Флэш-приложения для JohnCMS 3.2.2

2.01K
.
ПФК ЦСКА forever!
KALASHHNIKOV, на твой пост (29.08.2011 / 01:31) отвечу, А у мну нет категории не создаются, а когда через бд создаю, при заходе тока шапку показывает.
.
vitrum
автор спасибо все прекрасно работает! Подскажите а как счетчик новых игр на главной сделать рядом ссылкой? пробовал так <span class="red">('.$gamen.')</span> но ничего не вышло
.
tillad
vitrum,
$gamet = mysql_result(mysql_query("SELECT COUNT(*) FROM `flashgame`"), 0);
$old = $realtime - (1 * 24 * 3600);
$gamen = mysql_result(mysql_query("SELECT COUNT(*) FROM `flashgame`  WHERE `time` > '". $old ."';"), 0);

echo '<span class="red">('.$gamet.'/+'.$gamen.')</span>';
.
tillad, не работает вся главная исчезает
.
ПФК ЦСКА forever!
vitrum, Должно работать это, если с прямых рук делать...
.
vitrum, http://aspus.tk/ || вставил данный код
.
как здесь прописать этот код?
echo '<div class="menu"><img src="/1/0.gif" alt=""/> <a href="fgames/?">Флеш игры</a></div>';
.
tillad
vitrum,

$gamet = mysql_result(mysql_query("SELECT COUNT(*) FROM `flashgame`"), 0);
$old = $realtime - (1 * 24 * 3600);
$gamen = mysql_result(mysql_query("SELECT COUNT(*) FROM `flashgame`  WHERE `time` > '". $old ."';"), 0);

echo '<div class="menu"><img src="/1/0.gif" alt=""/> <a href="/fgames">Флеш игры</a> ('.$gamet.'/<span class="red">+'.$gamen.')</span></div>';
.
6 - Файлов проверено

Полный отчет:/flash/index.php $id
68:
$req = mysql_query("SELECT * FROM `myflash` WHERE `ftp`='". $id ."' && `userid`='". $user_id ."'"); SQL Injection!
/flash/index.php $nam
73:
<input type="submit" name="submit" value="�а"> | <a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">�е�</a> XSS!
/flash/index.php $id
80:
$a = mysql_fetch_assoc(mysql_query("SELECT * FROM `flashgame` WHERE `ftp`='". $id ."'")); SQL Injection!
/flash/index.php $a
81:
echo '<div class="rmenu"><p><b>��иложение '. $a['game'] .' �о��анено</b></p></div>'; XSS!
/flash/index.php $nam
94:
echo '<div class="phdr"><a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">� иг��</a></div>'; XSS!
/flash/index.php $nam
100:
echo '<div class="phdr"><a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">� иг��</a></div>'; XSS!
/flash/index.php $nam
165:
echo '<div class="phdr"><a href="?act=koms&id='. $id .'&amp;name='. $nam .'&amp;idm='. $idm .'">� коммен�а�ии</a></div>'; XSS!
/flash/index.php $nam
180:
$i = mysql_result(mysql_query("SELECT * FROM `flashgame` WHERE `ftp`='". $id ."' && `cat`='".$nam."' && `idgame`='".$idm."'"), 0); SQL Injection!
/flash/index.php $nam
191:
echo '<div class="list1"><form action="/fgames/kom_'.$id.'_'.$nam.'_'.$idm.'" name="id" method="post"> XSS!
/flash/index.php $nam
238:
echo '<div class="list1"><a href="/fgames/?act=komsdel&id='.$id.'&amp;name='.$nam.'&amp;idm='.$idm.'&amp;idkom='.$res['id'].'">Удали��</a></div>'; XSS!
/flash/index.php $nam
243:
echo '<div class="list1"><a href="/fgames/?act=komsdel&id='.$id.'&amp;name='.$nam.'&amp;idm='.$idm.'">����</a></div>'; XSS!
/flash/index.php $nam
246:
echo '<div class="list1">' . pagenav('/fgames/kom_'.$id.'_'.$nam.'_'.$idm.'&amp;',$start, $total, $kmess) . '</div>'; XSS!
/flash/index.php $nam
248:
echo '<div class="phdr"><a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">� иг��</a></div>'; XSS!
/flash/index.php $fail
273:
echo '<div class="phdr"><a href="/fgames/?act=game&id='.$fail.'&nam='.$nam.'&idm='.$idm.'">� иг��</a></div>'; XSS!
/flash/index.php $fail
290:
echo '<div class="phdr"><a href="/fgames/?act=game&id='. $fail .'&nam='. $nam .'&idm='. $idm .'">� иг��</a></div>'; XSS!
/flash/index.php $name
363:
echo '<form name="form" action="?act=rgame&amp;id='. $id .'&amp;name='. $name .'&amp;idga='. $idga .'" method="POST">'; XSS!
/flash/index.php $name
385:
echo '<div class="phdr"><a href="/fgames/?act=cat&id='.$idga.'&names='.$name.'">� ка�его�и�</a></div>'; XSS!
/flash/index.php $names
458:
<input type="submit" name="submit" value="�а"> | <a href="/fgames/?act=cat&id='. $id .'&names='. $names .'">�е�</a> XSS!
/flash/index.php $names
475:
echo '<div class="phdr">�а�его�и� <b>'. $names .'</b> �далена</div> XSS!
/flash/index.php $names
491:
$req = mysql_result(mysql_query("SELECT * FROM `flashcat` WHERE `id`='" . $id . "' && `ftp`='" . $names . "'"), 0); SQL Injection!
/flash/index.php $names
506:
echo '<div class="list1"><div class="func"><a href="/fgames/?act=load&amp;cat='.$names.'&amp;id='.$id.'">�обави�� иг��</a><br />'; XSS!
/flash/index.php $names
507:
echo '<a href="/fgames/?act=deletecat&amp;names='.$names.'&amp;id='.$id.'">Удали�� ка�его�и�</a></div></div>'; XSS!
/flash/index.php $names
513:
echo '<div class="list1"><small>Со��и�овка по: <a href="/fgames/catalogt/'.$id.'/'.$names.'/ok">�а�е</a> | <a href="/fgames/catalogr/'.$id.'/'.$names.'/ok">Рей�инг�</a> | <a href="/fgames/catalogc/'.$id.'/'.$names.'/ok">��оиг��вани�</a></small></div>'; XSS!
/flash/index.php $names
542:
echo '<div class="list1"><div class="func"><a href="/fgames/?act=rgame&amp;id='.$a['id'].'&amp;name='.$names.'&amp;idga='.$id.'">Редак�и�ова��</a></div></div>'; XSS!
/flash/index.php $names
548:
echo '<div class="list1">' . pagenav('/fgames/catalog/'.$id.'/'.$names.'&amp;',$start, $total, $kmess) . '</div>'; XSS!
/flash/index.php $names
554:
echo '<div class="list1"><div class="func"><a href="/fgames/?act=load&amp;cat='.$names.'&amp;id='.$id.'">�обави�� иг��</a><br />'; XSS!
/flash/index.php $names
555:
echo '<a href="/fgames/?act=deletecat&amp;names='.$names.'&amp;id='.$id.'">Удали�� ка�его�и�</a></div></div>'; XSS!
/flash/index.php $name
600:
$req = mysql_query("SELECT * FROM `flashgame` WHERE `game`='".$name."'"); SQL Injection!
/flash/index.php $nam
692:
echo '<input type="submit" name="submit" value="�а"> | <a href="?act=game&id='.$id.'&nam='.$nam.'&idm='.$idm.'">�е�</a>'; XSS!
/flash/index.php $nam
715:
echo '<div class="phdr"><a href="/fgames/?act=cat&id='. $idm .'&names='. $nam .'">� ка�его�и�</a></div>'; XSS!
/flash/index.php $nam
731:
$req = mysql_result(mysql_query("SELECT * FROM `flashgame` WHERE `ftp`='" . $id . "' && `cat`='" . $nam . "' &&`idgame`='" . $idm . "'"), 0); SQL Injection!
/flash/index.php $nam
751:
<a href="/fgames/plus_' . $res['id'] .'_1_'.$user_id.'_'.$id.'_'.$nam.'_'.$idm.'">��ави���</a> XSS!
/flash/index.php $nam
753:
<a href="/fgames/minus_' . $res['id'] .'_1_'.$user_id.'_'.$id.'_'.$nam.'_'.$idm.'">�е н�ави���</a> XSS!
/flash/index.php $nam
761:
echo '<div class="tablis"><div class="list1"><img src="/fgames/img/rating.png" alt="*"/><a href="/fgames/myok_'.$id.'_'.$nam.'_'.$idm.'">�обави�� в мои п�иложени�</a></div></div>'; XSS!
/flash/index.php $nam
775:
echo '<div class="list1"><div align="center"><form action="'.$home.'/fgames/cat/'.$nam.'/'.$id.'">'; XSS!
/flash/index.php $nam
781:
echo '<table width="100%" height="100%" border="0" cellspacing="0" cellpadding="0"><tr><td><div class="tablis"><div class="menu"><img src="'.$home.'/fgames/cat/'.$nam.'/'.$res['scrin'].'" alt="'.$res['game'].'"/></div></div></td><td width="100%" height="100%" valign="top">'; XSS!
/flash/index.php $nam
786:
echo '<div class="tablis"><div class="list1"><a href="/fgames/kom_'.$id.'_'.$nam.'_'.$idm.'">�оммен�а�ии</a> ('.$komm.')</div></div>'; XSS!
/flash/index.php $nam
787:
echo '<div class="phdr"><a href="/fgames/catalog/'.$idm.'/'.$nam.'">� ка�его�и�</a></div>'; XSS!
/flash/index.php $nam
788:
if ($rights == 9) { echo '<div class="list1"><div class="func"><a href="/fgames/?act=delgame&amp;id='.$id.'&amp;nam='.$nam.'&amp;idm='.$idm.'&amp;scr='.$res['scrin'].'&amp;igr='.$res['id'].'">Удали�� иг��</a></div></div>'; XSS!
/index.php $id
67:
$req = mysql_query("SELECT * FROM `myflash` WHERE `ftp`='". $id ."' && `userid`='". $user_id ."'"); SQL Injection!
/index.php $nam
72:
<input type="submit" name="submit" value="�а"> | <a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">�е�</a> XSS!
/index.php $id
79:
$a = mysql_fetch_assoc(mysql_query("SELECT * FROM `flashgame` WHERE `ftp`='". $id ."'")); SQL Injection!
/index.php $a
80:
echo '<div class="rmenu"><p><b>��иложение '. $a['game'] .' �о��анено</b></p></div>'; XSS!
/index.php $nam
93:
echo '<div class="phdr"><a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">� иг��</a></div>'; XSS!
/index.php $nam
99:
echo '<div class="phdr"><a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">� иг��</a></div>'; XSS!
/index.php $nam
164:
echo '<div class="phdr"><a href="?act=koms&id='. $id .'&amp;name='. $nam .'&amp;idm='. $idm .'">� коммен�а�ии</a></div>'; XSS!
/index.php $nam
179:
$i = mysql_result(mysql_query("SELECT * FROM `flashgame` WHERE `ftp`='". $id ."' && `cat`='".$nam."' && `idgame`='".$idm."'"), 0); SQL Injection!
/index.php $nam
190:
echo '<div class="list1"><form action="/fgames/kom_'.$id.'_'.$nam.'_'.$idm.'" name="id" method="post"> XSS!
/index.php $nam
237:
echo '<div class="list1"><a href="/fgames/?act=komsdel&id='.$id.'&amp;name='.$nam.'&amp;idm='.$idm.'&amp;idkom='.$res['id'].'">Удали��</a></div>'; XSS!
/index.php $nam
242:
echo '<div class="list1"><a href="/fgames/?act=komsdel&id='.$id.'&amp;name='.$nam.'&amp;idm='.$idm.'">����</a></div>'; XSS!
/index.php $nam
245:
echo '<div class="list1">' . pagenav('/fgames/kom_'.$id.'_'.$nam.'_'.$idm.'&amp;',$start, $total, $kmess) . '</div>'; XSS!
/index.php $nam
247:
echo '<div class="phdr"><a href="/fgames/game/'.$nam.'/'.$idm.'/'.$id.'">� иг��</a></div>'; XSS!
/index.php $fail
272:
echo '<div class="phdr"><a href="/fgames/?act=game&id='.$fail.'&nam='.$nam.'&idm='.$idm.'">� иг��</a></div>'; XSS!
/index.php $fail
289:
echo '<div class="phdr"><a href="/fgames/?act=game&id='. $fail .'&nam='. $nam .'&idm='. $idm .'">� иг��</a></div>'; XSS!
/index.php $name
362:
echo '<form name="form" action="?act=rgame&amp;id='. $id .'&amp;name='. $name .'&amp;idga='. $idga .'" method="POST">'; XSS!
/index.php $name
384:
echo '<div class="phdr"><a href="/fgames/?act=cat&id='.$idga.'&names='.$name.'">� ка�его�и�</a></div>'; XSS!
/index.php $names
458:
<input type="submit" name="submit" value="�а"> | <a href="/fgames/?act=cat&id='. $id .'&names='. $names .'">�е�</a> XSS!
/index.php $names
475:
echo '<div class="phdr">�а�его�и� <b>'. $names .'</b> �далена</div> XSS!
/index.php $names
491:
$req = mysql_result(mysql_query("SELECT * FROM `flashcat` WHERE `id`='" . $id . "' && `ftp`='" . $names . "'"), 0); SQL Injection!
/index.php $names
506:
echo '<div class="list1"><div class="func"><a href="/fgames/?act=load&amp;cat='.$names.'&amp;id='.$id.'">�обави�� иг��</a><br />'; XSS!
/index.php $names
507:
echo '<a href="/fgames/?act=deletecat&amp;names='.$names.'&amp;id='.$id.'">Удали�� ка�его�и�</a></div></div>'; XSS!
/index.php $names
513:
echo '<div class="list1"><small>Со��и�овка по: <a href="/fgames/catalogt/'.$id.'/'.$names.'/ok">�а�е</a> | <a href="/fgames/catalogr/'.$id.'/'.$names.'/ok">Рей�инг�</a> | <a href="/fgames/catalogc/'.$id.'/'.$names.'/ok">��оиг��вани�</a></small></div>'; XSS!
/index.php $names
542:
echo '<div class="list1"><div class="func"><a href="/fgames/?act=rgame&amp;id='.$a['id'].'&amp;name='.$names.'&amp;idga='.$id.'">Редак�и�ова��</a></div></div>'; XSS!
/index.php $names
548:
echo '<div class="list1">' . pagenav('/fgames/catalog/'.$id.'/'.$names.'&amp;',$start, $total, $kmess) . '</div>'; XSS!
/index.php $names
554:
echo '<div class="list1"><div class="func"><a href="/fgames/?act=load&amp;cat='.$names.'&amp;id='.$id.'">�обави�� иг��</a><br />'; XSS!
/index.php $names
555:
echo '<a href="/fgames/?act=deletecat&amp;names='.$names.'&amp;id='.$id.'">Удали�� ка�его�и�</a></div></div>'; XSS!
/index.php $name
600:
$req = mysql_query("SELECT * FROM `flashgame` WHERE `game`='".$name."'"); SQL Injection!
/index.php $nam
692:
echo '<input type="submit" name="submit" value="�а"> | <a href="?act=game&id='.$id.'&nam='.$nam.'&idm='.$idm.'">�е�</a>'; XSS!
/index.php $nam
715:
echo '<div class="phdr"><a href="/fgames/?act=cat&id='. $idm .'&names='. $nam .'">� ка�его�и�</a></div>'; XSS!
/index.php $nam
731:
$req = mysql_result(mysql_query("SELECT * FROM `flashgame` WHERE `ftp`='" . $id . "' && `cat`='" . $nam . "' &&`idgame`='" . $idm . "'"), 0); SQL Injection!
/index.php $nam
751:
<a href="/fgames/plus_' . $res['id'] .'_1_'.$user_id.'_'.$id.'_'.$nam.'_'.$idm.'">��ави���</a> XSS!
/index.php $nam
753:
<a href="/fgames/minus_' . $res['id'] .'_1_'.$user_id.'_'.$id.'_'.$nam.'_'.$idm.'">�е н�ави���</a> XSS!
/index.php $nam
761:
echo '<div class="tablis"><div class="list1"><img src="/fgames/img/rating.png" alt="*"/><a href="/fgames/myok_'.$id.'_'.$nam.'_'.$idm.'">�обави�� в мои п�иложени�</a></div></div>'; XSS!
/index.php $nam
775:
echo '<div class="list1"><div align="center"><form action="'.$home.'/fgames/cat/'.$nam.'/'.$id.'">'; XSS!
/index.php $nam
781:
echo '<table width="100%" height="100%" border="0" cellspacing="0" cellpadding="0"><tr><td><div class="tablis"><div class="menu"><img src="'.$home.'/fgames/cat/'.$nam.'/'.$res['scrin'].'" alt="'.$res['game'].'"/></div></div></td><td width="100%" height="100%" valign="top">'; XSS!
/index.php $nam
786:
echo '<div class="tablis"><div class="list1"><a href="/fgames/kom_'.$id.'_'.$nam.'_'.$idm.'">�оммен�а�ии</a> ('.$komm.')</div></div>'; XSS!
/index.php $nam
787:
echo '<div class="phdr"><a href="/fgames/catalog/'.$idm.'/'.$nam.'">� ка�его�и�</a></div>'; XSS!
/index.php $nam
788:
if ($rights == 9) { echo '<div class="list1"><div class="func"><a href="/fgames/?act=delgame&amp;id='.$id.'&amp;nam='.$nam.'&amp;idm='.$idm.'&amp;scr='.$res['scrin'].'&amp;igr='.$res['id'].'">Удали�� иг��</a></div></div>';
.
чета все в дырках
Всего: 81