PDA

View Full Version : SQL PHP Help needed "urgent"

TheSupportForum
01-23-2010, 08:41 PM
i have this statement in a php file but keeps throwing up some error can someon eplease look over this code and get back to me with any morrections needed



$sql = "INSERT INTO `list` SET ";
$sql .= "`stamp`='" . sql_escape_string($stamp) . "', ";
$sql .= "`ip`='" . sql_escape_string($ip) . "', ";
$sql .= "`type`='" . sql_escape_string($type) . "', ";
$sql .= "`threat`='" . sql_escape_string($threat) . "', ";
$sql .= "`datetime`=now() ";
$r = sql_command($sql);
if ($r == 1) {
########################################
# good insertion, get record id number #
########################################
$id = sql_insert_id("list", "id");
return $id;
}

function sql_command ($sql) {
if (mysql_query($sql)) return mysql_affected_rows();
return -1;
}

function sql_insert_id($table, $field) {
return mysql_insert_id();
}

function sql_escape_string ($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
return $string;
}


thank you
Marco van Herwaarden
01-25-2010, 01:41 PM
It would help a lot of you would opst the error message and the linenumber on which it occurs.
TheSupportForum
01-25-2010, 02:38 PM
this is the full code i used in the php plugin



/*
Script Name: Simple PHP http:BL implementation
Description: Simple script to check an IP against Project Honey Pot's database and let only legitimate users access your script
*/
if ($vbulletin->options['pro_honey_active']){
if ($_COOKIE['notabot']) {
ozh_httpbl_logme(false, $_SERVER['REMOTE_ADDR']);
} else {
ozh_httpbl_check();
}
}
function ozh_httpbl_check() {
global $vbulletin;
$apikey = $vbulletin->options[pro_honey_api];
// IP to test
$ip = $_SERVER['REMOTE_ADDR'];
// build the lookup DNS query
// Example : for '127.9.1.2' you should query 'abcdefghijkl.2.1.9.127.dnsbl.httpbl.org'
$lookup = $apikey . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org';

// check query response
$result = explode( '.', gethostbyname($lookup));

if ($result[0] == 127) {
// query successful !
$activity = $result[1];
$threat = $result[2];
$type = $result[3];

if ($type & 0) $typemeaning .= 'Search Engine, ';
if ($type & 1) $typemeaning .= 'Suspicious, ';
if ($type & 2) $typemeaning .= 'Harvester, ';
if ($type & 4) $typemeaning .= 'Comment Spammer, ';
$typemeaning = trim($typemeaning,', ');

// echo "$type : $typemeaning of level $threat ";

// Now determine some blocking policy
if (
($type >= 4 && $threat > 0) // Comment spammer with any threat level
||
($type < 4 && $threat > 20) // Other types, with threat level greater than 20
) {
$block = true;
}

if ($block) {
ozh_httpbl_logme($block,$ip,$type,$threat,$activit y);
ozh_httpbl_blockme();
die();
}

}
}

function ozh_httpbl_logme($block = false, $ip='', $type='',$threat='',$activity='') {

);
$stamp = date('d-m-Y :: H-i$sql = "INSERT INTO `list` SET ";
$sql .= "`stamp`='" . sql_escape_string($stamp) . "', ";
$sql .= "`ip`='" . sql_escape_string($ip) . "', ";
$sql .= "`type`='" . sql_escape_string($type) . "', ";
$sql .= "`threat`='" . sql_escape_string($threat) . "', ";
$sql .= "`datetime`=now() ";
$r = sql_command($sql);
if ($r == 1) {
########################################
# good insertion, get record id number #
########################################
$id = sql_insert_id("list", "id");
return $id;
}

function sql_command ($sql) {
if (mysql_query($sql)) return mysql_affected_rows();
return -1;
}

function sql_insert_id($table, $field) {
return mysql_insert_id();
}

function sql_escape_string ($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
return $string;
}-s');

// Some stuff you could log for further analysis
$page = $_SERVER['REQUEST_URI'];
$ua = $_SERVER["HTTP_USER_AGENT"];

if ($block) {
fputs($log,"$stamp :: BLOCKED $ip :: $type :: $threat :: $activity :: $page :: $ua\n");
} else {
fputs($log,"$stamp :: UNBLCKD $ip :: $page :: $ua\n");
}
fclose($log);
}
function ozh_httpbl_blockme() {
header('HTTP/1.0 403 Forbidden');
echo <<<HTML
<script type="text/javascript">
function setcookie( name, value, expires, path, domain, secure ) {
// set time, it's in milliseconds
var today = new Date();
today.setTime( today.getTime() );

if ( expires ) {
expires = expires * 1000 * 60 * 60 * 24;
}
var expires_date = new Date( today.getTime() + (expires) );

document.cookie = name + "=" +escape( value ) +
( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
}
function letmein() {
setcookie('notabot','true',1,'/', '', '');
location.reload(true);
}
</script>
<h1>Forbidden</h1>
<p>Sorry. You are using a suspicious IP.</p>
<p>Your IP address has been listed at <a href="http://www.projecthoneypot.org">http://www.projecthoneypot.org</a></p>
<p>If you <strong>ARE NOT</strong> a bot of any kind, please <a href="javascript:letmein()">click here</a> to access the page. Sorry for this !</p>
HTML;
}




the error i get is


Parse error: syntax error, unexpected ')' in /public_html/includes/functions.php(6505) : eval()'d code on line 73

plugin is set to
global_complete
Lynne
01-25-2010, 03:09 PM
This line doesn't look correct:
$stamp = date('d-m-Y :: H-i$sql = "INSERT INTO `list` SET ";
TheSupportForum
01-25-2010, 03:39 PM
This line doesn't look correct:
$stamp = date('d-m-Y :: H-i$sql = "INSERT INTO `list` SET ";


i have now corrected the php plugin code to this




/*
Script Name: Simple PHP http:BL implementation
Description: Simple script to check an IP against Project Honey Pot's database and let only legitimate users access your script
*/
if ($vbulletin->options['pro_honey_active']){
if ($_COOKIE['notabot']) {
ozh_httpbl_logme(false, $_SERVER['REMOTE_ADDR']);
} else {
ozh_httpbl_check();
}
}
function ozh_httpbl_check() {
global $vbulletin;
$apikey = $vbulletin->options[pro_honey_api];
// IP to test
$ip = "94.102.63.90";
// build the lookup DNS query
// Example : for '127.9.1.2' you should query 'abcdefghijkl.2.1.9.127.dnsbl.httpbl.org'
$lookup = $apikey . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org';

// check query response
$result = explode( '.', gethostbyname($lookup));

if ($result[0] == 127) {
// query successful !
$activity = $result[1];
$threat = $result[2];
$type = $result[3];

if ($type & 0) $typemeaning .= 'Search Engine, ';
if ($type & 1) $typemeaning .= 'Suspicious, ';
if ($type & 2) $typemeaning .= 'Harvester, ';
if ($type & 4) $typemeaning .= 'Comment Spammer, ';
$typemeaning = trim($typemeaning,', ');

// echo "$type : $typemeaning of level $threat ";

// Now determine some blocking policy
if (
($type >= 4 && $threat > 0) // Comment spammer with any threat level
||
($type < 4 && $threat > 20) // Other types, with threat level greater than 20
) {
$block = true;
}

if ($block) {
ozh_httpbl_logme($block,$ip,$type,$threat,$activit y);
ozh_httpbl_blockme();
die();
}

}
}
function ozh_httpbl_logme($block = false, $ip='', $type='',$threat='',$activity='') {
$sql = "INSERT INTO `list` SET ";
$sql .= "`stamp`='" . sql_escape_string($stamp) . "', ";
$sql .= "`ip`='" . sql_escape_string($ip) . "', ";
$sql .= "`type`='" . sql_escape_string($type) . "', ";
$sql .= "`threat`='" . sql_escape_string($threat) . "', ";
$sql .= "`datetime`=now()";
$r = sql_command($sql);
if ($r == 1) {
########################################
# good insertion, get record id number #
########################################
$id = sql_insert_id("list", "id");
return $id;
}
function sql_command ($sql) {
if (mysql_query($sql)) return mysql_affected_rows();
return -1;
}
function sql_insert_id($table, $field) {
return mysql_insert_id();
}
function sql_escape_string ($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
return $string;
}

// Some stuff you could log for further analysis
$page = $_SERVER['REQUEST_URI'];
$ua = $_SERVER["HTTP_USER_AGENT"];

if ($block) {
fputs($log,"$stamp :: BLOCKED $ip :: $type :: $threat :: $activity :: $page :: $ua\n");
} else {
fputs($log,"$stamp :: UNBLCKD $ip :: $page :: $ua\n");
}
fclose($log);
}
function ozh_httpbl_blockme() {
header('HTTP/1.0 403 Forbidden');
echo <<<HTML
<script type="text/javascript">
function setcookie( name, value, expires, path, domain, secure ) {
// set time, it's in milliseconds
var today = new Date();
today.setTime( today.getTime() );

if ( expires ) {
expires = expires * 1000 * 60 * 60 * 24;
}
var expires_date = new Date( today.getTime() + (expires) );

document.cookie = name + "=" +escape( value ) +
( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
}
function letmein() {
setcookie('notabot','true',1,'/', '', '');
location.reload(true);
}
</script>
<h1>Forbidden</h1>
<p>Sorry. You are using a suspicious IP.</p>
<p>Your IP address has been listed at <a href="http://www.projecthoneypot.org">http://www.projecthoneypot.org</a></p>
<p>If you <strong>ARE NOT</strong> a bot of any kind, please <a href="javascript:letmein()">click here</a> to access the page. Sorry for this !</p>
HTML;
}





the error i now get is


Fatal error: Call to undefined function sql_escape_string() in /public_html/includes/functions.php(6505) : eval()'d code on line 68


i think it refere to this

########################################
# good insertion, get record id number #
########################################
$id = sql_insert_id("list", "id");
return $id;
}

not sure how to corect it
Lynne
01-25-2010, 04:00 PM
I know there is a mysql call mysql_insert_id, but I don't know anything about just sql_insert_id. It doesn't take any parameters, I don't believe. It just returns the last increment used. Why aren't you just using standard vB mysql syntax?
TheSupportForum
01-25-2010, 04:14 PM
because i am unsure how to do that

the sql code is an upade scrpt, logs ip address from projecthoneypot
if your listed

thats what i am try to do

i have no idea how to convert php sql to vb syntax

can you help
Lynne
01-25-2010, 05:16 PM
Well, it was just more of a question, I didn't realize you didn't write the code. I think I would just try changing the line to mysql_insert_id() and see if that works. Looking at the function, it isn't clear why he passes those parameters in the first place.

Are you allowed to reuse this code?
TheSupportForum
01-25-2010, 05:43 PM
yep

i am in contact withe the guy who created the code i just request help to change it to sql

--------------- Added 1264449484 at 1264449484 ---------------

thank you for that a new issue has shown





/*
Script Name: Simple PHP http:BL implementation
Description: Simple script to check an IP against Project Honey Pot's database and let only legitimate users access your script
*/
if ($vbulletin->options['pro_honey_active']){
if ($_COOKIE['notabot']) {
ozh_httpbl_logme(false, $_SERVER['REMOTE_ADDR']);
} else {
ozh_httpbl_check();
}
}
function ozh_httpbl_check() {
global $vbulletin;
$apikey = $vbulletin->options[pro_honey_api];
// IP to test
$ip = "94.102.63.90";
// build the lookup DNS query
// Example : for '127.9.1.2' you should query 'abcdefghijkl.2.1.9.127.dnsbl.httpbl.org'
$lookup = $apikey . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org';

// check query response
$result = explode( '.', gethostbyname($lookup));

if ($result[0] == 127) {
// query successful !
$activity = $result[1];
$threat = $result[2];
$type = $result[3];

if ($type & 0) $typemeaning .= 'Search Engine, ';
if ($type & 1) $typemeaning .= 'Suspicious, ';
if ($type & 2) $typemeaning .= 'Harvester, ';
if ($type & 4) $typemeaning .= 'Comment Spammer, ';
$typemeaning = trim($typemeaning,', ');

// echo "$type : $typemeaning of level $threat ";

// Now determine some blocking policy
if (
($type >= 4 && $threat > 0) // Comment spammer with any threat level
||
($type < 4 && $threat > 20) // Other types, with threat level greater than 20
) {
$block = true;
}

if ($block) {
ozh_httpbl_logme($block,$ip,$type,$threat,$activit y);
ozh_httpbl_blockme();
die();
}

}
}
function ozh_httpbl_logme($block = false, $ip='', $type='',$threat='',$activity='') {
$sql = "INSERT INTO `list` SET ";
$sql .= "`stamp`='" . sql_escape_string($stamp) . "', ";
$sql .= "`ip`='" . sql_escape_string($ip) . "', ";
$sql .= "`type`='" . sql_escape_string($type) . "', ";
$sql .= "`threat`='" . sql_escape_string($threat) . "', ";
$sql .= "`datetime`=now()";
$r = sql_command($sql);
if ($r == 1) {
########################################
# good insertion, get record id number #
########################################
mysql_insert_id()
return $id;
}
function sql_command ($sql) {
if (mysql_query($sql)) return mysql_affected_rows();
return -1;
}
function sql_insert_id($table, $field) {
return mysql_insert_id();
}
function sql_escape_string ($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
return $string;
}

// Some stuff you could log for further analysis
$page = $_SERVER['REQUEST_URI'];
$ua = $_SERVER["HTTP_USER_AGENT"];

if ($block) {
fputs($log,"$stamp :: BLOCKED $ip :: $type :: $threat :: $activity :: $page :: $ua\n");
} else {
fputs($log,"$stamp :: UNBLCKD $ip :: $page :: $ua\n");
}
fclose($log);
}
function ozh_httpbl_blockme() {
header('HTTP/1.0 403 Forbidden');
echo <<<HTML
<script type="text/javascript">
function setcookie( name, value, expires, path, domain, secure ) {
// set time, it's in milliseconds
var today = new Date();
today.setTime( today.getTime() );

if ( expires ) {
expires = expires * 1000 * 60 * 60 * 24;
}
var expires_date = new Date( today.getTime() + (expires) );

document.cookie = name + "=" +escape( value ) +
( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
}
function letmein() {
setcookie('notabot','true',1,'/', '', '');
location.reload(true);
}
</script>
<h1>Forbidden</h1>
<p>Sorry. You are using a suspicious IP.</p>
<p>Your IP address has been listed at <a href="http://www.projecthoneypot.org">http://www.projecthoneypot.org</a></p>
<p>If you <strong>ARE NOT</strong> a bot of any kind, please <a href="javascript:letmein()">click here</a> to access the page. Sorry for this !</p>
HTML;
}






Parse error: syntax error, unexpected T_RETURN in /public_html/includes/functions.php(6505) : eval()'d code on line 78
Lynne
01-25-2010, 09:58 PM
You need a ; at the end of the line.
TheSupportForum
01-25-2010, 10:21 PM
at the end of what line

if i need to do this

mysql_insert_id();

i have already done so and a new error of

Fatal error: Call to undefined function sql_escape_string() in /public_html/includes/functions.php(6505) : eval()'d code on line 67
Lynne
01-25-2010, 11:18 PM
at the end of what line

if i need to do this

mysql_insert_id();
That's not what you have written above:
mysql_insert_id()

You need to put a ; at the end of any php statement.