0

Hi, i need help, who knows and wants to help me with a problem I would greatly appreciate.

I downloaded a page to my site I instalato and work well only have one problem, anyone can access any without having to login, and must do so to be able to access only after being logged.

The page whit problem:

<!-- content -->
> <div id="content">
> <div class="boxui box-top"></div>
> <div class="boxui box-con">
> <?PHP include("./conectare/slide.php"); ?>      
> <div class="boxui box-end"></div>
> </div
> <br>
> 
> 
> <div class="boxui box-title">
> <span class="title-icon icon-status"></span>
> <h2><b>loguri accesari cont</b></a></h2></div>
> <div class="boxui box-con"><div class="wrap"><p>
> 
>                         <?php
>                       
> echo '<div align="center" style="margin-bottom: 10px; background: #FFF; padding: 6px; height:auto; border: 1px solid #c8c8c8; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px;">';
> echo '        <table border="1" bordercolor="FFCC00" style="background-color:FFFFCC" width="400" cellpadding="3" cellspacing="3">
> <thead>
> <td> id cont</td>
> <td> status logare</td>
> <td> ch</td>
> <td> info logare</td>
> <td> info delogare</td>
> <td> id pc</td>
> </thead>
> ';
>                   
>                   $id = $_SESSION['id'];
>                       mysql_select_db("account");
>                       $sql = mysql_query("SELECT * FROM `account` WHERE `login` = '" . $id . "'") or die (mysql_error());
>                       $row2 = mysql_fetch_array($sql);
>                       $idnou = $row2['id'];
>                       mysql_select_db("log");
>    $SQL = mysql_query("SELECT * FROM `loginlog2` WHERE `account_id` = '" . $idnou . "' ORDER BY `login_time` DESC") or die (mysql_error()); //gata merge:) nu ai date inca in baza de date :))
>      $x1 = 0;$afisari = 25;
>      while(($row = mysql_fetch_array($SQL)) && ($afisari > 0))
>                         {
> 
> echo '
> 
>   <tr>
>       <td> '. $row["account_id"]. ' </td>
>       <td> '. $row["type"]. ' </td>
>       <td> '. $row["channel"]. ' </td>
>       <td> '. $row["login_time"]. ' </td>
>       <td> '. $row["logout_time"]. ' </td>
>       <td> '. $row["ip"]. ' </td>
>   </tr>
>   ';
> 
>                             $x1++;$afisari--;
>                         }
>                         if($x1 == 0)
>                         {
>                           echo "<tr><td>Nu avem destule date in baza de date pentru a genera aceasta informatie!</td><td></td></tr>";
>                         }
>                       
>                   echo '  </table>
>                           </div>';
>                       
> 
>                         ?>
>                       <br>
> 
>       <div class="meta"></div></div></div>
>               <div class="boxui box-end"></div>     
>               <!-- news post -->
> 
> 
> </p>
> 
> 
>   
>   <div style="margin-bottom: 10px; background: #FFF; padding: 6px; height:auto; border: 1px solid #c8c8c8; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px;">
>    Aici se pot vedea loguri referitoare la ultimele logari in joc.
> <br><br>
> 
> Daca la "<u>Stare</u>" apare <u>"INVALID</u>", inseamna ca logarea a fost esuata sau clientul a fost inchis fara a se face delogare.
> </div>
> 
> 
>             
>       </div>
>       <!-- end content -->

and look at a page that runs on login:

> <div id="content">
> <div class="boxui box-top"></div>
> <div class="boxui box-con">
> <?PHP include("./conectare/slide.php"); ?>      
> <div class="boxui box-end"></div></div>
>   
> <div class="boxui box-title"><span class="title-icon icon-status"></span>
> <h2>listarea caracterelor</a></h2>
> </div><div class="boxui box-con"><div class="wrap"><p><span class="news-content">
> 
> <div style="margin-bottom: 0px; background: #FFF; padding: 6px; height:auto; border: 1px solid #c8c8c8; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px;">
> 
> <?PHP
> 
> if(isset($_SESSION['user_id']) && checkInt($_SESSION['user_id']) && $_SESSION['user_id']>=0) {
>  
> echo"<br/>";
> $cmdChars = "SELECT player.id,player.name,player.job,player.level,player.playtime,guild.name AS guild_name
> FROM player.player
> LEFT JOIN player.guild_member 
> ON guild_member.pid=player.id 
> LEFT JOIN player.guild 
> ON guild.id=guild_member.guild_id
> WHERE player.account_id='".$_SESSION['user_id']."'";
> $qryChars = mysql_query($cmdChars,$sqlServ);
> $x=0;
> echo'<table>
> 
> <tr>
> <th class="topLine">    Caracter               </th>
> <th class="topLine">Rasă            </th>
> <th class="topLine">Nivel          </th>
> <th class="topLine">Timp joc             </th>
> <th class="topLine">Breaslă          </th>
> <th class="topLine">   </th></tr>';
> 
> while($getChars = mysql_fetch_object($qryChars)) {
> $zF = ($x%2==0) ? "tdunkel" : "thell";
> echo'<tr>
> <td class="'.$zF.'">     <a href="?s=debugare&char='.$getChars->id.'" title="Deblocare caracter">'.$getChars->name.'</a></td>
> <td class="'.$zF.'"> '.$aRassen[$getChars->job].'</td>
> <td class="'.$zF.'"> '.$getChars->level.'</td>
> <td class="'.$zF.'"> '.$getChars->playtime.' Minute</td>
> <td class="'.$zF.'"> '.$getChars->guild_name.'</td>
> 
> </td>
> </tr>';
> $x++;
> }
> echo'</table>';
> echo" <br/><br/>";
> }
>   else {
>     echo' <center><p class="meldung">You must be logged in to access this page</p></center>';
>   }
>   
> ?>
> 
> </div><br>
> <div class="meta"></div></div></div>
> <div class="boxui box-end"></div></div>

What all you need to add that it can not be accessed whitout login.
or if someone kindly modify my code it.Thank you!

3
Contributors
14
Replies
15
Views
4 Years
Discussion Span
Last Post by diafol
0

@cristian.stilpeanu.1

What all you need to add that it can not be accessed whitout login. or if someone kindly modify my code it.

What error appear when you ran this code, since you are using JOIN in your query then must have be at least an error?

0

Add session protection. If user logged in - search for $_SESSION['user_id'] or whatever you're using.

0

this discussion appears in google search words of my pages and i don't want to see the people my code, please. Thank you!

Edited by cristian.stilpeanu.1

0

@cristian.stilpeanu.1

this discussion appears in google search words of my pages and i don't want to see the people my code, please. Thank you!

The question you ask is weird. I mean you have to understand when you post anything on the web it will appear sooner or later on google. You can't prevent that from happening.

0

DW has a general policy not to delete posts, especially when there have been replies to it. If you want to PM me with further info and a reason why this needs to happen, feel free, perhaps I could advise you further.

Edited by diafol

0

.... sad

I'm afraid that's the size of it. If you could outline the issue in a PM perhaps?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.