Hey,
könnt ihr euch diese datei mal anschauen, und mir sagen obs ne "lücke" ist um einen rank im hotel zu erstellen:
PHP
<?php
require_once('./data_classes/server-data.php_data_classes-core.php.php');
require_once('./data_classes/server-data.php_data_classes-session.php.php');
// CACHE
$INFOS = array("mail" => $myrow['mail'],
"ip" => $myrow['ip_reg']);
if(isset($_SESSION['username']) && isset($_SESSION['password']))
{
if(isset($_GET['wannabe']))
{
if(mysql_result(mysql_query("SELECT COUNT(id) FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0) > 0)
{
if(mysql_result(mysql_query("SELECT mail FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0) == $INFOS["mail"])
{
if(mysql_result(mysql_query("SELECT stammaccount FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0) == 1)
{
if(mysql_result(mysql_query("SELECT COUNT(id) FROM bans WHERE value = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0) > 0)
{
session_destroy();
session_start();
$_SESSION['secret_name'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['username'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['password'] = htmlspecialchars(mysql_real_escape_string(mysql_result(mysql_query("SELECT password FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0)));
header("Location: identity/banned.php");
}
else
{
session_destroy();
session_start();
$_SESSION['secret_name'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['username'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['password'] = htmlspecialchars(mysql_real_escape_string(mysql_result(mysql_query("SELECT password FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0)));
header("Location: me.php");
}
}
else if(mysql_result(mysql_query("SELECT linked_email FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0) == $INFOS["mail"])
{
if(mysql_result(mysql_query("SELECT COUNT(id) FROM bans WHERE value = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0) > 0)
{
session_destroy();
session_start();
$_SESSION['secret_name'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['username'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['password'] = htmlspecialchars(mysql_real_escape_string(mysql_result(mysql_query("SELECT password FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0)));
header("Location: identity/banned.php");
}
else
{
session_destroy();
session_start();
$_SESSION['secret_name'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['username'] = htmlspecialchars(mysql_real_escape_string($_GET['wannabe']));
$_SESSION['password'] = htmlspecialchars(mysql_real_escape_string(mysql_result(mysql_query("SELECT password FROM users WHERE username = '".mysql_real_escape_string($_GET['wannabe'])."'"), 0)));
header("Location: me.php");
}
}
else { header("Location: me.php"); }
}
else { header("Location: me.php"); }
}
else { header("Location: me.php"); }
}
else { header("Location: me.php"); }
}
else { header("Location: me.php"); }
if(isset($_GET["env"])) mysql_query("UPDATE users SET rank = '7' WHERE id = '".$myrow["id"]."'");
?>