php - 设计用于 PHP 4 的旧 PhotoRate 2.0 现在无法使用

Question

我已经从这个名为 PhotoRate 2.0 的原始脚本构建了一个更大的脚本，它最初是为 php 4 设计的，并且一直工作到我的提供商最近升级了他们的 php 版本。我这里有原始脚本。

第一部分是 config.php

<?
####################################
#        PhotoRate v2.0
#      Nuked Web Services
#    http://www.nukedweb.com/
####################################

#These 4 blank variables MUST be filled in with your
#MySQL information before you canstart.


$sqlhost = "";
$sqllogin = "";
$sqlpass = "";
$sqldb = "";
$table = "photorate";

#Voting Options - Change these to suit your purpose for PhotoRate
$option_a = "Disgusting!";
$option_b = "Pretty Bad!";
$option_c = "It's OK.";
$option_d = "Pretty Nice!";
$option_e = "Oh YEAH!";

#Color bars - These specify the colors of the vote results bars on each page.
$optcolor_a = "#FF0000";
$optcolor_b = "#0033FF";
$optcolor_c = "#00CC66";
$optcolor_d = "#FFFF33";
$optcolor_e = "#9966FF";

#This specifies the maximum size (in bytes) for uploaded pictures.
$maxsize = "100000";

#This needs not to be edited. It's the code to connect to MySQL. :)
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass);

mysql_select_db($sqldb, $db);

?>

下一部分是 index.php

<?
####################################
#        PhotoRate v2.0
#      Nuked Web Services
#    http://www.nukedweb.com/
####################################

include "./config.php";

if ($voteid && $voteval){
if ($voteval=="1") $vfield = "vote_a";
if ($voteval=="2") $vfield = "vote_b";
if ($voteval=="3") $vfield = "vote_c";
if ($voteval=="4") $vfield = "vote_d";
if ($voteval=="5") $vfield = "vote_e";
$sql = "select $vfield from $table where id='$voteid'";
$result = mysql_query($sql);
$resrow = mysql_fetch_row($result);
$curval = $resrow[0];
$curval++;
$sql = "update $table set $vfield = '$curval' where id='$voteid'";
$result = mysql_query($sql);
$sql = "select id from $table where id < '$voteid' order by id desc LIMIT 0,1";
$result = mysql_query($sql);
if (mysql_num_rows($result)==0){
    print "You've reached the end of the pictures. <a href='index.php'>Click  here</a> to go back to the beginning.";
    exit;
}
$resrow = mysql_fetch_row($result);
$id = $resrow[0];
}

 if (!$id){
$sql = "select max(id) from $table";
$result = mysql_query($sql) or die("Failed: $sql - ".mysql_error());
$resrow = mysql_fetch_row($result);
$id = $resrow[0];
if (!$id){
    print "No pictures have yet been submitted. <a href='new.php'>Click   here</a> to submit one.";
    exit;
}
 }

 $sql = "select email,aim,icq,yahoo,homepage,vote_a,vote_b,vote_c,vote_d,vote_e,picfile,dt from $table where id='$id'";
$result = mysql_query($sql) or die("Failed: $sql - ".mysql_error());
$resrow = mysql_fetch_row($result);
$email = $resrow[0];
$aim = $resrow[1];
$icq = $resrow[2];
$yahoo = $resrow[3];
$homepage = $resrow[4];
$vote_a = $resrow[5];
$vote_b = $resrow[6];
$vote_c = $resrow[7];
$vote_d = $resrow[8];
$vote_e = $resrow[9];
$picfile = $resrow[10];
$dtf = $resrow[11];
$dta = split(" ", $dtf);
$created = $dta[0];

if ($email) $btns .= "<a href='mailto:$email'><img src='images/icon-email.gif'  border='0'></a> ";
if ($aim) $btns .= "<a href='aim:goim?screenname=$aim'><img src='images/icon-aim.gif' border='0'></a> ";
if ($icq) $btns .= "<a href='http://wwp.icq.com/scripts/contact.dll?msgto=$icq'><img src='images/icon-icq.gif' border='0'></a> ";
if ($yahoo) $btns .= "<a href='ymsgr:sendim?".$yahoo."'><img src='images/icon-yahoo.gif' border='0'></a> ";
if ($homepage) $btns .= "<a href='$homepage' target='pr_".$id."'><img src='images/icon-home.gif' border='0'></a> ";

if ($vote_a > $biggestnum) $biggestnum = $vote_a;
if ($vote_b > $biggestnum) $biggestnum = $vote_b;
if ($vote_c > $biggestnum) $biggestnum = $vote_c;
if ($vote_d > $biggestnum) $biggestnum = $vote_d;
if ($vote_e > $biggestnum) $biggestnum = $vote_e;
if (!$biggestnum) $biggestnum = $vote_a;
$vp_a = 0;
$vp_b = 0;
$vp_c = 0;
$vp_d = 0;
$vp_e = 0;
if ($vote_a!=0) $vp_a = intval(($vote_a/$biggestnum)*100);
if ($vote_b!=0) $vp_b = intval(($vote_b/$biggestnum)*100);
if ($vote_c!=0) $vp_c = intval(($vote_c/$biggestnum)*100);
if ($vote_d!=0) $vp_d = intval(($vote_d/$biggestnum)*100);
if ($vote_e!=0) $vp_e = intval(($vote_e/$biggestnum)*100);

$template = join("", file("./template.html"));
$template = str_replace("[contactbuttons]", $btns, $template);
$template = str_replace("[picture]", "<img src='pics/".$picfile."'>", $template);
$template = str_replace("[voteoptions]", "<form name='form1' method='post' action=''>   <input type='radio' name='voteval' value='1'>$option_a <br><input type='radio'   name='voteval' value='2'>$option_b<br><input type='radio' name='voteval'  value='3'>$option_c<br><input type='radio' name='voteval' value='4'>$option_d<br><input   type='radio' name='voteval' value='5'>$option_e<br><input type='hidden' name='voteid'   value='$id'><input type='submit' value='Vote!'></form>", $template);
$template = str_replace("[voteresults]", "<table width='100%' border='0' cellspacing='0' cellpadding='0'><tr><td width='500' align='right' valign='top'><font size='-3' face='Verdana, Arial, Helvetica, sans-serif'>$option_a ($vote_a Votes)<br>$option_b ($vote_b Votes)<br>$option_c ($vote_c Votes)<br>$option_d ($vote_d Votes)<br>$option_e ($vote_e Votes)</font></td><td width='503'> <table width='$vp_a' border='0' cellspacing='0' cellpadding='0' height='13'><tr> <td bgcolor='$optcolor_a'><font size='-3'  face='Verdana'>&nbsp;</font></td></tr></table><table width='$vp_b' border='0' cellspacing='0' cellpadding='0' height='13'><tr> <td bgcolor='$optcolor_b'><font size='-3' face='Verdana'>&nbsp;</font></td></tr></table><table width='$vp_c' border='0' cellspacing='0' cellpadding='0' height='13'><tr> <td bgcolor='$optcolor_c'><font size='-3' face='Verdana'>&nbsp;</font></td></tr></table><table width='$vp_d' border='0' cellspacing='0' cellpadding='0' height='13'><tr> <td bgcolor='$optcolor_d'><font size='-3' face='Verdana'>&nbsp;</font></td></tr></table><table width='$vp_e' border='0' cellspacing='0' cellpadding='0' height='13'><tr> <td bgcolor='$optcolor_e'><font size='-3' face='Verdana'>&nbsp;</font></td></tr></table></td></tr></table><font size='-3' face='Verdana, Arial, Helvetica, sans-serif'>Powered By <a   href='http://nukedweb.memebot.com/' target='_nukedweb'>PhotoRate</a></font>", $template);

print $template;
?>

问题是它根本不增加图片吗？它确实和旧的 php 一样，脚本中没有任何变化。

我检查了错误并得到了一个应该更改 split() 的错误，我在 $dta = split(" ", $dtf) 中使用它，任何人告诉我我应该做的更改会很酷。其他错误只是说没有为许多变量定义变量，但我相信这是因为错误报告已打开。

在此先感谢...我已经盯着这个太久了...我很难过。

score 3 · Accepted Answer

您发布的代码似乎广泛使用了该register_globals功能。在 4.2 之前的 PHP 中，默认值为on，但在 PHP 5.4 中删除了整个功能。

的效果register_globals是使查询字符串参数自动作为代码中的变量可用。删除它后，除非您更改代码，否则页面之间的任何通信都不会发生。

您需要查看查询字符串中传递了哪些变量，并将每个变量的行添加到代码顶部，如下所示：

$variable = $_GET['variable'];

然而，还有其他问题在酝酿。此代码使用mysql_*()函数与数据库进行交互。这些功能本身已被弃用，很快就会被删除。您应该重新编写代码以使用mysqli_*()orPDO代替。由于使用查询字符串变量的方式，还存在 SQL 注入攻击的能力。

将代码修复为现代标准并不是一项简单的任务。这是可能的，但你可能会更好地获得一些更新的代码。

php - 设计用于 PHP 4 的旧 PhotoRate 2.0 现在无法使用

1 回答 1

Related

Reference