Jump to content

Dynamic Signature (PHP snippet)

Botre

By Botre
in Snippets

 Share

Recommended Posts

Botre Dragon Poster

Botre

Posted
Posted

Put together from various tutorials and forum posts, etc...

First piece of PHP I have ever written (I'm using tons of deprecated methods and am probably wrecking a dozen of conventions).

If you have tips to improve it -> shoot ^^

<?

// MySQL Username. 
$username = "**********";
// MySQL Pass. 
$password = "**********";
// MySQL database.
$database = "**********";
// MySQL host. This is "localhost" or the IP specified by your hosting company.
$host     = "**********";

// Connect to the database. 
mysql_connect($host, $username, $password);
//Select the database.
@mysql_select_db($database) or die("Unable to establish a connection with the database.");

// Get the name of the script from the URL and protect from injection.
$script = htmlspecialchars($_GET["script"]);
$script = stripslashes($script);
$script = mysql_real_escape_string($script);

// Get the name of the user from the URL and protect from injection.
$user = htmlspecialchars($_GET["user"]);
// Set user name to All if no user key was given.
if (empty($user)) {
    $user = "all";
} else {
    $user = stripslashes($user);
    $user = mysql_real_escape_string($user);
}

$query  = "SELECT * FROM $script WHERE username = '$user' LIMIT 1";
$result = mysql_query($query);
$rows   = mysql_num_rows($result);
if ($rows == 1) {
    // Create the image.  
    Header('Content-type: image/png');
    Header('Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0');
    Header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
    Header('Pragma: no-cache');
    $image = @imagecreatefrompng('./image.png') or die("Picture not found.");
    /*
    IMAGE TRANSPARENCY.
    */
    $black = imagecolorallocate($image, 0, 0, 0);
    $white = imagecolorallocate($image, 255, 255, 255);
    // Remove all the black from the placeholder image.
    imagecolortransparent($image, $black);
    // Turn off alpha blending (to ensure alpha channel information 
    // is preserved, rather than removed (blending with the rest of the 
    // image in the form of black)).
    imagealphablending($image, false);
    // Turn on alpha channel information saving (to ensure the full range 
    // of transparency is preserved).
    imagesavealpha($image, true);
    /*
    PREPARE FOR PRINTING.
    */
    $font     = './font.ttf';
    $fontSize = 8;
    $xCoord   = 15;
    $yCoord   = 30;
    /*
    PRINT.
    */
    imagettftext($image, $fontSize, 0, $xCoord, $yCoord, $white, $font, 'Script: ' . $script);
    while ($row = mysql_fetch_assoc($result)) {
        foreach ($row as $column => $value) {
            $yCoord += 30;
            $string = str_replace('_', ' ', ucwords($column)) . ': ' . $value;
            imagettftext($image, $fontSize, 0, $xCoord, $yCoord, $white, $font, $string);
        }
    }
    imagepng($image);
    imagedestroy($image);
} else {
    echo ("Username not found.");
}
mysql_close();

?>
  • Like 3
7331337 Steel Poster

7331337

Posted
Posted (edited)

Please don't use this example if you're going to be doing anything remotely with sensitive data like storing ip's, usernames and such. Also this uses a outdated and non-standard php library now as the new standard is mysqli which was introduced a few years ago (think this as a pre 2012 script).

 

If you want a good correct example use these instead;

 

https://github.com/chyt/rsbot-script-stats

Has all the code you need to know. It's also explained on this guys site; http://goddfree.com/rsbot-script-stats/

 

Edited by 7331337
  • Like 1
  • 1 month later...
Bobrocket Adamantite Poster

Bobrocket

Posted
Posted (edited)

Here's a better example:

<?php

$username = "";
$password = "";
$database = "";
$host = "";

$sql = new SQLe($host, $username, $password, $database);

if (isset($_GET['script']))
{
	$name = (isset($_GET['user']) ? $_GET['user'] : "all";
	
	$q = $sql -> select($_GET['script'], array("username" => $name));
	if ($sql -> num_rows($q) == 1)
	{
		$row = $sql -> fetch($q);
		//Call data like $row['value']
		//Image stuff here
	}
}

?>

SQLe class:

<?php

define("SQLE_DATETIME_NOW", 40966);
define("SQLE_NULL", 400968);

class SQLe
{
	protected $pdo = null;
	protected $last_query = "";
	protected $last_params = array();
	
	protected $last_err = "";
	protected $verb;
	
	public function __construct($host, $user, $password, $db, $verbosity = 1, $emulate = true)
	{
		$this -> verb = $verbosity;
		try
		{
			$p = new PDO("mysql:host=" . $host . ";dbname=" . $db, $user, $password);
			$p -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
			$p -> setAttribute(PDO::ATTR_EMULATE_PREPARES, $emulate);
			$this -> pdo = $p;
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
	}
	
	public function query($query, $params = array())
	{
		if (!is_array($params) || !is_string($query))
		{
			$this -> last_err = "You must pass a string and an array to query()!";
			$this -> verb_error();
		}
		
		try
		{
			$stmt = $this -> pdo -> prepare($query);
			$stmt -> execute($params);

			$this -> last_query = $query;
			$this -> last_params = $params;		
			return $stmt;
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function num_rows($stmt)
	{
		return $stmt -> rowCount();
	}
	
	public function fetch($stmt)
	{
		return $stmt -> fetch();
	}
	
	public function insert_id()
	{
		return $this -> pdo -> lastInsertId();
	}
	
	public function insert($table, $arr)
	{
		try
		{
			$keys = array_keys($arr);
			$string = "INSERT INTO " .
						"`" . $table . "` " .
						"(`" . implode("`, `", $keys) . "`) VALUES (";
						
			$params = array();
			foreach ($arr as $key => $val)
			{
				$temp = ":" . $key;
				if ($val== SQLE_DATETIME_NOW) $string .= "NOW(), ";
				else if ($val == SQLE_NULL) $string .= "NULL, ";
				else
				{
					$string .= $temp . ", ";
					$params[$temp] = $val;
				}
				
			}
			$string = substr($string, 0, -2);
			$string .= ")";
			return $this -> query($string, $params);
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function select($table, $arr, $other = NULL)
	{
	
		try
		{
			$string = "SELECT * FROM " .
							"`" . $table . "` " .
							"WHERE ";
			
			$i = 0;
			$params = array();
			foreach ($arr as $key => $val)
			{
				if ($i > 0) $string .= " AND ";
				$temp = ":" . $key;
				$i++;
				$string .= "`" . $key . "`=" . $temp;
				
				$params[$temp] = $val;
			}
			if (isset($other)) $string .= " " . $other;
			return $this -> query($string, $params);
		}
		catch (PDOException $e)
		{
			$this -> last_err = $e -> getMessage();
			$this -> verb_error();
		}
		return false;
	}
	
	public function verb_error()
	{
		if ($this -> verb == 3) die($this -> last_err);
		if ($this -> verb == 2) echo $this -> last_err;
	}
	
	public function error()
	{
		return $this -> last_err;
	}
	
	public function querystring()
	{
		return $this -> last_query;
	}
	
	public function close($stmt)
	{
		$stmt = null;
	}
}

?>
Edited by Bobrocket

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...