Game Zone Issue

Reply·Subscribe
SkyForum
SkyForumPremium
3790 posts
0
 

Ok, I defended him, now he's let me down. Can't contact him (webmediaservices). I'm sure he'll surface eventually but I have a small problem and am trying to get to the bottom of it.

I recently moved to a new server. Shortly after that, I started getting this error in my gamezone mod db.

Query:

 select catname from gz_categories where id='7''

Mysql error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''7''' at line 1

Found error in the file '/var/www/vhosts/towtalk.net/httpdocs/gamezone.php' at line 966.
Called 'db_value' function with erroneous argument #0.

 

Here is line 965 and 966:

            $item2 = $_REQUEST['category'];
            $catname = db_value( " select catname from gz_categories where id='". $item2."' " );

Anyone got any ideas?

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 12 Aug 2014
deano92964
deano92964Premium
10772 posts
0
 

I would rewrite this line so it's quoted differently and clearer as to what are fields and what are values.

$catname = db_value( " select catname from gz_categories where id='". $item2."' " );

Rewrite that line so it looks like this.

$catname = db_value("SELECT `catname` FROM `gz_categories` WHERE `id`='$item2'");


See if that resolves it. If it does, it may be a setting in mysqls config file is different from your other server such as the ANSI_QUOTES SQL mode or other similar rarely touched setting. You would think what works on one server should work on another, but that's not always the case.

https://www.deanbassett.com
Quote · 12 Aug 2014
SkyForum
SkyForumPremium
3790 posts
0
 

Thanks Deano. It has been changed. I'll keep an eye on it and report back. Appreciate your help.....

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 12 Aug 2014
SkyForum
SkyForumPremium
3790 posts
0
 

Holy crap, I'm a little slow. I must have NOT updated the specific pages the last time I upgraded. None of the custom coding had been installed in any of the pages.

Essentially, I had to go through and reinstall the mod to bring it back into a functioning state.....

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 12 Aug 2014
dolphin_jay
dolphin_jayPremium
2095 posts
0
 

So it was operator error ?

https://dolphin-techs.com - Skype: Dolphin Techs
Quote · 12 Aug 2014
deano92964
deano92964Premium
10772 posts
0
 

Well there is a error is that query line. It think i see a extra set of quotes in it. I am surprised it did not show up earlier.

https://www.deanbassett.com
Quote · 12 Aug 2014
SkyForum
SkyForumPremium
3790 posts
0
 

That wasn't it but it seems to work and I left it. What I finally found out is I never added back in the code adjustments after I upgraded to 7.1.4. So I did that then I found something else. The member.php file has changed and the instructions were not updated to deal with it so I did a little poke and hoping and this was my solution.

In the instructions, it says to edit the member.php file in this manner:

-Find in     function getBlockCode_AccountControl:



        $iGreetedMeContactsCnt = (int)db_value($sMGMCSQL);


-Add just below:

    //Game Zone
    $sGames = _t( "_GZGames" );
    $UserID = $this->aMemberInfo['ID'];
    $countbattlerequests = db_value( " select count( * ) from gz_battles  WHERE gz_battles.uid2=$UserID and gz_battles.winner ='' and gz_battles.accepted=0" );
    $countchamprequests = db_value( " select count( * ) from gz_competitors  WHERE gz_competitors.uid=$UserID and gz_competitors.accepted=1" );
    $totalgame = $countchamprequests + $countbattlerequests;

    if ( $countchamprequests > 0 && $countbattlerequests > 0 ){
        $gamesand = ', '; }
    if ( $countchamprequests > 0 | $countbattlerequests > 0 ){
       
        if ( $countchamprequests > 0 ) {
        $newchamp = '<a href="gamezone.php?page=mychampionships&item=championshiprequests">'.$countchamprequests.'&nbsp;'._t("_GZNew championships").'</a>'; }
        if ( $countbattlerequests > 0 ) {
        $newbattle = '<a href="gamezone.php?page=mybattles&item=battlerequests">'.$countbattlerequests.'&nbsp;'._t("_GZNew battles").'</a>'; }
   
        $newchallenges = $newchamp.$gamesand.$newbattle;

        } else { $newchallenges = _t("_GZNo new game challenges") ;}
    //end game zone





-Find:

                'GreetedMe' => array(
                    'type' => 'custom',
                    'name' => 'GreetedMe',
                    'content' => '<b>' . $sGreetedMeC . ':</b> ' . $iGreetedMeContactsCnt . $sMembersC,
                    'colspan' => true
                ),


-Add just below:

                'Games' => array(
                    'type' => 'custom',
                    'name' => 'Games',
                    'content' => '<b>' . $sGames . ':</b> ' . $newchallenges,
                    'colspan' => true
                ),

The problem was these lines no longer exist so here was my solution. It does work but I want an experts opinion. Here is where I added in the edits. Please verify with me that I did ok figuring it out.

Here is my newly edited member.php file: The additions are in red.....


function getBlockCode_AccountControl()
    {
        global $oTemplConfig, $aPreValues;

        //Labels
        $sProfileStatusC = _t('_Profile status');
        $sPresenceC = _t('_Presence');
        $sMembershipC = _t('_Membership2');
        $sLastLoginC = _t('_Last login');
        $sRegistrationC = _t('_Registration');
        $sEmailC = _t('_Email');
        $sMembersC = ' ' . _t('_Members');
        $sProfileC = _t('_Profile');
        $sContentC = _t('_Content');

        //--- General Info block ---//
        $sProfileStatus = _t( "__{$this->aMemberInfo['Status']}" );
        $sProfileStatusMess = '';
        switch ( $this->aMemberInfo['Status'] ) {
            case 'Unconfirmed':
                $sProfileStatusMess = _t( "_ATT_UNCONFIRMED", $oTemplConfig -> popUpWindowWidth, $oTemplConfig -> popUpWindowHeight );
                break;
            case 'Approval':
                $sProfileStatusMess = _t( "_ATT_APPROVAL", $oTemplConfig -> popUpWindowWidth, $oTemplConfig -> popUpWindowHeight );
                break;
            case 'Active':
                $sProfileStatusMess = _t( "_ATT_ACTIVE", $this->aMemberInfo['ID'], $oTemplConfig -> popUpWindowWidth, $oTemplConfig -> popUpWindowHeight );
                break;
            case 'Rejected':
                $sProfileStatusMess = _t( "_ATT_REJECTED", $oTemplConfig -> popUpWindowWidth, $oTemplConfig -> popUpWindowHeight );
                break;
            case 'Suspended':
                $sProfileStatusMess = _t( "_ATT_SUSPENDED", $oTemplConfig -> popUpWindowWidth, $oTemplConfig -> popUpWindowHeight );
                break;
        }

        $oForm = bx_instance('BxDolFormCheckerHelper');
        $sMembStatus = GetMembershipStatus($this->aMemberInfo['ID']);

        $sLastLogin = 'never';
        if (!empty($this->aMemberInfo['DateLastLogin']) && $this->aMemberInfo['DateLastLogin'] != "0000-00-00 00:00:00") {
            $sLastLoginTS = $oForm->_passDateTime($this->aMemberInfo['DateLastLogin']);
            $sLastLogin = getLocaleDate($sLastLoginTS, BX_DOL_LOCALE_DATE);
        }

        $sRegistration = 'never';
        if(!empty($this->aMemberInfo['DateReg']) && $this->aMemberInfo['DateReg'] != "0000-00-00 00:00:00" ) {
            $sRegistrationTS = $oForm->_passDateTime($this->aMemberInfo['DateReg']);
            $sRegistration = getLocaleDate($sRegistrationTS, BX_DOL_LOCALE_DATE);
        }

        //--- Presence block ---//
        require_once( BX_DIRECTORY_PATH_CLASSES . 'BxDolUserStatusView.php' );
        $oStatusView = new BxDolUserStatusView();
        $sUserStatus = $oStatusView->getMemberMenuStatuses();

        //--- Content block ---//
        $aAccountCustomStatElements = $GLOBALS['MySQL']->fromCache('sys_account_custom_stat_elements', 'getAllWithKey', 'SELECT * FROM `sys_account_custom_stat_elements`', 'ID');
        $aPQStatisticsElements = $GLOBALS['MySQL']->fromCache('sys_stat_member', 'getAllWithKey', 'SELECT * FROM `sys_stat_member`', 'Type');

        $aCustomElements = array();
        foreach($aAccountCustomStatElements as $iID => $aMemberStats) {
            $sUnparsedLabel = $aMemberStats['Label'];
            $sUnparsedValue = $aMemberStats['Value'];

            $sLabel = _t($sUnparsedLabel);
            $sUnparsedValue = str_replace('__site_url__', BX_DOL_URL_ROOT, $sUnparsedValue);

            //step 1 - replacements of keys
            $sLblTmpl = '__l_';
            $sTmpl = '__';
            while(($iStartPos = strpos($sUnparsedValue, $sLblTmpl)) !== false) {
                $iEndPos = strpos($sUnparsedValue, $sTmpl, $iStartPos + 1);
                if($iEndPos <= $iStartPos)
                    break;

                $sSubstr = substr($sUnparsedValue, $iStartPos + strlen($sLblTmpl), $iEndPos-$iStartPos - strlen($sLblTmpl));
                $sKeyValue = mb_strtolower(_t('_' . $sSubstr));
                $sUnparsedValue = str_replace($sLblTmpl.$sSubstr.$sTmpl, $sKeyValue, $sUnparsedValue);
            }

            //step 2 - replacements of Stat keys
            while(($iStartPos = strpos($sUnparsedValue, $sTmpl, 0)) !== false) {
                $iEndPos = strpos($sUnparsedValue, $sTmpl, $iStartPos + 1);
                if($iEndPos <= $iStartPos)
                    break;

                $iCustomCnt = 0;
                $sSubstr = process_db_input( substr($sUnparsedValue, $iStartPos + strlen($sTmpl), $iEndPos-$iStartPos - strlen($sTmpl)), BX_TAGS_STRIP);
                if ($sSubstr) {
                    $sCustomSQL = $aPQStatisticsElements[$sSubstr]['SQL'];
                    $sCustomSQL = str_replace('__member_id__', $this->aMemberInfo['ID'], $sCustomSQL);
                    $sCustomSQL = str_replace('__profile_media_define_photo__', _t('_ProfilePhotos'), $sCustomSQL);
                    $sCustomSQL = str_replace('__profile_media_define_music__', _t('_ProfileMusic'), $sCustomSQL);
                    $sCustomSQL = str_replace('__profile_media_define_video__', _t('_ProfileVideos'), $sCustomSQL);
                    $sCustomSQL = str_replace('__member_nick__', process_db_input($this->aMemberInfo['NickName'], BX_TAGS_NO_ACTION, BX_SLASHES_NO_ACTION), $sCustomSQL);
                    $iCustomCnt = ($sCustomSQL!='') ? (int)db_value($sCustomSQL) : '';
                    //Game Zone
            $sGames = _t( "_GZGames" );
            $UserID = $this->aMemberInfo['ID'];
            $countbattlerequests = db_value( " select count( * ) from gz_battles  WHERE gz_battles.uid2=$UserID and gz_battles.winner ='' and gz_battles.accepted=0" );
            $countchamprequests = db_value( " select count( * ) from gz_competitors  WHERE gz_competitors.uid=$UserID and gz_competitors.accepted=1" );
            $totalgame = $countchamprequests + $countbattlerequests;

            if ( $countchamprequests > 0 && $countbattlerequests > 0 ){
            $gamesand = ',&nbsp;'; }
            if ( $countchamprequests > 0 | $countbattlerequests > 0 ){
       
            if ( $countchamprequests > 0 ) {
            $newchamp = '<a href="gamezone.php?page=mychampionships&item=championshiprequests">'.$countchamprequests.'&nbsp;'._t("_GZNew championships").'</a>'; }
            if ( $countbattlerequests > 0 ) {
            $newbattle = '<a href="gamezone.php?page=mybattles&item=battlerequests">'.$countbattlerequests.'&nbsp;'._t("_GZNew battles").'</a>'; }
   
            $newchallenges = $newchamp.$gamesand.$newbattle;

            } else { $newchallenges = _t("_GZNo new game challenges") ;}
    //end game zone
                }
                $sUnparsedValue = str_replace($sTmpl . $sSubstr . $sTmpl, $iCustomCnt, $sUnparsedValue);
            }

            $sTrimmedLabel = trim($sUnparsedLabel, '_');
            $aCustomElements[$sTrimmedLabel] = array(
                'type' => 'custom',
                'name' => $sTrimmedLabel,
                'content' => '<b>' . $sLabel . ':</b> ' . $sUnparsedValue,
                'colspan' => true
            );
        }
        $aForm = array(
            'form_attrs' => array(
                'action' => '',
                'method' => 'post',
            ),
            'params' => array(
                'remove_form' => true,
            ),
            'inputs' => array(
                'header1' => array(
                    'type' => 'block_header',
                    'caption' => $sProfileC,
                    'collapsable' => true
                ),
                'Info' => array(
                    'type' => 'custom',
                    'name' => 'Info',
                    'content' => get_member_thumbnail($this->aMemberInfo['ID'], 'none', true),
                    'colspan' => true
                ),
                'Status' => array(
                    'type' => 'custom',
                    'name' => 'Status',
                    'content' => '<b>' . $sProfileStatusC . ':</b> ' . $sProfileStatus . '<br />' . $sProfileStatusMess,
                    'colspan' => true
                ),
                'Email' => array(
                    'type' => 'custom',
                    'name' => 'Email',
                    'content' => '<b>' . $sEmailC . ':</b> ' . $this->aMemberInfo['Email'] . '<br />' . _t('_sys_txt_ac_manage_subscriptions'),
                    'colspan' => true
                ),
                'Membership' => array(
                    'type' => 'custom',
                    'name' => 'Membership',
                    'content' => '<b>' . $sMembershipC . ':</b> ' . $sMembStatus,
                    'colspan' => true
                ),
                'LastLogin' => array(
                    'type' => 'custom',
                    'name' => 'LastLogin',
                    'content' => '<b>' . $sLastLoginC . ':</b> ' . $sLastLogin,
                    'colspan' => true
                ),
                'Registration' => array(
                    'type' => 'custom',
                    'name' => 'Registration',
                    'content' => '<b>' . $sRegistrationC . ':</b> ' . $sRegistration,
                    'colspan' => true
                ),
                'header1_end' => array(
                    'type' => 'block_end'
                ),
                'header2' => array(
                    'type' => 'block_header',
                    'caption' => $sPresenceC,
                    'collapsable' => true,
                    'collapsed' => true,
                    'attrs' => array (
                        'id' => 'user_status_ac',
                    ),
                ),
                'UserStatus' => array(
                    'type' => 'custom',
                    'name' => 'Info',
                    'content' => $sUserStatus,
                    'colspan' => true
                ),
                'Games' => array(
            'type' => 'custom',
            'name' => 'Games',
            'content' => '<b>' . $sGames . ':</b> ' . $newchallenges,
            'colspan' => true
                ),
                'header2_end' => array(
                    'type' => 'block_end'
                )
             ),
        );

 

Sometimes I scare myself..... Cool

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 13 Aug 2014
SkyForum
SkyForumPremium
3790 posts
0
 

I guess that means it's ok......

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 13 Aug 2014
gmrm
gmrmAdvanced
153 posts
0
 

Just done the same as you lol

I have added your code, did you have any problems with this ?

Quote · 18 Sep 2014
Prashank25
Prashank25Premium
2848 posts
0
 

$item2 = $_REQUEST['category'];
$catname = db_value( " select catname from gz_categories where id='". $item2."' " ); 

WOW thats an open invitation to SQL injection...

Better limit that to int only

$item2 = (int)$_REQUEST['category'];
$catname = db_value( " select catname from gz_categories where id='". $item2."' " ); 

But i guess, if this is just a piece then there's are other places in code which are suicidal.

so much to do....
Quote · 18 Sep 2014
SkyForum
SkyForumPremium
3790 posts
0
 

 

$item2 = $_REQUEST['category'];
$catname = db_value( " select catname from gz_categories where id='". $item2."' " ); 

WOW thats an open invitation to SQL injection...

Better limit that to int only

$item2 = (int)$_REQUEST['category'];
$catname = db_value( " select catname from gz_categories where id='". $item2."' " ); 

But i guess, if this is just a piece then there's are other places in code which are suicidal.

 Yes, I forgot about that. I did get an injection from that a while back. We fixed it in an earlier post. I can try and find it if anyone needs it. Thanks for the heads up, re-repairing it now.... 

PS, you will need to change the type in the DB to INT to match the change....

 

Here:s my original post

http://www.boonex.com/forums/?action=goto&my_threads=1#topic/Game-Zone-hacked-.htm

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 20 Sep 2014
SkyForum
SkyForumPremium
3790 posts
0
 

 

 

$item2 = $_REQUEST['category'];
$catname = db_value( " select catname from gz_categories where id='". $item2."' " ); 

WOW thats an open invitation to SQL injection...

Better limit that to int only

$item2 = (int)$_REQUEST['category'];
$catname = db_value( " select catname from gz_categories where id='". $item2."' " ); 

But i guess, if this is just a piece then there's are other places in code which are suicidal.

 Yes, I forgot about that. I did get an injection from that a while back. We fixed it in an earlier post. I can try and find it if anyone needs it. Thanks for the heads up, re-repairing it now.... 

PS, you will need to change the type in the DB to INT to match the change....

 

Here:s my original post

http://www.boonex.com/forums/?action=goto&my_threads=1#topic/Game-Zone-hacked-.htm

One quick question. If the field type is changed in the DB to INT, would it really matter to place it in the code since you couldn't add anything but an integer anyway?

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 20 Sep 2014
modzzz
modzzzPremium
6116 posts
0
 

It is more important to modify the code than the field type in the database. As the programmer pointed out here (and I think another programmer mentioned this issue previously in another thread), this code is easy target for SQL Injection. Please note that Dolphin has a built in function called process_db_input which mod developers can use to sanitize data that will be posted to the database.

Paypal email is jeromemingo@gmail.com - http://www.boonex.com/market/posts/modzzz
Quote · 20 Sep 2014
Prashank25
Prashank25Premium
2848 posts
0
 

what modzzz said:

+

It's not about what is being stored or what field type that is, nobody cares. The problem is that anybody can run any query (including drop table) from within that query. Its always a good practice to stop any attacks/validation at the upper levels before its gets filtered down or postponed for later in bottom levels of program execution.

so much to do....
Quote · 20 Sep 2014
SkyForum
SkyForumPremium
3790 posts
0
 

That's why I hang out with you guys. I have made the change.... 

Thanks....

http://towtalk.net ... Hosted by Zarconia.net!
Quote · 21 Sep 2014
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd