Jump to content

Recommended Posts

Posted

Hey guys please before adding some "cool" features on your website like " online players " status think about some things

 

i am talking about all kind of those scipts that you have to connect your database and mysql so better not add em

 

chek out here the code

 

<?php
//first you need to define db info
  define('mySQL_hostname', '127.0.0.1');  //database IP
  define('mySQL_database', 'Database');  //database name
  define('mySQL_username', 'User');  //database user
  define('mySQL_password', 'Pass');  //database password

//connects to mysql
  $db_link = mysql_pconnect( mySQL_hostname, mySQL_username, mySQL_password )
    or die( 'Error connecting to mysql<br><br>'.mysql_error() );

//connects to Database
  $db_select = mysql_select_db( mySQL_database, $db_link )
    or die( 'Error connecting to Database<br><br>'.mysql_error() );

//selects desired table
   $chars=mysql_query("SELECT * FROM characters");

//tells how much rows are there (will come helpfull with while loops)
   $rows =mysql_numrows($characters);

   $i=0;
   $x=0;

//while $i is smaller than number of rows repeat the code
   while ($i < $rows) {
    $online=mysql_result($chars,$i,"online"); //looks into characters table, under column online(if player is online its "0" else "1"), at row $i
    if ($online == 1) { $x++; } // if column online at row $i is "1", increase $x
    $i++; //increase $i
    }
   print 'Online players:<em>'.$x.'<em>'; //prints out the $x number of players online

 

 

see?

 

watch the five first lines

 

<?php
//first you need to define db info
  define('mySQL_hostname', '127.0.0.1');  //database IP
  define('mySQL_database', 'Database');  //database name
  define('mySQL_username', 'User');  //database user
  define('mySQL_password', 'Pass');  //database password

 

 

everyone can easily view your passwords , just by pressing right click on the site and then view source !!

 

 

Always watch shits like that

Posted

lolz... ur wrong.. u cant view content of config.php with simple right click... only if u hack it but still its not easy at all (personaly i have spend like nights and nights to hack it but never made it.. im not any pro hacker or anything tho so i dont know..).. secondly... u can easily make a mysql account that will connect to database only from specific ip.. so even IF others get these infos.. they wont do shit!... please research a lil better before u post such stuff :/  ::)

Posted

Ive indeed never been able to see php scripts from sites by 'view source', and few site rippers can neither (I see many ripped sites at shares that just have copied stats instead of the real php stats scripts) so I'm not sure about this; but if you say you are sure of it at least thanks for the warning :)

Posted

lolz... ur wrong.. u cant view content of config.php with simple right click... only if u hack it but still its not easy at all.. secondly... u can easily make a mysql account that will connect to database only from specific ip.. so even IF others get these infos.. they wont do shit!... please research a lil better before u post such stuff :/  ::)

yeye maybe u are right (thats what they said me)

but it surely is unsafe

Posted

lolz... ur wrong.. u cant view content of config.php with simple right click... only if u hack it but still its not easy at all.. secondly... u can easily make a mysql account that will connect to database only from specific ip.. so even IF others get these infos.. they wont do shit!... please research a lil better before u post such stuff :/  ::)

In addition, you can create another user with limited privileges.

 

 

everyone can easily view your passwords , just by pressing right click on the site and then view source !!

Seriously now, have you tried that?

 

It's a fact that you can't view the php code unless you have ftp/root access.

 

 

but it surely is unsafe

?!?!?!
Posted

its kinda true that its unsafe but only if the php scripts is reallyyy badly coded.. but generaly its almost impossible for someone to hack your server from a php .. but just for the 1 in a trillion chance possibility someone get this info.. u can just make sure its useless (restrict ip or set read-only privillages like Hax0r said)

Posted

Well, i downloaded such RIP sites from here and some of them had PHP scripts that was working. I guess i will take a look on them :D

Probably because these scripts can be found everywhere. I'm pretty sure there won't be any password...
Posted

useless topic.

 

You cannot read any php script by pressing "view the source", you'll see only the product of what the php script is there for.

 

Closed.

Posted

Unlocked

 

the only unsafe in the php scripts i've seen in mxc is none of them contains a mysql_real_escape_string() so its pretty easy to fuck it up if you are good in these things...

 

locked

Guest
This topic is now closed to further replies.
×
×
  • Create New...