Ir para conteúdo
  • 0

GodalonexD

Pergunta

Ola eu tenho meu site sussegado porem as vezes quando o player posta um link a pagna fica tudo em branco... e eu tenho sempre que ir no mysql deletar...

 

nao sei se é pedir muito mais se alguem tiver uma pagina melhor para o gesior sem algum tipo de bug e que funcione melhor do que a minha porfavor da uma ajuda ae

 

REP+

 

minha pagina de video (nao sei se pode posta mais vou, PERDAO)

http://www.drugovich-global.com/index.php?subtopic=videos

 

e abaixo fica o scritp que estou usando!

 

 

<?php

if($logged)

{

$account_login = $account_logged->getName();

$account_players = $account_logged->getPlayers();

foreach($account_players as $player)

{

$player = $player->getName();

$player2 = str_replace(strtoupper("'"),"+",strtoupper($player));

}

}

 

include('videossql.php');

 

$videoid = $_GET["videoid"];

$cat = $_GET["cat"];

 

$main_content .= '

 

<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>

<TR BGCOLOR="#F1E0C6">

<TD COLSPAN=3 CLASS=red>

<font size="4px"><strong>#Selecione uma categoria.</strong></font><br />

<strong><a href="index.php?subtopic=videos">Ultimos 5</a></strong> | <strong><a href="index.php?subtopic=videos&cat=WAR">WAR</a></strong> | <strong><a href="index.php?subtopic=videos&cat=QUEST">QUEST</a></strong> | <strong><a href="index.php?subtopic=videos&cat=HUNT">HUNT</a></strong> | <strong><a href="index.php?subtopic=videos&cat=others">OTHERS</a></strong>

</TD>

</TR>

<TR BGCOLOR="#505050">

<TD COLSPAN=3 bgcolor="#D4C0A1" CLASS=white style="font-size:11px"><em><a href="index.php?subtopic=videos&action=add">

Click aqui para enviar seu video, somente videos do youtube por gentileza.

</a></em></TD>

</TR>

</TABLE>

<br />';

if($action == ''){

if($cat != ''){

include('videossql.php');

$sql = "SELECT * FROM videos WHERE categoria='$cat' AND aprovado='1' ORDER BY data DESC";

$limite = mysql_query("$sql");

while ($sql = mysql_fetch_array($limite)) {

 

$videoid = $sql["id"];

$charnick = $sql["charnick"];

$comentario = $sql["comentario"];

$categoria = $sql["categoria"];

$link = $sql["link"];

$data = $sql["data"];

$data2 = date('d/m/Y - H:i', $data);

$server = $sql["server"];

$link = str_replace('http://www.youtube.com/watch?v=', '', $link);

$link = str_replace('&feature=player_embedded', '', $link);

 

$main_content .= '

<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>

<TR BGCOLOR="#505050">

<TD CLASS=white COLSPAN=3><B>Postado por: '.$charnick.' ('.$server.')</B></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#F1E0C6"><a href="?subtopic=videos&action=view&videoid='.$videoid.'">Nome do video: '.$comentario.'</a></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD align="right" bgcolor="#D4C0A1">Postado dia: '.$data2.'</TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#F1E0C6"><a href="?subtopic=videos&action=view&videoid='.$videoid.'"></a></TD>

</TR>

</TABLE>';

};

}

if($cat == ''){

$main_content .= '

 

<font size="4px"><strong>#Ultimos videos postados</strong></font>

<br />

 

';

 

$sql = "SELECT * FROM videos WHERE aprovado='1' ORDER BY data DESC LIMIT 5";

$limite = mysql_query("$sql");

while ($sql = mysql_fetch_array($limite)) {

 

$videoid = $sql["id"];

$charnick = $sql["charnick"];

$comentario = $sql["comentario"];

$categoria = $sql["categoria"];

$link = $sql["link"];

$data = $sql["data"];

$data2 = date('d/m/Y - H:i', $data);

$server = $sql["server"];

$link = str_replace('http://www.youtube.com/watch?v=', '', $link);

$link = str_replace('&feature=player_embedded', '', $link);

 

$main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>

<TR BGCOLOR="#505050">

<TD CLASS=white COLSPAN=3><B> [Categoria : '.$categoria.'] - Postado por: '.$charnick.' ('.$server.')</B></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#F1E0C6"><a href="?subtopic=videos&action=view&videoid='.$videoid.'">Nome do video: '.$comentario.'</a></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD align="right" bgcolor="#D4C0A1">Postado dia: '.$data2.' - <i>'.$categoria.'</i>

</TD>

</TR>

 

</TABLE>';

};

 

};

 

}

if($action == 'add'){

if($logged)

{

$account_login = $account_logged->getName();

$account_players = $account_logged->getPlayers();

foreach($account_players as $player)

{

$player = $player->getName();

$player2 = str_replace(strtoupper("'"),"+",strtoupper($player));

}

 

$main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>

<form action="/index.php?subtopic=videos&action=add1" method="POST"><input type="hidden" name="videos" value="">

<TR BGCOLOR="#505050">

<TD CLASS=white COLSPAN=3><B>Submit YouTube Videos</B></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#F1E0C6">Char: ';

$main_content .= '

<select name="charnick" id="charnick">';

 

$players_from_logged_acc = $account_logged->getPlayersList();

if(count($players_from_logged_acc) > 0)

{

$players_from_logged_acc->orderBy('name');

foreach($players_from_logged_acc as $player)

{

$main_content .= '

<option>'.$player->getName().'</option>';

 

}

}

else

{

$main_content .= 'You don\'t have any character on your account.';

}

 

$main_content .= '

</select>';

 

$main_content .= '</TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#D4C0A1">Link YouTube:

<input name="link" type="text" id="link" size="40" /></TD>

</TR>

<TR BGCOLOR=#F1E0C6>

<TD bgcolor="#F1E0C6">Video Name:

<input name="comentario" type="text" id="comentario" size="50" /></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#D4C0A1">Categoria::

<select name="categoria" id="categoria">

<option>WAR</option>

<option>Quest</option>

<option>Hunt</option>

<option>Others</option>

</select></TD>

</TR>

<TR BGCOLOR=#F1E0C6>

<TD bgcolor="#F1E0C6">Server: <select name="server" id="server">

<option>Drugovich-Global</option>

</select></TD>

</TR>

 

</TABLE><BR>

<center><input type="image" value="submit" src="layouts/tibiacom/images/buttons/sbutton_submit.gif"/>

</form>';

}

else

{

$main_content .= 'To add videos, you need to log into your account.';

}

 

}

if($action == 'add1'){

$charnick = $_POST["charnick"];

$link = $_POST["link"];

$comentario = $_POST["comentario"];

$server = $_POST["server"];

$categoria = $_POST["categoria"];

$aprovado = "1";

$data = time();

 

 

include('videossql.php');

$sql = "INSERT INTO videos (id, charnick, link, comentario, categoria, server, aprovado, data) VALUES ('', '$charnick', '$link', '$comentario', '$categoria', '$server', '$aprovado', '$data')";

$main_content .= '

<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>

<TR BGCOLOR="#505050">

<TD COLSPAN=3 CLASS=white><center>

Video Enviado!<strong><a href="index.php?subtopic=videos&cat=OUTROS"></a></strong>

</center></TD>

</TR>

<TR BGCOLOR="#505050">

<TD COLSPAN=3 bgcolor="#D4C0A1" CLASS=black><p>Your video was sent as soon as approved by our GM, will be posted automatically if something goes wrong with the video, we will contact In-Game.</p>

<p>Obrigado!</p></TD>

</TR>

</TABLE>';

 

$sql = mysql_query($sql)

or die ("There was an error in recording data, please click back and check the required fields!");

};

 

if($action == 'view'){

$videoid = $_GET["videoid"];

 

$main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>

<TR BGCOLOR="#F1E0C6">

<TD COLSPAN=3 CLASS=red><center>

<strong><a href="javascript:history.back(1)"><< Voltar</a></strong>

</center></TD>

</TR>

</TABLE>';

 

 

$sql = "SELECT * FROM videos WHERE id='$videoid' AND aprovado='1' LIMIT 1";

$limite = mysql_query("$sql");

while ($sql = mysql_fetch_array($limite)) {

 

$charnick = $sql["charnick"];

$comentario = $sql["comentario"];

$categoria = $sql["categoria"];

$link = $sql["link"];

$data = $sql["data"];

$server = $sql["server"];

$link = str_replace('http://www.youtube.com/watch?v=', '', $link);

$link = str_replace('&feature=player_embedded', '', $link);

 

$main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>

<TR BGCOLOR="#505050">

<TD CLASS=white COLSPAN=3><B>Posted on: '.$charnick.' ('.$server.')</B></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#F1E0C6">Comment: '.$comentario.'</TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#D4C0A1"><center><object width="480" height="385"><param name="movie" value="http://www.youtube.com/watch?v='.$link.'?fs=1&hl=pt_BR&rel=0&color1=0x3a3a3a&color2=0x999999"></param><param'>http://www.youtube.com/watch?v='.$link.'?fs=1&hl=pt_BR&rel=0&color1=0x3a3a3a&color2=0x999999"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/watch?v='.$link.'?fs=1&hl=pt_BR&rel=0&color1=0x3a3a3a&color2=0x999999" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object></center></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD bgcolor="#F1E0C6">Posted on: '.$data2.' - <i>'.$cat.'</i></TD>

</TR>

<TR BGCOLOR=#D4C0A1>

<TD> </TD>

</TR>

 

</TABLE>';

};

 

 

$sql = "SELECT * FROM comentarios WHERE videoid='$videoid' ORDER BY data ASC";

$limite = mysql_query("$sql");

while ($sql = mysql_fetch_array($limite)) {

 

$id = $sql["id"];

$videoid = $sql["videoid"];

$charnick = $sql["charnick"];

$servidor = $sql["servidor"];

$comentariox2 = $sql["comentario"];

$account_comment = $sql["account"];

 

 

$data = $sql["data"];

$data2 = date('d/m/Y - H:i:s', $data);

 

if ($account_login == $account_comment){

$owner = "1";

$delmsg = "<a href='?subtopic=videos&action=delcomment&videoid=$videoid&idcoment=$id'><img src=layouts/tibiacom/images/news/delete.png />";

} else {

$owner = "0";

$delmsg = "";

}

 

$main_content .= '

<table width="100%" border="0" cellpadding="0" cellspacing="0">

<tr BGCOLOR="#505050">

<TD CLASS=white><b>-</b></TD>

</tr>

<tr bgcolor="#D4C0A1">

<td bgcolor="#F1E0C6">Posted by: <a href="index.php?subtopic=characters&name='.$charnick.'"> <i>'.$charnick.'</i></a> | Server: <i>'.$servidor.'</i></td>

</tr>

<tr>

<td bgcolor="#D4C0A1">Comment:</td>

</tr>

<tr>

<td bgcolor="#F1E0C6"><b>'.$comentariox2.'</b></td>

</tr>

<tr>

<td bgcolor="#D4C0A1">Data: '.$data2.' - '.$delmsg.'</td>

</tr>

<tr>

<td bgcolor="#F1E0C6"></td>

</tr>

</table>';

};

 

 

if($logged)

{

 

$account_login = $account_logged->getName();

$account_players = $account_logged->getPlayers();

foreach($account_players as $player)

{

$player = $player->getName();

$player2 = str_replace(strtoupper("'"),"+",strtoupper($player));

}

 

$main_content .= '

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<TR BGCOLOR="#505050">

<TD CLASS=white><b>Make comment:</b></TD>

</TR>

</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">

<form id="fazercomentario" name="fazercomentario" method="post" action="?subtopic=videos&action=view&videoid='.$videoid.'&coment=add">

<tr bgcolor="#D4C0A1">

<td bgcolor="#F1E0C6">

 

Comment with the character: ';

 

$main_content .= '

<select name="charnick" id="charnick">';

 

$players_from_logged_acc = $account_logged->getPlayersList();

if(count($players_from_logged_acc) > 0)

{

$players_from_logged_acc->orderBy('name');

foreach($players_from_logged_acc as $player)

{

$main_content .= '

<option>'.$player->getName().'</option>';

 

}

}

else

{

$main_content .= 'You don\'t have any character on your account.';

}

 

$main_content .= '

</select>';

 

$main_content .= '

</td>

</tr>

<tr>

<td align="center" valign="top" bgcolor="#D4C0A1">Comment:

<label for="comentariox1"></label>

<textarea name="comentariox1" id="comentariosx1" cols="60" rows="5"></textarea></td>

</tr>

<tr>

<td align="center" bgcolor="#F1E0C6"><input type="submit" name="button" id="button" value="Enviar" />

</form></td>

</tr>

</table>';

$coment = $_GET["coment"];

if ($coment == "add"){

echo $_POST['comentariox1'];

$charnick2 = "$player";

$servidor2 = "Drugovich-Global";

$comentariox1 = $_POST['comentariox1'];

$data2 = time();

$videoid2 = $_GET["videoid"];

include('videossql.php');

$comentariox1=strtr($comentariox1, '\'', '*');

if ($comentariox1 != ""){

$sql = "INSERT INTO comentarios (id, videoid, charnick, servidor, comentario, data, account) VALUES ('', '$videoid', '$charnick2', '$servidor2', '$comentariox1', '$data2', '$account_login')";

} else {

$msgerro = "Empty Comments!";

$erro = "?subtopic=videos&action=view&videoid=$videoid&msg=$msgerro";

header("Location: $erro");

}

if(!mysql_query($sql)){

$erro = mysql_error();

echo "Ocorreu o seguinte erro: ", '"', $erro, '"';

} else {

$sucesso = "Comment Sucessfull!";

$sucesso = "?subtopic=videos&action=view&videoid=$videoid&msg=$sucesso";

header("Location: $sucesso");

}

 

}

}

else

{

$main_content .= 'Please enter your account number and your password.<br/><a href="?subtopic=createaccount" >Create an account</a> if you do not have one yet.<br/><br/><form action="?subtopic=videos&action=view&videoid='.$videoid.'" method="post" ><div class="TableContainer" > <table class="Table1" cellpadding="0" cellspacing="0" > <div class="CaptionContainer" > <div class="CaptionInnerContainer" > <span class="CaptionEdgeLeftTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span> <span class="CaptionEdgeRightTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span> <span class="CaptionBorderTop" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif);" ></span> <span class="CaptionVerticalLeft" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></span> <div class="Text" >Account Login</div> <span class="CaptionVerticalRight" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></span> <span class="CaptionBorderBottom" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif);" ></span> <span class="CaptionEdgeLeftBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span> <span class="CaptionEdgeRightBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span> </div> </div> <tr> <td> <div class="InnerTableContainer" > <table style="width:100%;" ><tr><td class="LabelV" ><span >Account Number:</span></td><td style="width:100%;" ><input type="password" name="account_login" SIZE="10" maxlength="10" ></td></tr><tr><td class="LabelV" ><span >Password:</span></td><td><input type="password" name="password_login" size="30" maxlength="29" ></td></tr> </table> </div> </table></div></td></tr><br/><table width="100%" ><tr align="center" ><td><table border="0" cellspacing="0" cellpadding="0" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$layout_name.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$layout_name.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Submit" alt="Submit" src="'.$layout_name.'/images/buttons/_sbutton_submit.gif" ></div></div></td><tr></form></table></td><td><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=lostaccount" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$layout_name.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$layout_name.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Account lost?" alt="Account lost?" src="'.$layout_name.'/images/buttons/_sbutton_accountlost.gif" ></div></div></td></tr></form></table></td></tr></table>';

}

 

}

$idcoment = $_GET["idcoment"];

$idcoment=strtr($idcoment, '\'', '*');

if (($action == "delcomment") && ($idcoment != "")){

$sql = "SELECT * FROM comentarios WHERE id=$idcoment LIMIT 1";

$limite = mysql_query("$sql");

while ($sql = mysql_fetch_array($limite)) {

$accountvideo = $sql["account"];

 

if ($account_login == $accountvideo){

$vidx = "DELETE FROM comentarios WHERE id='$idcoment'";

$resultado = mysql_query($vidx)

or die ("Unable to perform the deletion of data.");

echo "<h1>Video deleted successfully!</h1>";

 

$sucesso = "?subtopic=videos&action=view&videoid=$videoid&msg=Deleted";

header("Location: $sucesso");

} else {

$sucesso = "?subtopic=videos&action=view&videoid=$videoid&msg=ERRO";

header("Location: $sucesso");

 

}

}

}

 

?>

 

 

Link para o comentário
Compartilhar em outros sites

4 respostass a esta questão

Posts Recomendados

  • 0

cara isso eu nao sei, mais entraram na minha conta de god um tempo atras... eu tava usando outro gesior entao mudei para o que to usando agora e para tirar as duvidas até removi a pagina...

 

depois de eu ter mudado nao fizeram a mesma coisa... '-' mais removi para nao fica aquela duvida!

 

alguem tem uma pagina segura e melhor? '-'

Link para o comentário
Compartilhar em outros sites

  • 0

Dúvida foi resolvida via msn:

Foi adequado ao servidor dele, instalação do meu website sem erros... Foi aconselhado que o mesmo não instalasse a pagina pois havia humores de sql inject na mesma.

 

Duvida sanada, tópico movido.

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.
×
×
  • Criar Novo...