Jump to content
Botre

Dynamic Signature (PHP snippet)

Recommended Posts

Put together from various tutorials and forum posts, etc...

First piece of PHP I have ever written (I'm using tons of deprecated methods and am probably wrecking a dozen of conventions).

If you have tips to improve it -> shoot ^^

<?

// MySQL Username. 
$username = "**********";
// MySQL Pass. 
$password = "**********";
// MySQL database.
$database = "**********";
// MySQL host. This is "localhost" or the IP specified by your hosting company.
$host     = "**********";

// Connect to the database. 
mysql_connect($host, $username, $password);
//Select the database.
@mysql_select_db($database) or die("Unable to establish a connection with the database.");

// Get the name of the script from the URL and protect from injection.
$script = htmlspecialchars($_GET["script"]);
$script = stripslashes($script);
$script = mysql_real_escape_string($script);

// Get the name of the user from the URL and protect from injection.
$user = htmlspecialchars($_GET["user"]);
// Set user name to All if no user key was given.
if (empty($user)) {
    $user = "all";
} else {
    $user = stripslashes($user);
    $user = mysql_real_escape_string($user);
}

$query  = "SELECT * FROM $script WHERE username = '$user' LIMIT 1";
$result = mysql_query($query);
$rows   = mysql_num_rows($result);
if ($rows == 1) {
    // Create the image.  
    Header('Content-type: image/png');
    Header('Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0');
    Header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
    Header('Pragma: no-cache');
    $image = @imagecreatefrompng('./image.png') or die("Picture not found.");
    /*
    IMAGE TRANSPARENCY.
    */
    $black = imagecolorallocate($image, 0, 0, 0);
    $white = imagecolorallocate($image, 255, 255, 255);
    // Remove all the black from the placeholder image.
    imagecolortransparent($image, $black);
    // Turn off alpha blending (to ensure alpha channel information 
    // is preserved, rather than removed (blending with the rest of the 
    // image in the form of black)).
    imagealphablending($image, false);
    // Turn on alpha channel information saving (to ensure the full range 
    // of transparency is preserved).
    imagesavealpha($image, true);
    /*
    PREPARE FOR PRINTING.
    */
    $font     = './font.ttf';
    $fontSize = 8;
    $xCoord   = 15;
    $yCoord   = 30;
    /*
    PRINT.
    */
    imagettftext($image, $fontSize, 0, $xCoord, $yCoord, $white, $font, 'Script: ' . $script);
    while ($row = mysql_fetch_assoc($result)) {
        foreach ($row as $column => $value) {
            $yCoord += 30;
            $string = str_replace('_', ' ', ucwords($column)) . ': ' . $value;
            imagettftext($image, $fontSize, 0, $xCoord, $yCoord, $white, $font, $string);
        }
    }
    imagepng($image);
    imagedestroy($image);
} else {
    echo ("Username not found.");
}
mysql_close();

?>
  • Like 3
Link to comment
Share on other sites

Please don't use this example if you're going to be doing anything remotely with sensitive data like storing ip's, usernames and such. Also this uses a outdated and non-standard php library now as the new standard is mysqli which was introduced a few years ago (think this as a pre 2012 script).

 

If you want a good correct example use these instead;

 

https://github.com/chyt/rsbot-script-stats

Has all the code you need to know. It's also explained on this guys site; http://goddfree.com/rsbot-script-stats/

 

Edited by 7331337
  • Like 1
Link to comment
Share on other sites

Here's a better example:

<?php

$username = "";
$password = "";
$database = "";
$host = "";

$sql = new SQLe($host, $username, $password, $database);

if (isset($_GET['script']))
{
	$name = (isset($_GET['user']) ? $_GET['user'] : "all";
	
	$q = $sql -> select($_GET['script'], array("username" => $name));
	if ($sql -> num_rows($q) == 1)
	{
		$row = $sql -> fetch($q);
		//Call data like $row['value']
		//Image stuff here
	}
}

?>

SQLe class:

<?php

define("SQLE_DATETIME_NOW", 40966);
define("SQLE_NULL", 400968);

class SQLe
{
	protected $pdo = null;
	protected $last_query = "";
	protected $last_params = array();
	
	protected $last_err = "";
	protected $verb;
	
	public function __construct($host, $user, $password, $db, $verbosity = 1, $emulate = true)
	{
		$this -> verb = $verbosity;
		try
		{
			$p = new PDO("mysql:host=" . $host . ";dbname=" . $db, $user, $password);
			$p -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
			$p -> setAttribute(PDO::ATTR_EMULATE_PREPARES, $emulate);
			$this -> pdo = $p;
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
	}
	
	public function query($query, $params = array())
	{
		if (!is_array($params) || !is_string($query))
		{
			$this -> last_err = "You must pass a string and an array to query()!";
			$this -> verb_error();
		}
		
		try
		{
			$stmt = $this -> pdo -> prepare($query);
			$stmt -> execute($params);

			$this -> last_query = $query;
			$this -> last_params = $params;		
			return $stmt;
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function num_rows($stmt)
	{
		return $stmt -> rowCount();
	}
	
	public function fetch($stmt)
	{
		return $stmt -> fetch();
	}
	
	public function insert_id()
	{
		return $this -> pdo -> lastInsertId();
	}
	
	public function insert($table, $arr)
	{
		try
		{
			$keys = array_keys($arr);
			$string = "INSERT INTO " .
						"`" . $table . "` " .
						"(`" . implode("`, `", $keys) . "`) VALUES (";
						
			$params = array();
			foreach ($arr as $key => $val)
			{
				$temp = ":" . $key;
				if ($val== SQLE_DATETIME_NOW) $string .= "NOW(), ";
				else if ($val == SQLE_NULL) $string .= "NULL, ";
				else
				{
					$string .= $temp . ", ";
					$params[$temp] = $val;
				}
				
			}
			$string = substr($string, 0, -2);
			$string .= ")";
			return $this -> query($string, $params);
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function select($table, $arr, $other = NULL)
	{
	
		try
		{
			$string = "SELECT * FROM " .
							"`" . $table . "` " .
							"WHERE ";
			
			$i = 0;
			$params = array();
			foreach ($arr as $key => $val)
			{
				if ($i > 0) $string .= " AND ";
				$temp = ":" . $key;
				$i++;
				$string .= "`" . $key . "`=" . $temp;
				
				$params[$temp] = $val;
			}
			if (isset($other)) $string .= " " . $other;
			return $this -> query($string, $params);
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function verb_error()
	{
		if ($this -> verb == 3) die($this -> last_err);
		if ($this -> verb == 2) echo $this -> last_err;
	}
	
	public function error()
	{
		return $this -> last_err;
	}
	
	public function querystring()
	{
		return $this -> last_query;
	}
	
	public function close($stmt)
	{
		$stmt = null;
	}
}

?>
Edited by Bobrocket
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...