AlliedModders - Changing a table's field

AlliedModders (https://forums.alliedmods.net/index.php)

- Off-Topic (https://forums.alliedmods.net/forumdisplay.php?f=15)

- - Changing a table's field (https://forums.alliedmods.net/showthread.php?t=130892)

Changing a table's field

Well im using SMF ( Simple Machine Forums) to change a specific field. I use a different page so they can change it, and it would automatically change that field in the database, but it won't work for some reason. Here is what I got so far (thanks to stewie :D)

PHP Code:


		
			
<?php
    $szSteamID = $_POST["szSteamID"];
    
    if($szSteamID)
    {
        if(preg_match("/^STEAM_0:[0-1]:[0-9]{1,9}$/", strtoupper($szSteamID)))
        {
            mysql_connect("localhost", "username", "password");
            mysql_select_db("databasename") or die(mysql_error());
            
     if(mysql_query("UPDATE `smf_members` SET steam_id = '$szSteamID' WHERE member_name = '$szUser' AND passwd = '" . base_encode($_POST["szPass"]) . "';"))
                echo "<p>Thanks. Your SteamID has been updated and you will now be able to play on our servers.</p>";
            else
                echo mysql_error();
        }
        else
            echo "<p>Please enter a valid SteamID.</p>";
    }
    else
    {
        echo "<form action='edit_steamid.php' method='post'>";
        echo "Name: <input name='szUser' type='text' value='username' /><br />";
        echo "Password: <input name='szPass' type='password' value='password' /><br />";
        echo "SteamID: <input name='szSteamID' type='text' value='SteamID' /><br />";
        echo "<input type='submit' value='Submit!' />";
        echo "</form>";
    }
?>

The required fields username, password, db name, are not shown for privacy reasons.

If anyone could help.

Edit: We also tried with md5, but it doesn't seem to work

Re: Changing a table's field

You would need to dig around in the SMF code to see what method they use to encrypt the password and how.

Re: Changing a table's field

Quote:

Originally Posted by DruGzOG (Post 1222969)

but won't work for some reason.

You'll have to be more specific than that. What won't work? Where does it go wrong? Add some random echos or prints to see where it breaks or what the query turns out to be like.

If this is really all your code, then it won't work because $szUser is not defined.

PHP Code:


		
			
$szUser = mysql_real_escape_string($_POST["szUser"]);

Also, knowing your SMF version is relevant. A quick Google query showed me this:

PHP Code:


		
			
sha1(strtolower($membername) . $password)

Re: Changing a table's field

Thanks I will try that out.

Its when a user tries to apply his/her steamid using a specific url, it won't work

As in, it won't replace the current STEAMID that is in there

Re: Changing a table's field

I understand that it won't update the SteamID, but with your script there are several possible reasons why:
- the username was missing
- the password was missing
- the username and password don't match

For the above reasons the script won't return an error or notice. To make it do so, you could use this:

PHP Code:


		
			
<?php

function print_form()

{

    echo "<form action='edit_steamid.php' method='post'>";

    echo "Name: <input name='szUser' type='text' value='username' /><br />";

    echo "Password: <input name='szPass' type='password' value='password' /><br />";

    echo "SteamID: <input name='szSteamID' type='text' value='SteamID' /><br />";

    echo "<input type='submit' value='Submit!' />";

    echo "</form>";

}



if($_POST)

{

    //print the POST array to see what's been submitted

    echo "<pre>"; //comment this out if you are not debugging

    print_r($_POST);//comment this out if you are not debugging

    echo "</pre>";//comment this out if you are not debugging

    if(isset($_POST["szSteamID"]) && isset($_POST["szUser"]) && isset($_POST["szUser"]))

    {

        $szSteamID = strtoupper($_POST["szSteamID"]);

        $szPass=sha1(strtolower($szUser) . $_POST["szPass"]); //assuming this is the hashing that SMF uses

        if(preg_match("/^STEAM_0:[0-1]:[0-9]{1,9}$/", $szSteamID))

        {

            echo 'valid';

            mysql_connect("localhost", "username", "password");

            mysql_select_db("databasename") or die(mysql_error());

            $szUser = mysql_real_escape_string($_POST["szUser"]);

            $sql="UPDATE smf_members SET steam_id = '$szSteamID' WHERE member_name = '$szUser' AND passwd = '$szPass')";

            //print the query to see what's going on. you can use this query on the command line or in phpMyadmin to see what's wrong

            echo $sql."<br />"; //comment this out if you are not debugging

            if(mysql_query($sql))

            {

                if(mysql_affected_rows()==1) "<p>Thanks. Your SteamID has been updated and you will now be able to play on our servers.</p>";

                else echo "<p>You provided non-matching data.</p>";

            }

            else

            {

                echo mysql_error();

                echo "<p>Your SteamID has not been updated.";

            }

        }

        else echo "<p>Please enter a valid SteamID.</p>";

    }

    else

    {

        echo "<p>All fields are required, some were left blank.</p>";

        print_form();

    }

}

else

{

    echo "<p>No POST data</p>";//comment this out if you are not debugging

    print_form();

}

?>

mysql_affected_rows returns the number of rows that were updated by the query.

Re: Changing a table's field

PHP Code:


		
			
[29-Jun-2010 12:32:29] PHP Parse error:  syntax error, unexpected T_IF, expecting ',' or ';' in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 18
[29-Jun-2010 12:32:31] PHP Parse error:  syntax error, unexpected T_IF, expecting ',' or ';' in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 18
[29-Jun-2010 12:34:08] PHP Parse error:  syntax error, unexpected T_IF, expecting ',' or ';' in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 18
[29-Jun-2010 12:34:10] PHP Parse error:  syntax error, unexpected T_IF, expecting ',' or ';' in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 18

the error that comes out.

Also nothing is displayed, like the submit, nor the username or password

Re: Changing a table's field

Whoops.

Replace line 17 with

PHP Code:


		
			
echo "</pre>";//comment this out if you are not debugging

and line 45 with

PHP Code:


		
			
echo "<p>All fields are required, some were left blank.</p>";

edit: I've updated my previous post as I noticed other mistakes.

Re: Changing a table's field

PHP Code:


		
			
Array
(
    [szUser] => levin
    [szPass] => Hidden
    [szSteamID] => STEAM_0:0:4195929
)
UPDATE smf_members SET steam_id = 'STEAM_0:0:4195929' WHERE  member_name = '' AND passwd = 'Hidden'
Thanks.  Your SteamID has been updated and you will now be able to play on our  servers.

This is the output display. It still doesn't change it in the field.

Edit:

PHP Code:


		
			
[29-Jun-2010 12:47:46] PHP Warning:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'apexgame'@'localhost' (using password: NO) in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 22
[29-Jun-2010 12:47:46] PHP Warning:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 22
[29-Jun-2010 12:48:18] PHP Warning:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'apexgame'@'localhost' (using password: NO) in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 22
[29-Jun-2010 12:48:18] PHP Warning:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 22
[29-Jun-2010 12:51:09] PHP Warning:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'apexgame'@'localhost' (using password: NO) in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 22
[29-Jun-2010 12:51:09] PHP Warning:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /home/apexgame/public_html/apexgamers.com/edit_steamid.php on line 22

Re: Changing a table's field

I used mysql_real_escape_string before a connection to MySQL was made, which explains the warning and the empty username. I've updated the post once more.

By the way, you still haven't revealed your version of SMF.

Re: Changing a table's field

Ahh Sorry about that.

2.0.0 RC3

PHP Code:


		
			
You have an error in your SQL syntax; check the manual that corresponds  to your MySQL server version for the right syntax to use near ')' at  line 1

Your SteamID has not been updated.