Dynamic Signature (PHP snippet)

April 21, 201510 yr

Put together from various tutorials and forum posts, etc...

First piece of PHP I have ever written (I'm using tons of deprecated methods and am probably wrecking a dozen of conventions).

If you have tips to improve it -> shoot ^^

<?

// MySQL Username. 
$username = "**********";
// MySQL Pass. 
$password = "**********";
// MySQL database.
$database = "**********";
// MySQL host. This is "localhost" or the IP specified by your hosting company.
$host     = "**********";

// Connect to the database. 
mysql_connect($host, $username, $password);
//Select the database.
@mysql_select_db($database) or die("Unable to establish a connection with the database.");

// Get the name of the script from the URL and protect from injection.
$script = htmlspecialchars($_GET["script"]);
$script = stripslashes($script);
$script = mysql_real_escape_string($script);

// Get the name of the user from the URL and protect from injection.
$user = htmlspecialchars($_GET["user"]);
// Set user name to All if no user key was given.
if (empty($user)) {
    $user = "all";
} else {
    $user = stripslashes($user);
    $user = mysql_real_escape_string($user);
}

$query  = "SELECT * FROM $script WHERE username = '$user' LIMIT 1";
$result = mysql_query($query);
$rows   = mysql_num_rows($result);
if ($rows == 1) {
    // Create the image.  
    Header('Content-type: image/png');
    Header('Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0');
    Header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
    Header('Pragma: no-cache');
    $image = @imagecreatefrompng('./image.png') or die("Picture not found.");
    /*
    IMAGE TRANSPARENCY.
    */
    $black = imagecolorallocate($image, 0, 0, 0);
    $white = imagecolorallocate($image, 255, 255, 255);
    // Remove all the black from the placeholder image.
    imagecolortransparent($image, $black);
    // Turn off alpha blending (to ensure alpha channel information 
    // is preserved, rather than removed (blending with the rest of the 
    // image in the form of black)).
    imagealphablending($image, false);
    // Turn on alpha channel information saving (to ensure the full range 
    // of transparency is preserved).
    imagesavealpha($image, true);
    /*
    PREPARE FOR PRINTING.
    */
    $font     = './font.ttf';
    $fontSize = 8;
    $xCoord   = 15;
    $yCoord   = 30;
    /*
    PRINT.
    */
    imagettftext($image, $fontSize, 0, $xCoord, $yCoord, $white, $font, 'Script: ' . $script);
    while ($row = mysql_fetch_assoc($result)) {
        foreach ($row as $column => $value) {
            $yCoord += 30;
            $string = str_replace('_', ' ', ucwords($column)) . ': ' . $value;
            imagettftext($image, $fontSize, 0, $xCoord, $yCoord, $white, $font, $string);
        }
    }
    imagepng($image);
    imagedestroy($image);
} else {
    echo ("Username not found.");
}
mysql_close();

?>

3

April 21, 201510 yr

Bookmarked for the future!

1

April 22, 201510 yr

Yea, using pdo woulda been better, but it works ;)

April 27, 201510 yr

Please don't use this example if you're going to be doing anything remotely with sensitive data like storing ip's, usernames and such. Also this uses a outdated and non-standard php library now as the new standard is mysqli which was introduced a few years ago (think this as a pre 2012 script).

If you want a good correct example use these instead;

https://github.com/chyt/rsbot-script-stats

Has all the code you need to know. It's also explained on this guys site; http://goddfree.com/rsbot-script-stats/

Edited April 27, 201510 yr by 7331337

1

June 7, 201510 yr

Here's a better example:

<?php

$username = "";
$password = "";
$database = "";
$host = "";

$sql = new SQLe($host, $username, $password, $database);

if (isset($_GET['script']))
{
	$name = (isset($_GET['user']) ? $_GET['user'] : "all";
	
	$q = $sql -> select($_GET['script'], array("username" => $name));
	if ($sql -> num_rows($q) == 1)
	{
		$row = $sql -> fetch($q);
		//Call data like $row['value']
		//Image stuff here
	}
}

?>

SQLe class:

<?php

define("SQLE_DATETIME_NOW", 40966);
define("SQLE_NULL", 400968);

class SQLe
{
	protected $pdo = null;
	protected $last_query = "";
	protected $last_params = array();
	
	protected $last_err = "";
	protected $verb;
	
	public function __construct($host, $user, $password, $db, $verbosity = 1, $emulate = true)
	{
		$this -> verb = $verbosity;
		try
		{
			$p = new PDO("mysql:host=" . $host . ";dbname=" . $db, $user, $password);
			$p -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
			$p -> setAttribute(PDO::ATTR_EMULATE_PREPARES, $emulate);
			$this -> pdo = $p;
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
	}
	
	public function query($query, $params = array())
	{
		if (!is_array($params) || !is_string($query))
		{
			$this -> last_err = "You must pass a string and an array to query()!";
			$this -> verb_error();
		}
		
		try
		{
			$stmt = $this -> pdo -> prepare($query);
			$stmt -> execute($params);

			$this -> last_query = $query;
			$this -> last_params = $params;		
			return $stmt;
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function num_rows($stmt)
	{
		return $stmt -> rowCount();
	}
	
	public function fetch($stmt)
	{
		return $stmt -> fetch();
	}
	
	public function insert_id()
	{
		return $this -> pdo -> lastInsertId();
	}
	
	public function insert($table, $arr)
	{
		try
		{
			$keys = array_keys($arr);
			$string = "INSERT INTO " .
						"`" . $table . "` " .
						"(`" . implode("`, `", $keys) . "`) VALUES (";
						
			$params = array();
			foreach ($arr as $key => $val)
			{
				$temp = ":" . $key;
				if ($val== SQLE_DATETIME_NOW) $string .= "NOW(), ";
				else if ($val == SQLE_NULL) $string .= "NULL, ";
				else
				{
					$string .= $temp . ", ";
					$params[$temp] = $val;
				}
				
			}
			$string = substr($string, 0, -2);
			$string .= ")";
			return $this -> query($string, $params);
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function select($table, $arr, $other = NULL)
	{
	
		try
		{
			$string = "SELECT * FROM " .
							"`" . $table . "` " .
							"WHERE ";
			
			$i = 0;
			$params = array();
			foreach ($arr as $key => $val)
			{
				if ($i > 0) $string .= " AND ";
				$temp = ":" . $key;
				$i++;
				$string .= "`" . $key . "`=" . $temp;
				
				$params[$temp] = $val;
			}
			if (isset($other)) $string .= " " . $other;
			return $this -> query($string, $params);
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function verb_error()
	{
		if ($this -> verb == 3) die($this -> last_err);
		if ($this -> verb == 2) echo $this -> last_err;
	}
	
	public function error()
	{
		return $this -> last_err;
	}
	
	public function querystring()
	{
		return $this -> last_query;
	}
	
	public function close($stmt)
	{
		$stmt = null;
	}
}

?>

Edited June 7, 201510 yr by Bobrocket

Sign In

Featured Replies

Create an account or sign in to comment

Recently Browsing 0

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)