($string) { 
     return preg_replace('/[^A-Za-z0-9 \-]/', '', $string); 
    } 

    function getCombatLevel($row) { 
     $attack = getLevel($row['attack_xp']); 
     $defence = getLevel($row['defence_xp']); 
     $strength = getLevel($row['strength_xp']); 
     $hp = getLevel($row['hitpoints_xp']); 
     $prayer = getLevel($row['prayer_xp']); 
     $ranged = getLevel($row['range_xp']); 
     $magic = getLevel($row['magic_xp']); 
     $combatLevel = (int) (($defence + $hp + floor($prayer/2)) * 0.25) + 1; 
     $melee = ($attack + $strength) * 0.325; 
     $ranger = floor($ranged * 1.5) * 0.325; 
     $mage = floor($magic * 1.5) * 0.325; 

     if ($melee >= $ranger && $melee >= $mage) { 
      $combatLevel += $melee; 
     } else if ($ranger >= $melee && $ranger >= $mage) { 
      $combatLevel += $ranger; 
     } else if ($mage >= $melee && $mage >= $ranger) { 
      $combatLevel += $mage; 
     } 
     return (int)$combatLevel; 
    } 

?>

在進入並在框中submiting的用戶名,它只是需要你到pcard.php沒有圖像正在取得

任何想法

來源

2014-06-11 user3729972

+0

您的代碼非常不安全!不要盲目信任GET或POST參數。在你的頁面中注入HTML和JavaScript非常容易,請檢查谷歌的「XSS」。順便讀一下SQL注入。 – regilero

+0

你想複製runescape?當然看起來像。 – Daan

+0

http://pernix-rsps.com/sig/pcard.php?username=danny&btnsubmit=Submit+Query 需要爲 http://pernix-rsps.com/sig/pcard.php?user=danny – user3729972

回答

3

您在PHP中使用錯誤的字段名稱。在您的形式使用字段名username

<input name="username" ... />

而在你的PHP你試圖讓GET['user']。改變GET['username'],一切都應該工作(獲得價值的部分;))。

來源

2014-06-11 12:21:50

+1

我也可以推薦這個問題的OP,如果您向SoF發佈另一個問題,請不要包含您通過示例運行的代碼。示例如果您的圖像生成代碼完全按照您的需要工作(請參閱單元測試),然後說出它的確如此。如果你的錯誤出現在你沒有包括的代碼中,或者你所做的代碼中,人們將能夠通過閱讀你的前20行代碼來弄清楚。有時它會違揹你,但在這裏它是一個相當好的地方忽略絨毛。 我也可以添加,你的代碼非常糟糕,我建議你在PHP中使用Google OOP。對不起,很粗魯。 – Supernovah

+0

@sven,我也跟着你的上面有一次,我提交表單它給這個 pcard.php?用戶名=丹尼&btnSubmit按鈕=提交+查詢 其彪是 pcard.php?USER =丹尼 – user3729972

+0

@ user3729972然後,只需改變在你的HTML ..''中的字段名爲'user',這個字段的名字就是你的'GET'數組中的關鍵字。 –

相關問題

 相關問題