Ayaka

The PDO error code 00000 means that everything works fine. The reason you're hitting the error-checking code is that $pdo is returning 0 (no rows were effected), so the query seems fine and you have a logical problem in your query if you ask me.

OR you have past errorInfo() on the wrong place.

Why escaping with:

mysql_real_escape_string

when using PDO?

 nevermind.. insert the code from Pollux after:

<?php

post the sql error.

Notice: If no error appears use

$arr = $pdo->errorInfo();
print_r($arr);

Read the error.  query failed: Unknown column 'applytype0' in 'field list' (query: SELECT id, window+0, pos, count, vnum, bind, socket0, socket1, socket2, attrtype0, attrvalue0, attrtype1, attrvalue1, attrtype2, attrvalue2, attrtype3, attrvalue3, attrtype4, attrvalue4, attrtype5, attrvalue5, attrtype6, attrvalue6, applytype0, applyvalue0, applytype1, applyvalue1, applytype2, applyvalue2, applytype3, applyvalue3, applytype4, applyvalue4, applytype5, applyvalue5, applytype6, applyvalue6, applytype7, applyvalue7 FROM item WHERE owner_id=157 AND (window < 3 or window = 5).

The column "applytype0" doesn't exist in table "item".

This is an example image for understanding what the type is:

just edit the column you have to change.

-- delete --

On 27.12.2015 at 11:48 PM, Brodishh said:

This Design and CMS is already public,

and dont use it, it have to much SQLis, take to much time to fix all

Bullshit. Would you look into the code you would see that its coded with PDO and Prepared Statements (example from TicketSystem.class.php):

$query = Database::query("SELECT * FROM ".$dbname.".ticket_system_tickets WHERE id = ? AND user_name = ?", array($id, $_SESSION["username"]));

sql injection isnt possible! > For your brain <

You can not do this with php because this is client side! You can do it with javascript / jQuery. Created a codepen: http://codepen.io/anon/pen/ZpNmOE

Here we dont count clicks per secound but the result is the same.

Maybe try to redescribe your scheme. Why do you want to do this? What is the background thought? Perhaps we have a better solution

There is no error in your index.php file. The error is in the included file which is loaded here:
include(realpath('./pages/')."/".$_GET['s'].".php");

What is the exact url for this error?
you can write it here like this: /pages/THEFILE

So you can post the correct file.

This is my old paymentwall script. Just change path to config and query lines. This was made for Shock Industries CMS. Dont forget to change the secret key

<?php
//###########################
//### Spenden API Script  ###
//### paymentwall_api.php ###
//###########################
// includiere inis
require("../inc/config.inc.php");

// Verbinde zur Datenbank
$sqlHp = mysql_connect(SQL_HP_HOST, SQL_HP_USER, SQL_HP_PASS);
  
if(!$sqlHp) {
    // Beende Script wenn Verbidung fehlgeschlagen.
    exit('Fehler beim Verbinden mit der Datenbank.');
};

define('SECRET', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'); // secret key
define('IP_WHITELIST_CHECK_ACTIVE', true); // Whitelist
define('CREDIT_TYPE_CHARGEBACK', 2); // Chargeback ist momentan 2

// Nur IPs von Paymentwall erlauben
$ipsWhitelist = array('174.36.92.186','174.36.96.66','174.36.92.187','174.36.92.192','174.37.14.28');

// Variablen zuordnen
$userId = isset($_GET['uid']) ? $_GET['uid'] : null;
$credits = isset($_GET['currency']) ? $_GET['currency'] : null;
$type = isset($_GET['type']) ? $_GET['type'] : null;
$refId = isset($_GET['ref']) ? $_GET['ref'] : null;

$slength = isset($_GET['slength']) ? $_GET['slength'] : null;
$speriod = isset($_GET['speriod']) ? $_GET['speriod'] : null;
$goodsid = isset($_GET['goodsid']) ? $_GET['goodsid'] : null;

$signature = isset($_GET['sig']) ? $_GET['sig'] : null;
$sign_version = isset($_GET['sign_version']) ? $_GET['sign_version'] : null;

$result = false;

// Wenn Fehler, gebe array aus
$errors = array ();

if(!empty($userId) && isset($type) && isset($goodsid) && !empty($refId) && !empty($signature)) {
    $signatureParams = array();
    
    // Version 1 signature   
    if(empty($sign_version) || $sign_version <= 1) {
        $signatureParams = array('uid' => $userId, 'slength' => $slength, 'speriod' => $speriod, 'currency' => $credits, 'type' => $type, 'ref' => $refId);
    }
    // Version 2 signature
    else {
        $signatureParams = array();
        foreach($_GET as $param => $value) {
            $signatureParams[$param] = $value;
            }
            unset($signatureParams['sig']);
    }

    // Check ob IP in whitelist und ob Signatur stimmt
    $signatureCalculated = calculatePingbackSignature($signatureParams, SECRET, $sign_version);
    // Run securitycheck
    if(!IP_WHITELIST_CHECK_ACTIVE || in_array($_SERVER['REMOTE_ADDR'], $ipsWhitelist)) {
        if($signature == $signatureCalculated) {
            $result = true;
            if ($type == CREDIT_TYPE_CHARGEBACK) {
                // Chargeback - Account sperren
                mysql_connect(SQL_HP_HOST, SQL_HP_USER, SQL_HP_PASS) or die ("keine Verbindung möglich.");
                mysql_select_db("account") or die ("Die Datenbank existiert nicht.");
                
                // Gleiche goodsid mit Datenbank ab
                    $abfrage = "SELECT * FROM paymentwall_coinsliste WHERE `goodsid` = '$goodsid'";
                    $ergebnis = mysql_query($abfrage);
                    while($row = mysql_fetch_object($ergebnis)) {
                        $var01 = $row->coins;
                    }
                    
                // Frage ab wie viel coins vorhanden
                $abfrage = "SELECT id, coins FROM account WHERE `id` = '$userId'";
                $ergebnis = mysql_query($abfrage);
                while($row = mysql_fetch_object($ergebnis)) {
                    $currentcoints = $row->coins;
                }
                
                // Ziehe Coints von vorhandem Betrag ab
                $finalcoins = $currentcoints - $var01;                
                
                // Udate Aktuellen Cointstand des Useres
                $aendern1 = "UPDATE `account` SET `coins` = '$finalcoins' WHERE `id` = '$userId'";
                mysql_query($aendern1);
                
                // Mache Eintrag in die Tabelle paymentwall
                $eintrag = "INSERT INTO paymentwall (UserID, Currency, Type, Date) VALUES ('".$userId."', '-".$var01."', 'Chargeback', '".date("d-m-Y H:i:s")."')";
                mysql_query($eintrag);
                
                // Gebe User den Status DONATE
                $aendern2 = "UPDATE `account` SET `status` = 'DONATE' WHERE `id` = '$userId'";
                mysql_query($aendern2);
                
                // echo "Dein Account wurde blockiert!";
                } else {
                    mysql_connect(SQL_HP_HOST, SQL_HP_USER, SQL_HP_PASS) or die ("keine Verbindung möglich.");
                    mysql_select_db("account") or die ("Die Datenbank existiert nicht.");
                    
                    // Gleiche goodsid mit Datenbank ab
                    $abfrage = "SELECT * FROM paymentwall_coinsliste WHERE `goodsid` = '$goodsid'";
                    $ergebnis = mysql_query($abfrage);
                    while($row = mysql_fetch_object($ergebnis)) {
                        $var01 = $row->coins;
                    }
                    
                    // Mache Eintrag in die Tabelle paymentwall
                    $eintrag = "INSERT INTO paymentwall (UserID, Currency, Type, Date) VALUES ('".$userId."', '".$var01."', 'OK', '".date("d-m-Y H:i:s")."')";
                    mysql_query($eintrag);
                    
                    
                    // Frage ab wie viel coins vorhanden
                    $abfrage = "SELECT id, coins FROM account WHERE `id` = '$userId'";
                    $ergebnis = mysql_query($abfrage);
                    while($row = mysql_fetch_object($ergebnis)) {
                        $currentcoints = $row->coins;
                    }
                    
                    $finalcoins = $currentcoints + $var01;
                    $aendern = "UPDATE `account` SET `coins` = '$finalcoins' WHERE `id` = '$userId'";
                    mysql_query($aendern);
                    // echo "Dir wurden <b>$credits</b> coints gutgeschrieben";
                }
        } else {
            $errors['signature'] = 'Signature ist nicht korrekt!'; 
        }
    } else {
        $errors['whitelist'] = 'IP nicht in der Whitelist!';
    }
} else {
    $errors['params'] = 'Es fehlen Parameter!';
}
// Gebe OK ab um Transaktion zu beenden
if($result) {
    echo 'OK';
} else {
    echo implode(' ', $errors);
}

// Signature calculation function
function calculatePingbackSignature($params, $secret, $version) {
    $str = '';
    if($version == 2) {
        ksort($params);
    }
    foreach($params as $k=>$v) {
        $str .= "$k=$v";
    }
    $str .= $secret;
    return md5($str);
}
class Database
    {
        private $db;
        public function Database($host, $user, $pass, $db) {
            try {
                $this->db = new PDO("mysql:dbname=".$db.";host=".$host.";", $user, $pass);        
            } catch(PDOEXCEPTION $e) {
                die('Error! [Code: '.$e->getCode().']!');
            }
        }
        public function runQuery($query) {
            return $this->db->query($query);    
        }
    }
?>

 This is an old script. I dont know if it works today. You can delete the database class. You dont need it in your case

are you guys reading what i am posting? If he would debug like i said the error would say when sqlServ is not defined.

nope thats not the way mysql_query works... first parameter query, secound link_identifier! Look here

@topic:The problem is that you dont override the edited file on your server! If you get the exactly same error after the changes like i said you HAVE TO get 3 new outputs! If not the file is not changed on your server

Cant be. mysql_num_rows() throws boolean -> "false" because no resource given from your query. If your query fails the "or" operator jump in with mysql_error(). If no mysql_error is given you did something wrong. do this and post the output:

after:

$sqlQry = mysql_query($sqlCmd,$sqlServ) or die(mysql_error());

add

var_dump($sqlCmd);
var_dump($sqlServ);
var_dump($sqlQry);

dont forget do censor sensitiv data befor posting here

after <?php at the top of your file:

ini_set('display_errors',1);
error_reporting(E_ALL);

then replace:

$sqlQry = mysql_query($sqlCmd,$sqlServ);

with:

$sqlQry = mysql_query($sqlCmd,$sqlServ) or die(mysql_error());

and try again. Post the mysql error here.

as metin2-factory said. mysql_query return FALSE on failure -> "boolean given".  if you debug you would knew that there is the misstep.

after <?php at the top of your file (if errors disabled):

ini_set('display_errors',1);
error_reporting(E_ALL);

then replace:

$sqlQry = mysql_query($sqlCmd,$sqlServ);

with:

$sqlQry = mysql_query($sqlCmd,$sqlServ) or die(mysql_error());

Read and try to understand the mysql error.

Just a Tip after reading the error:

In your index.php you should have a line like this:

 $sqlServ = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS);

SQL_HOST, SQL_USER and SQL_PASS are defined in "inc/config.ini.php". In my estimation, you have specified wrong SQL Data there.

session problem. Hard to say how to fix because you have to chack more files.

What did you do? 
You should run myisamchk on the .MYD file.

https://dev.mysql.com/doc/refman/5.0/en/myisamchk.html

If this is not working you can removing old tempfiles like this (dont know the path on FreeBSD but just check where to find mysql - this is an Debian Linux example):

rm /var/lib/mysql/*/*.TMD

Im sure that this is a permission problem in group. You are trying this with navicat, or?

this season is epic as fuck. I like that they show more exciting personal insights and emotions.

as i wrote "in this case". We have a text mail not a html mail. Maybe some email clients can read br tags in text mails but it is wrong to do it with this content type

Content-type: text/plain

nope. you have to set the linebreak right in and after the implode function. <br> isnt working because you have to set "\r\n" for linebreaks in mail function in this case.

replace

$comma_separated = implode(",", $foundLogins);

with

$comma_separated = implode("\r\n",$foundLogins)."\r\n";

i wrote that for you. NOT TESTED!

<?php
if(isset($_POST['idrecover']) && $_POST['idrecover']=="Recuperar") {
    if (checkMail($_POST['idemail'])) {
        $email = mysql_real_escape_string($_POST['idemail']);
        $getUser = "SELECT login FROM account.account WHERE email='" . $email . "'";
        $qryUser = mysql_query($getUser);

        if (mysql_num_rows($qryUser) > 0) {
            // Set empty array
            $foundLogins = array();
            // get all User IDs with the given email
            while ($row = mysql_fetch_array($qryUser)) {
                $foundLogins[] = $row['login'];
            }
            // config email
            $from = "[email protected]"; // email (from)
            $to = "[email protected]"; // email (to)
            $subject = "Subject"; // Subject

            $message = "Found the following IDs with the email " . $email . ":";
            foreach ($foundLogins as $foundLogin) {
                $message .= "ID: " . $foundLogin . " ,";
            }

            // set email header
            $headers = array();
            $headers[] = "MIME-Version: 1.0";
            $headers[] = "Content-type: text/plain; charset=iso-8859-1";
            $headers[] = "From: Sender Name <$from>";
            $headers[] = "Reply-To: Recipient Name <$from>";
            $headers[] = "Subject: {$subject}";
            $headers[] = "X-Mailer: PHP/" . phpversion();

            // send mail
            if (!mail($to, $subject, $message, implode("\r\n", $headers))) {
                echo "Email could not send";
            } else {
                echo "Email send";
            }
        } else {
            echo "No entries found with this email";
        }
    } else {
        echo "email not valid";
    }
} else {
    echo "fill the formular";
}
?>

Edit: Better without foreach:

<?php
if(isset($_POST['idrecover']) && $_POST['idrecover']=="Recuperar") {
    if (checkMail($_POST['idemail'])) {
        $email = mysql_real_escape_string($_POST['idemail']);
        $getUser = "SELECT login FROM account.account WHERE email='" . $email . "'";
        $qryUser = mysql_query($getUser);

        if (mysql_num_rows($qryUser) > 0) {
            // Set empty array
            $foundLogins = array();
            // get all User IDs with the given email
            while ($row = mysql_fetch_array($qryUser)) {
                $foundLogins[] = $row['login'];
            }
            // config email
            $from = "[email protected]"; // email (from)
            $to = "[email protected]"; // email (to)
            $subject = "Subject"; // Subject

            $message = "Found the following IDs with the email " . $email . ": ";
            $comma_separated = implode(",", $foundLogins);
            $finalMessage = $message.$comma_separated;

            // set email header
            $headers = array();
            $headers[] = "MIME-Version: 1.0";
            $headers[] = "Content-type: text/plain; charset=iso-8859-1";
            $headers[] = "From: Sender Name <$from>";
            $headers[] = "Reply-To: Recipient Name <$from>";
            $headers[] = "Subject: {$subject}";
            $headers[] = "X-Mailer: PHP/" . phpversion();

            // send mail
            if (!mail($to, $subject, $finalMessage, implode("\r\n", $headers))) {
                echo "Email could not send";
            } else {
                echo "Email send";
            }
        } else {
            echo "No entries found with this email";
        }
    } else {
        echo "email not valid";
    }
} else {
    echo "fill the formular";
}
?>

a tip: If someone want to do this for you, check his frontend developer skills in HTML5 and CSS3. You should require knowledge in Web standards and pay nothing without references which proving Skills in responsive design and jQuery (+Ajax).

I dont think that you will find something like this for free. Its realy nice coded - the most metin2 "hobbycoders" don't use such css3 and html5 because its all about an epic design and heavy graphics - here we got a good and clean example with up to date webstandards -> clean, simple and responsive!

This is the encoded ioncube version! You can't develop or edit corefunktions in this. If you want to create a design for this you have to accept that you can only work with the given guidlines. I know that the former (Lars) sold his CMS decoded to Hikari-mt2 SA.

I changed my post above for correct information.

- Shock-industries CMS (free) - full featured -> encoded! -> Link OR (not free mybe only for some people) -> decoded
- MT2GS CMS 1.0 by hennink (free) - full featured - but very very very old and outdated code! -> Link

Not finished CMS (to be taken seriously):
-Quantum CMS (free) - qualified code - has very little features atm. ->