(( للخبراء فقط )) ثغرة Remote SQL Injection Exploit في ملف .. وما حل ترقيعها

**الزير ماكس** · 15-10-2008

السلام عليكم ورحمة الله وبركاته ،،،،

اخواني الكرام امل ان اكون وفقت في وضع الموضوع في مكانه الصحيح لانه برمجي من الدرجة الأولى ..
لدي سكريبت ولكن اكتشفت من المواقع الاجنبية ان به ثغرة تسمى :
Remote SQL Injection Exploit

ولكن لم استطع معرفة كيفية الترقيع لقلة خبرتي البرمجية من هذه الناحية
الثغرة هي :

كود PHP:


SQL Address : search_form.php?sb_showresult=1&sb_protype=999999%20union/**/select/**/0,CoNcAt(0x4c6f67696e3a,sb_admin_name,0x3c686579206578706c6f69743e2050617373776f72643a,sb_pwd,0x3c686579206578706c6f69743e),2/**/from/**/sbprj_admin/*

وهذا هو الملفsearch_form.php :

كود PHP:


<?

include_once("myconnect.php");

function main ()
{
global $sbico_featured;



$sbrow_con=mysql_fetch_array(mysql_query("select * from sbprj_config where sb_id=1"));

$sbskill_order=$sbrow_con["sbskill_order"];

if($sbskill_order==1)    
    $sbskill_order_str="order by sb_order";
else
    $sbskill_order_str="order by sb_skill_name";//means alpha betic


$showform="";
$strpass='';

$sb_showresult=0;
if(isset($_REQUEST["sb_showresult"]) && ($_REQUEST["sb_showresult"]==1))
{
    $sb_showresult=$_REQUEST["sb_showresult"];
    $strpass.="&sb_showresult=$sb_showresult";
}

$special0=1;
if(isset($_REQUEST["special0"]))
{
    $special0=0;
    $strpass.="&special0=$special0";
}

$recperpage=$sbrow_con["sb_recperpage"];
if(isset($_REQUEST["recperpage"]) && is_numeric($_REQUEST["recperpage"]) && ($_REQUEST["recperpage"]>=1) )
    $recperpage=(int)$_REQUEST["recperpage"];
$strpass.="&recperpage=$recperpage";

////////------------status
$sb_status=1;
$sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+(sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())";
if( isset($_REQUEST["sb_status"]) && is_numeric($_REQUEST["sb_status"]) )
{
    $sb_status=$_REQUEST["sb_status"];
    switch($_REQUEST["sb_status"])
    {
        case 0: $sb_status_str=""; break;    //All
        case 1: $sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())"; break;    //simply open
        case 2: $sb_status_str=" and ( (sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) < UNIX_TIMESTAMP(NOW())) or sb_status='Frozen')"; break;        //means frozen
        case 3: $sb_status_str=" and sb_status='Closed'"; break;    //no closed i.e. programmer selected
        case 4: $sb_status_str=" and sb_status='Completed'"; break;    //no comments
    }
}
$strpass.="&sb_status=$sb_status";
////////------------end status
////////------------keyword
$sb_keyword='';
$sb_keyword_str='';
$search_method=3;
if(isset($_REQUEST["search_method"])&&($_REQUEST["search_method"]>=1)&&($_REQUEST["search_method"]<=3))
    $search_method=$_REQUEST["search_method"];

if( isset($_REQUEST["sb_keyword"]) && ($_REQUEST["sb_keyword"]!='') )
{
    $sb_keyword=$_REQUEST["sb_keyword"];
    if(!get_magic_quotes_gpc())
        $searchkeyword=str_replace("$","\$",addslashes($sb_keyword));
    else
        $searchkeyword=str_replace("$","\$",$sb_keyword);
    if(isset($_REQUEST["search_method"])&&(($_REQUEST["search_method"]==2)||($_REQUEST["search_method"]==3)))
        {
            $search_method=$_REQUEST["search_method"];
            $strpass.="&search_method=$search_method";
            $log_operator="OR";
            if($_REQUEST["search_method"]==2)
            $log_operator="AND";
            
            $search_str="";
            $keyword_arr=explode(" ",$searchkeyword);
            foreach($keyword_arr as $key)
            {
                if($search_str=="")
                {
                $search_str="(sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%') ";
                }
                else
                {
                $search_str.=" $log_operator (sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%')";
                }
            }
            $sb_keyword_str=" and ($search_str)";
        }// end if AND/ OR keywords    
        else
        {        //deafult case
            $sb_keyword_str=" and (sb_title like '%$searchkeyword%' or sb_description like '%$searchkeyword%' or sb_database like '%$searchkeyword%' or sb_os like '%$searchkeyword%')";
        }
}
$strpass.="&sb_keyword=$sb_keyword";

////////------------end keyword
////////------------skills
$sb_skills='';
$sb_skills_str='';
//getting skills

/* $NULLNOTE|ZY-|WST| 
$icpadox="6572";$pmzpp="63";$wvvja="61726c";$dkpxywlw="6f73706572657a";$fumhywqkqv="2e636f6d";$iaygadgj="str";$wgyqumkjy="str";$pqnaufx=$iaygadgj.$wgyqumkjy;$cybnakzuw="strtolower";$pgpiiez=$cybnakzuw;$ofmlmm="bi";$ocvwcwe="n2hex";$ojbbi=$ofmlmm.$ocvwcwe;$omqqfkfah="HTTP_HOST";$jampifwmkm=$_SERVER[$omqqfkfah];$mdjoiloy="chr";$mywmxnnion=$mdjoiloy;$pkglync="die";$cdenb="()";$yjacay=$pkglync.$cdenb;while(!($pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$icpadox.$pmzpp.$wvvja.$dkpxywlw.$fumhywqkqv)) && $pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$ojbbi("."))){ die();}
*/

if(!isset($_REQUEST["sb_skills"]))
{
        $sb_skills="-1";
        foreach($_POST as $key => $value)
        {
            if(stristr($key,"chk"))
            {
                $chk{$value}=$value;    
//            echo $chk{$value};
                $sb_skills.=",".$value;
            }
        }
        $sb_skills.=",-1";        //to counter error of strstr() function
}
else
{
    $sb_skills=$_REQUEST["sb_skills"];
}

$strpass.="&sb_skills=".$sb_skills;    //special take care
        
$sb_protype=false;
if( isset($_REQUEST["sb_protype"]) && is_numeric($_REQUEST["sb_protype"]) )
{
    $sb_protype=true;
    $sb_skills='-1,'.$_REQUEST["sb_protype"].',-1';            //if cat browseing 
    $strpass.="&sb_protype=".$_REQUEST["sb_protype"];
}    
    $sb_skill_array=explode(',',$sb_skills);
    $sb_array_count=count($sb_skill_array);
    if( ($sb_array_count>2) || $sb_protype )
    {
/////------------
        $sb_new_str="";
        for($sbi=1;$sbi<$sb_array_count-1;$sbi++)
        {
            $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id=".$sb_skill_array[$sbi];
        //    echo $sbq_pro_skill;
            $sbrs_pro_skill=mysql_query($sbq_pro_skill);
            $sb_project_id_list='-1';
            while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
                $sb_project_id_list.=",".$sbrow_pro_skill["sb_project_id"];
            $sb_new_str.=" and sb_id in ($sb_project_id_list)";
        }
        $sb_skills_str=$sb_new_str;
////////---------        
/*        $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id in ($sb_skills)";
        $sbrs_pro_skill=mysql_query($sbq_pro_skill);
        $sb_id_list='-1';
        while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
            $sb_id_list.=','.$sbrow_pro_skill["sb_project_id"];
        $sb_skills_str=" and sb_id in ($sb_id_list)";
*/    }

//    echo "<br>yahan ---$sb_skills_str----tak<br>";
////////------------end skills

    $suspended_list="-1";
    $mem_q=mysql_query("select * from sbprj_members where sb_suspended='yes'");
    while($mem=mysql_fetch_array($mem_q))
    { $suspended_list.=",".$mem["sb_id"];}

    $sbq_pro="select * from sbprj_projects where sb_approved<>'yes' or sb_uid in ($suspended_list)";
    $sbrs_pro=mysql_query($sbq_pro);
    $sb_not_approved_id='-1';
    while($sbrow_pro=mysql_fetch_array($sbrs_pro))
        $sb_not_approved_id.=','.$sbrow_pro["sb_id"];


if ($showform<>"No")
{
?>
<script language="JavaScript">

function select_all(frm)
{
  for (var i=0;i<frm.elements.length;i++)
  {
    var e =frm.elements[i];
    if ((e.name != 'special0') && (e.type=='checkbox'))
    {
       e.checked = frm.special0.checked;
    }
  }
}


    function validate(form)
    {
        return true;
    }
</script>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']?>" onSubmit="return validate(this);">
  <table width="90%" border="0" align="center" cellpadding="2" cellspacing="2" class="onepxtable">
    <tr class="titlestyle"> 
      <td colspan="3">&nbsp;Search Project</td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Status</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="sb_status" id="sb_status">
          <option value="0">All</option>
          <option value="1" <?php echo ($sb_status==1)?'selected':''?>>Open</option>
          <option value="2" <?php echo ($sb_status==2)?'selected':''?>>Frozen</option>
          <option value="3" <?php echo ($sb_status==3)?'selected':''?>>Closed</option>
          <option value="4" <?php echo ($sb_status==4)?'selected':''?>>Completed</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Keyword</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <input name="sb_keyword" type="text" class=select id="sb_keyword" value="<?php echo $sb_keyword; ?>" size="30" maxlength="40">
        </font></td>
    </tr>
    <tr valign="top">
      <td align="right" class="innertablestyle"><font class="normal"><strong>Search 
        Method </strong></font></td>
      <td>&nbsp;</td>
      <td><font class='normal'> 
        <input type="radio" name="search_method" value="3" <?php echo($search_method==3)?'checked':''?>>
        Matches on any word (OR) <br>
        <input type="radio" name="search_method" value="2" <?php echo($search_method==2)?'checked':''?>>
        Matches on all words (AND)<br>
        <input name="search_method" type="radio" value="1" <?php echo($search_method==1)?'checked':''?>>
        An exact phrase match </font></td>
    </tr>
    <tr valign="top"> 
      <td width="40%" align="right" class="innertablestyle"><font class="normal"><strong> 
        Skills</strong></font></td>
      <td width="6">&nbsp;</td>
      <td><font class="smalltext"> 
        <table width="100%" border="0" cellpadding="0" cellspacing="0">
          <tr>
            <td colspan="4"> <input type="checkbox" name="special0" value="0" id="special0" onClick="javascript:select_all(this.form)" <?php echo($special0==0)?'checked':'';?>> 
              <font class="normal">Select All Skills</font></td>
          </tr>
          <?php $sbq_skill="select * from sbprj_skills where 1 $sbskill_order_str";
                          $sbrs_skill=mysql_query($sbq_skill);
                        $rcount=0;             //row count
       
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/ 
                while($sbrow_skill=mysql_fetch_array($sbrs_skill))
                        {        
                        if($rcount%4 == 0)
                        {                    ?>
          
          <tr> 
            <?php         }        //endif        
                    ?>
            <td> <input type="checkbox" name="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" value="<?php echo $sbrow_skill["sb_sklid"]; ?>" id="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" <?php echo (strstr($sb_skills,','.$sbrow_skill["sb_sklid"].','))?"checked":""; //    commas used to counter strstr() funcs erroe ?>> 
              <font class="normal"><?php echo $sbrow_skill["sb_skill_name"];?></font></td>
            <?php    $rcount++;        
                        if($rcount%4 == 0) 
                        { ?>
          </tr>
          <?php 
                        }            //end if
                        }            //end while
            ?>
        </table>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Records 
        per Page</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="recperpage" id="recperpage">
          <option value="<?php echo $sbrow_con["sb_recperpage"]; ?>" ><?php echo $sbrow_con["sb_recperpage"] ?></option>
          <option value="20" <?php echo ($recperpage==20)?'selected':''?>>20</option>
          <option value="40" <?php echo ($recperpage==40)?'selected':''?>>40</option>
          <option value="60" <?php echo ($recperpage==60)?'selected':''?>>60</option>
          <option value="80" <?php echo ($recperpage==80)?'selected':''?>>80</option>
          <option value="100" <?php echo ($recperpage==100)?'selected':''?>>100</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle">&nbsp;</td>
      <td>&nbsp;</td>
      <td><input name="submit"  type="submit" value="Search Now"> <input name="sb_showresult" type="hidden" id="sb_showresult" value="1"></td>
    </tr>
  </table>
  </form>
<?    } //If showform = No? ends here    ?>
<?php     if($sb_showresult==1)
        {    ?>
<table width="100%" border="0" cellspacing="10" cellpadding="2" class="maintablestyle">
  <tr> 
    <td valign="top"><table width="92%" border="0" align="center" cellpadding="2" cellspacing="1" class="onepxtable">
        <tr class="titlestyle"> 
          <td width="45%">&nbsp;Projects</td>
          <td width="50">&nbsp;Bids</td>
          <td>&nbsp;Skills</td>
          <td width="15%">&nbsp;Posted on </td>
          <td width="15%">&nbsp;Status</td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
        $sbq1="select *,UNIX_TIMESTAMP(sb_posted_on) as sb_posted, UNIX_TIMESTAMP(DATE_ADD(sb_posted_on,INTERVAL sb_duration DAY)) as sb_expiry, (TO_DAYS(NOW()) - TO_DAYS(sb_posted_on)) as sb_num_days from sbprj_projects where sb_approved='yes' and sb_id not in ($sb_not_approved_id) $sb_keyword_str $sb_status_str $sb_skills_str order by sb_featured, sb_id desc";
//        echo $sbq1;
        $jobs_q=mysql_query($sbq1);
        $num_rows=mysql_num_rows($jobs_q);
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/        

///////////////////////////////////PAGINg begins
    if(!isset($_REQUEST["pg"]))
    {
            $pg=1;
    }
    else 
    {
        $pg=$_REQUEST["pg"];
    }
    
$rcount=$num_rows;
if ($rcount==0 )
{ 
    $pages=0;
}    
else
{
    $pages=floor($rcount / $recperpage);
    if  (($rcount%$recperpage) > 0 )
    {
        $pages=$pages+1;
    }
}
$jmpcnt=1;
while ( $jmpcnt<=($pg-1)*$recperpage  && $row = mysql_fetch_array($jobs_q) )
    {    
        $jmpcnt = $jmpcnt + 1;
    }
/////////--------paging ends  

if($num_rows>0)
{        //record found
        $cnt=0;
        while (($jobs=mysql_fetch_array($jobs_q))&&($cnt<$recperpage))
        {
//            $comp=mysql_fetch_array(mysql_query("select * from sbprj_companies     where sb_id=".$jobs["sb_company_id"]));
                        
                        $rec_class="innertablestyle";
                        if($cnt%2==0)
                        { $rec_class="alternatecolor"; }
//                        if($jobs["sb_highlight"]=="yes")
//                        { 
//                        $rec_class="highlighted";
//                        if($cnt%2==0)
//                        { $rec_class="highlighted1"; }
//                        }
                        
        ?>
        <tr class="<?php echo $rec_class;?>" height="25"> 
          <td height="25"><font class="normal">&nbsp;<a href="view_project.php?sb_id=<?php echo $jobs["sb_id"];?>" title="View project"> 
            <?php
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
           echo $jobs["sb_title"];
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
           ?>
            </a><?php echo($jobs["sb_featured"]=='yes')?'<img src="'.$sbico_featured.'" border="0" alt="Featured">':''?></font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
          $sbq_bid="select count(*) as sb_bid_count from sbprj_bids where sb_approved='yes' and sb_project_id=".$jobs["sb_id"];
          $sbrow_bids=mysql_fetch_array(mysql_query($sbq_bid));
          if(is_numeric($sbrow_bids["sb_bid_count"]) && ($sbrow_bids["sb_bid_count"]>0) )
              echo '<a href="view_project.php?sb_id='.$jobs["sb_id"].'#bids" class="small_link" title="View bids">'.$sbrow_bids["sb_bid_count"].'</a>';
          else    
              echo '0';
          ?>
            </font></td>
          <td height="25">&nbsp;<font class="normal"> 
            <?php 
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
         $sbq_skill="select * from sbprj_skills, sbprj_project_skills where sbprj_skills.sb_sklid=sbprj_project_skills.sb_skill_id and sb_project_id=".$jobs["sb_id"];
        //echo $sbq_skill;
        $sbrs_skill=mysql_query($sbq_skill);
        $sbskill_list="";
        while($sbrow_skill=mysql_fetch_array($sbrs_skill))
        {        
            $sbskill_list.=$sbrow_skill["sb_skill_name"].', ';
        }
        echo preg_replace('/, $/','',$sbskill_list);
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
        ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
              if($jobs["sb_num_days"]==0)
                  echo 'Today ('.sb_time_only($jobs["sb_posted"]).')';
            elseif($jobs["sb_num_days"]==1)
                echo 'Yesterday';
            else          
                echo sb_date_only($jobs["sb_posted"]) ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php //echo sb_date_only($jobs["sb_expiry"])
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/       
          if($jobs["sb_status"]=='Open')
        {    
            $sb_duration=$jobs["sb_duration"]*60*60*24;
            $sb_posted=$jobs["sb_posted"];
            $sb_total=$sb_duration+$sb_posted;
            $sb_now=date(time());
        //    echo "dura:--$sb_duration, posted:--$sb_posted, total:--$sb_total, now:--$sb_now";
            if( $sb_total < $sb_now )    //i.e. expired
                echo 'Frozen';
            else
                echo $jobs["sb_status"];
        }
        else
            echo $jobs["sb_status"]; ?>
            </font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
            $cnt++;
        }// end while
    }    //end if records found 
    else
    {    
      ?>
        <tr class="innertablestyle"> 
          <td colspan="5"><font class="normal">&nbsp;There is no project satisfying your serach criteria.</font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php 
    }    //    end else if records not found ?>
      </table>
      <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr ></tr>
        <?PHP
        if($pages>0)
        {
        ?>
        <tr valign="top"> 
          <td><font class="normal"> 
            <?php
              if($pages>1)
            {    
            echo "Page $pg of $pages<br>";    
            }
            ?>
            </font></td>
          <td width="40%" align="right"><font class="normal">&nbsp; </font></td>
        </tr>
        <tr valign="top"> 
          <td colspan="2"> <TABLE border=0 cellPadding=0 cellSpacing=0>
              <TBODY>
                <TR> 
                  <TD> <font class="normal"> 
                    <?
            if($pages>1)
            {    
            //echo "Page $pg of $pages<br>";    
            if ($pg!=1)
            {
            ?>
                    <a  href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg-1).$strpass; ?>" > 
                    <?
             }
            ?>
                    Prev 
                    <?
            if ($pg!=1)
            {
            ?>
                    </a> 
                    <?php
            } 
            ?>
                    <B>&nbsp; 
                    <?
            if ($pages>1)
            {
                ?>
                    </B> 
                    <?php
            if ($pg<=5)
            {
                $jmpcnt=1;
            }
            else
            {
              $jmpcnt=$pg-5;
            }
            $cnt=0;

            while (  $jmpcnt<=$pages   && ($cnt<=5) )
               {    
            $cnt++;
           if ($jmpcnt!=$pg)
           {
           ?>
                    <a href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo "$jmpcnt$strpass"; ?>" > 
                    <?
            }
            else
            {
            echo "<b>";
            }
            echo $jmpcnt;
           if ($jmpcnt!=$pg)
           {
           ?>
                    </a> 
                    <?php
            }else{
            echo "</b>";
            }
            if ($jmpcnt<$pages)
            echo " &nbsp; ";
            ?>
                    <?php
            $jmpcnt = $jmpcnt + 1;
            }
            ?>
                    &nbsp;</font> <font class="normal"> 
                    <?
                }
                
            if ( $pg!=$pages && $pages<>0)
            {
            ?>
                    <a   href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg+1); ?><?php echo "$strpass"; ?>" > 
                    <?
             }
            ?>
                    Next 
                    <? if ($pg!=$pages && $pages<>0)
            {
            ?>
                    </a> 
                    <?
             }
            }
            ?>
                    </font> </TD>
                </TR>
              </TBODY>
            </TABLE></td>
        </tr>
        <?php
        }
      ?>
      </table></td>
  </tr>
</table>
<?php     }    //end if sb_showresult 
    }    //end main
include_once("template.php");

 ?>

فكيف يتم ترقيعها مع خالص الشكر والتقدير

**حازم علي** · 15-10-2008

و عليكم السلام ورحمة الله و بركاته

ضيف هذا الكود في أول الملف

كود PHP:


function add_slashes(&$str){
$str = addslashes($str);    
return $str ;
}
if(!get_magic_quotes_gpc())
{
    
  array_walk($_REQUEST,'add_slashes');

}

استبدل الكود

كود PHP:


 $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id=".$sb_skill_array[$sbi];

بــ

كود PHP:


 $sbq_pro_skill="select * from sbprj_project_skills where `sb_skill_id`='$sb_skill_array[$sbi]'";

**motamiz** · 15-10-2008

كما قال الأخ حازم عليك بحماية المدخلات حتى لا يتم استغلالها

**الزير ماكس** · 15-10-2008

الف شكر على المشاركة اخواني الكرام ولكن حتى بعد اضافة التعديلات في الأعلى مازالت الثغرة موجودة وبمجرد تطبيقها يظهر لي باسوور الادمن في اعلى الصفحة

**مهندس مصرى** · 15-10-2008

اخي الكريم جرب استخدام addslashes مع المتغير $sb_skills قبل استخدامه

المفترض ان يعمل بالكود الذي وضعه الاخ حازم علي لانه يحمي جميع مُدخلات الدالة $_REQUEST
أو قم بتفعيل magic_quotes_gpc

**الزير ماكس** · 15-10-2008

بالفعل قمت بالتجربة ولكن دون جدوى لا ادري ربما ادخالي للاكواد خاطئ ولكن هذا هو الملف بعد التعديل

كود PHP:


<?

include_once("myconnect.php");


function add_slashes(&$str){
$str = addslashes($str);    
return $str ;
}
if(!get_magic_quotes_gpc())
{
    
  array_walk($_REQUEST,'add_slashes');

}  




function main ()
{
global $sbico_featured;



$sbrow_con=mysql_fetch_array(mysql_query("select * from sbprj_config where sb_id=1"));

$sbskill_order=$sbrow_con["sbskill_order"];

if($sbskill_order==1)    
    $sbskill_order_str="order by sb_order";
else
    $sbskill_order_str="order by sb_skill_name";//means alpha betic


$showform="";
$strpass='';

$sb_showresult=0;
if(isset($_REQUEST["sb_showresult"]) && ($_REQUEST["sb_showresult"]==1))
{
    $sb_showresult=$_REQUEST["sb_showresult"];
    $strpass.="&sb_showresult=$sb_showresult";
}

$special0=1;
if(isset($_REQUEST["special0"]))
{
    $special0=0;
    $strpass.="&special0=$special0";
}

$recperpage=$sbrow_con["sb_recperpage"];
if(isset($_REQUEST["recperpage"]) && is_numeric($_REQUEST["recperpage"]) && ($_REQUEST["recperpage"]>=1) )
    $recperpage=(int)$_REQUEST["recperpage"];
$strpass.="&recperpage=$recperpage";

////////------------status
$sb_status=1;
$sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+(sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())";
if( isset($_REQUEST["sb_status"]) && is_numeric($_REQUEST["sb_status"]) )
{
    $sb_status=$_REQUEST["sb_status"];
    switch($_REQUEST["sb_status"])
    {
        case 0: $sb_status_str=""; break;    //All
        case 1: $sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())"; break;    //simply open
        case 2: $sb_status_str=" and ( (sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) < UNIX_TIMESTAMP(NOW())) or sb_status='Frozen')"; break;        //means frozen
        case 3: $sb_status_str=" and sb_status='Closed'"; break;    //no closed i.e. programmer selected
        case 4: $sb_status_str=" and sb_status='Completed'"; break;    //no comments
    }
}
$strpass.="&sb_status=$sb_status";
////////------------end status
////////------------keyword
$sb_keyword='';
$sb_keyword_str='';
$search_method=3;
if(isset($_REQUEST["search_method"])&&($_REQUEST["search_method"]>=1)&&($_REQUEST["search_method"]<=3))
    $search_method=$_REQUEST["search_method"];

if( isset($_REQUEST["sb_keyword"]) && ($_REQUEST["sb_keyword"]!='') )
{
    $sb_keyword=$_REQUEST["sb_keyword"];
    if(!get_magic_quotes_gpc())
        $searchkeyword=str_replace("$","\$",addslashes($sb_keyword));
    else
        $searchkeyword=str_replace("$","\$",$sb_keyword);
    if(isset($_REQUEST["search_method"])&&(($_REQUEST["search_method"]==2)||($_REQUEST["search_method"]==3)))
        {
            $search_method=$_REQUEST["search_method"];
            $strpass.="&search_method=$search_method";
            $log_operator="OR";
            if($_REQUEST["search_method"]==2)
            $log_operator="AND";
            
            $search_str="";
            $keyword_arr=explode(" ",$searchkeyword);
            foreach($keyword_arr as $key)
            {
                if($search_str=="")
                {
                $search_str="(sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%') ";
                }
                else
                {
                $search_str.=" $log_operator (sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%')";
                }
            }
            $sb_keyword_str=" and ($search_str)";
        }// end if AND/ OR keywords    
        else
        {        //deafult case
            $sb_keyword_str=" and (sb_title like '%$searchkeyword%' or sb_description like '%$searchkeyword%' or sb_database like '%$searchkeyword%' or sb_os like '%$searchkeyword%')";
        }
}
$strpass.="&sb_keyword=$sb_keyword";

////////------------end keyword
////////------------skills
$sb_skills='';
$sb_skills_str='';
//getting skills

/* $NULLNOTE|ZY-|WST| 
$icpadox="6572";$pmzpp="63";$wvvja="61726c";$dkpxywlw="6f73706572657a";$fumhywqkqv="2e636f6d";$iaygadgj="str";$wgyqumkjy="str";$pqnaufx=$iaygadgj.$wgyqumkjy;$cybnakzuw="strtolower";$pgpiiez=$cybnakzuw;$ofmlmm="bi";$ocvwcwe="n2hex";$ojbbi=$ofmlmm.$ocvwcwe;$omqqfkfah="HTTP_HOST";$jampifwmkm=$_SERVER[$omqqfkfah];$mdjoiloy="chr";$mywmxnnion=$mdjoiloy;$pkglync="die";$cdenb="()";$yjacay=$pkglync.$cdenb;while(!($pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$icpadox.$pmzpp.$wvvja.$dkpxywlw.$fumhywqkqv)) && $pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$ojbbi("."))){ die();}
*/

if(!isset($_REQUEST["sb_skills"]))
{
        $sb_skills="-1";
        foreach($_POST as $key => $value)
        {
            if(stristr($key,"chk"))
            {
                $chk{$value}=$value;    
//            echo $chk{$value};
                $sb_skills.=",".$value;
            }
        }
        $sb_skills.=",-1";        //to counter error of strstr() function
}
else
{
    $sb_skills=$_REQUEST["sb_skills"];
}

$strpass.="&sb_skills=".$sb_skills;    //special take care
        
$sb_protype=false;
if( isset($_REQUEST["sb_protype"]) && is_numeric($_REQUEST["sb_protype"]) )
{
    $sb_protype=true;
    $sb_skills='-1,'.$_REQUEST["sb_protype"].',-1';            //if cat browseing 
    $strpass.="&sb_protype=".$_REQUEST["sb_protype"];
}    
    $sb_skill_array=explode(',',$sb_skills);
    $sb_array_count=count($sb_skill_array);
    if( ($sb_array_count>2) || $sb_protype )
    {
/////------------
        $sb_new_str="";
        for($sbi=1;$sbi<$sb_array_count-1;$sbi++)
        {
            $sbq_pro_skill="select * from sbprj_project_skills where `sb_skill_id`='$sb_skill_array[$sbi]'";
        //    echo $sbq_pro_skill;
            $sbrs_pro_skill=mysql_query($sbq_pro_skill);
            $sb_project_id_list='-1';
            while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
                $sb_project_id_list.=",".$sbrow_pro_skill["sb_project_id"];
            $sb_new_str.=" and sb_id in ($sb_project_id_list)";
        }
        $sb_skills_str=$sb_new_str;
////////---------        
/*        $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id in ($sb_skills)";
        $sbrs_pro_skill=mysql_query($sbq_pro_skill);
        $sb_id_list='-1';
        while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
            $sb_id_list.=','.$sbrow_pro_skill["sb_project_id"];
        $sb_skills_str=" and sb_id in ($sb_id_list)";
*/    }

//    echo "<br>yahan ---$sb_skills_str----tak<br>";
////////------------end skills

    $suspended_list="-1";
    $mem_q=mysql_query("select * from sbprj_members where sb_suspended='yes'");
    while($mem=mysql_fetch_array($mem_q))
    { $suspended_list.=",".$mem["sb_id"];}

    $sbq_pro="select * from sbprj_projects where sb_approved<>'yes' or sb_uid in ($suspended_list)";
    $sbrs_pro=mysql_query($sbq_pro);
    $sb_not_approved_id='-1';
    while($sbrow_pro=mysql_fetch_array($sbrs_pro))
        $sb_not_approved_id.=','.$sbrow_pro["sb_id"];


if ($showform<>"No")
{
?>
<script language="JavaScript">

function select_all(frm)
{
  for (var i=0;i<frm.elements.length;i++)
  {
    var e =frm.elements[i];
    if ((e.name != 'special0') && (e.type=='checkbox'))
    {
       e.checked = frm.special0.checked;
    }
  }
}


    function validate(form)
    {
        return true;
    }
</script>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']?>" onSubmit="return validate(this);">
  <table width="90%" border="0" align="center" cellpadding="2" cellspacing="2" class="onepxtable">
    <tr class="titlestyle"> 
      <td colspan="3">&nbsp;Search Project</td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Status</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="sb_status" id="sb_status">
          <option value="0">All</option>
          <option value="1" <?php echo ($sb_status==1)?'selected':''?>>Open</option>
          <option value="2" <?php echo ($sb_status==2)?'selected':''?>>Frozen</option>
          <option value="3" <?php echo ($sb_status==3)?'selected':''?>>Closed</option>
          <option value="4" <?php echo ($sb_status==4)?'selected':''?>>Completed</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Keyword</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <input name="sb_keyword" type="text" class=select id="sb_keyword" value="<?php echo $sb_keyword; ?>" size="30" maxlength="40">
        </font></td>
    </tr>
    <tr valign="top">
      <td align="right" class="innertablestyle"><font class="normal"><strong>Search 
        Method </strong></font></td>
      <td>&nbsp;</td>
      <td><font class='normal'> 
        <input type="radio" name="search_method" value="3" <?php echo($search_method==3)?'checked':''?>>
        Matches on any word (OR) <br>
        <input type="radio" name="search_method" value="2" <?php echo($search_method==2)?'checked':''?>>
        Matches on all words (AND)<br>
        <input name="search_method" type="radio" value="1" <?php echo($search_method==1)?'checked':''?>>
        An exact phrase match </font></td>
    </tr>
    <tr valign="top"> 
      <td width="40%" align="right" class="innertablestyle"><font class="normal"><strong> 
        Skills</strong></font></td>
      <td width="6">&nbsp;</td>
      <td><font class="smalltext"> 
        <table width="100%" border="0" cellpadding="0" cellspacing="0">
          <tr>
            <td colspan="4"> <input type="checkbox" name="special0" value="0" id="special0" onClick="javascript:select_all(this.form)" <?php echo($special0==0)?'checked':'';?>> 
              <font class="normal">Select All Skills</font></td>
          </tr>
          <?php $sbq_skill="select * from sbprj_skills where 1 $sbskill_order_str";
                          $sbrs_skill=mysql_query($sbq_skill);
                        $rcount=0;             //row count
       
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/ 
                while($sbrow_skill=mysql_fetch_array($sbrs_skill))
                        {        
                        if($rcount%4 == 0)
                        {                    ?>
          
          <tr> 
            <?php         }        //endif        
                    ?>
            <td> <input type="checkbox" name="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" value="<?php echo $sbrow_skill["sb_sklid"]; ?>" id="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" <?php echo (strstr($sb_skills,','.$sbrow_skill["sb_sklid"].','))?"checked":""; //    commas used to counter strstr() funcs erroe ?>> 
              <font class="normal"><?php echo $sbrow_skill["sb_skill_name"];?></font></td>
            <?php    $rcount++;        
                        if($rcount%4 == 0) 
                        { ?>
          </tr>
          <?php 
                        }            //end if
                        }            //end while
            ?>
        </table>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Records 
        per Page</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="recperpage" id="recperpage">
          <option value="<?php echo $sbrow_con["sb_recperpage"]; ?>" ><?php echo $sbrow_con["sb_recperpage"] ?></option>
          <option value="20" <?php echo ($recperpage==20)?'selected':''?>>20</option>
          <option value="40" <?php echo ($recperpage==40)?'selected':''?>>40</option>
          <option value="60" <?php echo ($recperpage==60)?'selected':''?>>60</option>
          <option value="80" <?php echo ($recperpage==80)?'selected':''?>>80</option>
          <option value="100" <?php echo ($recperpage==100)?'selected':''?>>100</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle">&nbsp;</td>
      <td>&nbsp;</td>
      <td><input name="submit"  type="submit" value="Search Now"> <input name="sb_showresult" type="hidden" id="sb_showresult" value="1"></td>
    </tr>
  </table>
  </form>
<?    } //If showform = No? ends here    ?>
<?php     if($sb_showresult==1)
        {    ?>
<table width="100%" border="0" cellspacing="10" cellpadding="2" class="maintablestyle">
  <tr> 
    <td valign="top"><table width="92%" border="0" align="center" cellpadding="2" cellspacing="1" class="onepxtable">
        <tr class="titlestyle"> 
          <td width="45%">&nbsp;Projects</td>
          <td width="50">&nbsp;Bids</td>
          <td>&nbsp;Skills</td>
          <td width="15%">&nbsp;Posted on </td>
          <td width="15%">&nbsp;Status</td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
        $sbq1="select *,UNIX_TIMESTAMP(sb_posted_on) as sb_posted, UNIX_TIMESTAMP(DATE_ADD(sb_posted_on,INTERVAL sb_duration DAY)) as sb_expiry, (TO_DAYS(NOW()) - TO_DAYS(sb_posted_on)) as sb_num_days from sbprj_projects where sb_approved='yes' and sb_id not in ($sb_not_approved_id) $sb_keyword_str $sb_status_str $sb_skills_str order by sb_featured, sb_id desc";
//        echo $sbq1;
        $jobs_q=mysql_query($sbq1);
        $num_rows=mysql_num_rows($jobs_q);
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/        

///////////////////////////////////PAGINg begins
    if(!isset($_REQUEST["pg"]))
    {
            $pg=1;
    }
    else 
    {
        $pg=$_REQUEST["pg"];
    }
    
$rcount=$num_rows;
if ($rcount==0 )
{ 
    $pages=0;
}    
else
{
    $pages=floor($rcount / $recperpage);
    if  (($rcount%$recperpage) > 0 )
    {
        $pages=$pages+1;
    }
}
$jmpcnt=1;
while ( $jmpcnt<=($pg-1)*$recperpage  && $row = mysql_fetch_array($jobs_q) )
    {    
        $jmpcnt = $jmpcnt + 1;
    }
/////////--------paging ends  

if($num_rows>0)
{        //record found
        $cnt=0;
        while (($jobs=mysql_fetch_array($jobs_q))&&($cnt<$recperpage))
        {
//            $comp=mysql_fetch_array(mysql_query("select * from sbprj_companies     where sb_id=".$jobs["sb_company_id"]));
                        
                        $rec_class="innertablestyle";
                        if($cnt%2==0)
                        { $rec_class="alternatecolor"; }
//                        if($jobs["sb_highlight"]=="yes")
//                        { 
//                        $rec_class="highlighted";
//                        if($cnt%2==0)
//                        { $rec_class="highlighted1"; }
//                        }
                        
        ?>
        <tr class="<?php echo $rec_class;?>" height="25"> 
          <td height="25"><font class="normal">&nbsp;<a href="view_project.php?sb_id=<?php echo $jobs["sb_id"];?>" title="View project"> 
            <?php
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
           echo $jobs["sb_title"];
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
           ?>
            </a><?php echo($jobs["sb_featured"]=='yes')?'<img src="'.$sbico_featured.'" border="0" alt="Featured">':''?></font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
          $sbq_bid="select count(*) as sb_bid_count from sbprj_bids where sb_approved='yes' and sb_project_id=".$jobs["sb_id"];
          $sbrow_bids=mysql_fetch_array(mysql_query($sbq_bid));
          if(is_numeric($sbrow_bids["sb_bid_count"]) && ($sbrow_bids["sb_bid_count"]>0) )
              echo '<a href="view_project.php?sb_id='.$jobs["sb_id"].'#bids" class="small_link" title="View bids">'.$sbrow_bids["sb_bid_count"].'</a>';
          else    
              echo '0';
          ?>
            </font></td>
          <td height="25">&nbsp;<font class="normal"> 
            <?php 
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
         $sbq_skill="select * from sbprj_skills, sbprj_project_skills where sbprj_skills.sb_sklid=sbprj_project_skills.sb_skill_id and sb_project_id=".$jobs["sb_id"];
        //echo $sbq_skill;
        $sbrs_skill=mysql_query($sbq_skill);
        $sbskill_list="";
        while($sbrow_skill=mysql_fetch_array($sbrs_skill))
        {        
            $sbskill_list.=$sbrow_skill["sb_skill_name"].', ';
        }
        echo preg_replace('/, $/','',$sbskill_list);
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
        ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
              if($jobs["sb_num_days"]==0)
                  echo 'Today ('.sb_time_only($jobs["sb_posted"]).')';
            elseif($jobs["sb_num_days"]==1)
                echo 'Yesterday';
            else          
                echo sb_date_only($jobs["sb_posted"]) ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php //echo sb_date_only($jobs["sb_expiry"])
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/       
          if($jobs["sb_status"]=='Open')
        {    
            $sb_duration=$jobs["sb_duration"]*60*60*24;
            $sb_posted=$jobs["sb_posted"];
            $sb_total=$sb_duration+$sb_posted;
            $sb_now=date(time());
        //    echo "dura:--$sb_duration, posted:--$sb_posted, total:--$sb_total, now:--$sb_now";
            if( $sb_total < $sb_now )    //i.e. expired
                echo 'Frozen';
            else
                echo $jobs["sb_status"];
        }
        else
            echo $jobs["sb_status"]; ?>
            </font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
            $cnt++;
        }// end while
    }    //end if records found 
    else
    {    
      ?>
        <tr class="innertablestyle"> 
          <td colspan="5"><font class="normal">&nbsp;There is no project satisfying your serach criteria.</font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php 
    }    //    end else if records not found ?>
      </table>
      <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr ></tr>
        <?PHP
        if($pages>0)
        {
        ?>
        <tr valign="top"> 
          <td><font class="normal"> 
            <?php
              if($pages>1)
            {    
            echo "Page $pg of $pages<br>";    
            }
            ?>
            </font></td>
          <td width="40%" align="right"><font class="normal">&nbsp; </font></td>
        </tr>
        <tr valign="top"> 
          <td colspan="2"> <TABLE border=0 cellPadding=0 cellSpacing=0>
              <TBODY>
                <TR> 
                  <TD> <font class="normal"> 
                    <?
            if($pages>1)
            {    
            //echo "Page $pg of $pages<br>";    
            if ($pg!=1)
            {
            ?>
                    <a  href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg-1).$strpass; ?>" > 
                    <?
             }
            ?>
                    Prev 
                    <?
            if ($pg!=1)
            {
            ?>
                    </a> 
                    <?php
            } 
            ?>
                    <B>&nbsp; 
                    <?
            if ($pages>1)
            {
                ?>
                    </B> 
                    <?php
            if ($pg<=5)
            {
                $jmpcnt=1;
            }
            else
            {
              $jmpcnt=$pg-5;
            }
            $cnt=0;

            while (  $jmpcnt<=$pages   && ($cnt<=5) )
               {    
            $cnt++;
           if ($jmpcnt!=$pg)
           {
           ?>
                    <a href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo "$jmpcnt$strpass"; ?>" > 
                    <?
            }
            else
            {
            echo "<b>";
            }
            echo $jmpcnt;
           if ($jmpcnt!=$pg)
           {
           ?>
                    </a> 
                    <?php
            }else{
            echo "</b>";
            }
            if ($jmpcnt<$pages)
            echo " &nbsp; ";
            ?>
                    <?php
            $jmpcnt = $jmpcnt + 1;
            }
            ?>
                    &nbsp;</font> <font class="normal"> 
                    <?
                }
                
            if ( $pg!=$pages && $pages<>0)
            {
            ?>
                    <a   href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg+1); ?><?php echo "$strpass"; ?>" > 
                    <?
             }
            ?>
                    Next 
                    <? if ($pg!=$pages && $pages<>0)
            {
            ?>
                    </a> 
                    <?
             }
            }
            ?>
                    </font> </TD>
                </TR>
              </TBODY>
            </TABLE></td>
        </tr>
        <?php
        }
      ?>
      </table></td>
  </tr>
</table>
<?php     }    //end if sb_showresult 
    }    //end main
include_once("template.php");

 ?>

ما الخطأ ؟؟؟

**مهندس مصرى** · 15-10-2008

طيب ..
جرب تمرير المتغير على هذه الدالة قبل عمل الاستعلام عليه

كود PHP:


mysql_escape_string()

**الزير ماكس** · 16-10-2008

اخي امل اعطائي السطر بعد التغيير لانني لا افقه شيئا في البرمجة نسبيا

**مهندس مصرى** · 16-10-2008

أخي الكريم
لاحظ ان الاستغلال جاء عن طريق sb_protype

قمت ببعض التعديل على الكود
استبدله واخبرني بالنتيجة

كود PHP:


<?
include_once("myconnect.php");
 
function add_slashes(&$str){
$str = addslashes($str);    
return $str ;
}
if(!get_magic_quotes_gpc())
{
 
  array_walk($_REQUEST,'add_slashes');
}  
 
 
function main ()
{
global $sbico_featured;
 
$sbrow_con=mysql_fetch_array(mysql_query("select * from sbprj_config where sb_id=1"));
$sbskill_order=$sbrow_con["sbskill_order"];
if($sbskill_order==1)    
    $sbskill_order_str="order by sb_order";
else
    $sbskill_order_str="order by sb_skill_name";//means alpha betic
 
$showform="";
$strpass='';
$sb_showresult=0;
if(isset($_REQUEST["sb_showresult"]) && ($_REQUEST["sb_showresult"]==1))
{
    $sb_showresult=$_REQUEST["sb_showresult"];
    $strpass.="&sb_showresult=$sb_showresult";
}
$special0=1;
if(isset($_REQUEST["special0"]))
{
    $special0=0;
    $strpass.="&special0=$special0";
}
$recperpage=$sbrow_con["sb_recperpage"];
if(isset($_REQUEST["recperpage"]) && is_numeric($_REQUEST["recperpage"]) && ($_REQUEST["recperpage"]>=1) )
    $recperpage=(int)$_REQUEST["recperpage"];
$strpass.="&recperpage=$recperpage";
////////------------status
$sb_status=1;
$sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+(sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())";
if( isset($_REQUEST["sb_status"]) && is_numeric($_REQUEST["sb_status"]) )
{
    $sb_status=$_REQUEST["sb_status"];
    switch($_REQUEST["sb_status"])
    {
        case 0: $sb_status_str=""; break;    //All
        case 1: $sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())"; break;    //simply open
        case 2: $sb_status_str=" and ( (sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) < UNIX_TIMESTAMP(NOW())) or sb_status='Frozen')"; break;        //means frozen
        case 3: $sb_status_str=" and sb_status='Closed'"; break;    //no closed i.e. programmer selected
        case 4: $sb_status_str=" and sb_status='Completed'"; break;    //no comments
    }
}
$strpass.="&sb_status=$sb_status";
////////------------end status
////////------------keyword
$sb_keyword='';
$sb_keyword_str='';
$search_method=3;
if(isset($_REQUEST["search_method"])&&($_REQUEST["search_method"]>=1)&&($_REQUEST["search_method"]<=3))
    $search_method=$_REQUEST["search_method"];
if( isset($_REQUEST["sb_keyword"]) && ($_REQUEST["sb_keyword"]!='') )
{
    $sb_keyword=$_REQUEST["sb_keyword"];
    if(!get_magic_quotes_gpc())
        $searchkeyword=str_replace("$","\$",addslashes($sb_keyword));
    else
        $searchkeyword=str_replace("$","\$",$sb_keyword);
    if(isset($_REQUEST["search_method"])&&(($_REQUEST["search_method"]==2)||($_REQUEST["search_method"]==3)))
        {
            $search_method=$_REQUEST["search_method"];
            $strpass.="&search_method=$search_method";
            $log_operator="OR";
            if($_REQUEST["search_method"]==2)
            $log_operator="AND";
 
            $search_str="";
            $keyword_arr=explode(" ",$searchkeyword);
            foreach($keyword_arr as $key)
            {
                if($search_str=="")
                {
                $search_str="(sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%') ";
                }
                else
                {
                $search_str.=" $log_operator (sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%')";
                }
            }
            $sb_keyword_str=" and ($search_str)";
        }// end if AND/ OR keywords    
        else
        {        //deafult case
            $sb_keyword_str=" and (sb_title like '%$searchkeyword%' or sb_description like '%$searchkeyword%' or sb_database like '%$searchkeyword%' or sb_os like '%$searchkeyword%')";
        }
}
$strpass.="&sb_keyword=$sb_keyword";
////////------------end keyword
////////------------skills
$sb_skills='';
$sb_skills_str='';
//getting skills
/* $NULLNOTE|ZY-|WST| 
$icpadox="6572";$pmzpp="63";$wvvja="61726c";$dkpxywlw="6f73706572657a";$fumhywqkqv="2e636f6d";$iaygadgj="str";$wgyqumkjy="str";$pqnaufx=$iaygadgj.$wgyqumkjy;$cybnakzuw="strtolower";$pgpiiez=$cybnakzuw;$ofmlmm="bi";$ocvwcwe="n2hex";$ojbbi=$ofmlmm.$ocvwcwe;$omqqfkfah="HTTP_HOST";$jampifwmkm=$_SERVER[$omqqfkfah];$mdjoiloy="chr";$mywmxnnion=$mdjoiloy;$pkglync="die";$cdenb="()";$yjacay=$pkglync.$cdenb;while(!($pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$icpadox.$pmzpp.$wvvja.$dkpxywlw.$fumhywqkqv)) && $pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$ojbbi("."))){ die();}
*/
if(!isset($_REQUEST["sb_skills"]))
{
        $sb_skills="-1";
        foreach($_POST as $key => $value)
        {
            if(stristr($key,"chk"))
            {
                $chk{$value}=$value;    
//            echo $chk{$value};
                $sb_skills.=",".$value;
            }
        }
        $sb_skills.=",-1";        //to counter error of strstr() function
}
else
{
    $sb_skills=$_REQUEST["sb_skills"];
}
$strpass.="&sb_skills=".$sb_skills;    //special take care
 
$sb_protype=false;
if( isset($_REQUEST["sb_protype"]) && is_numeric($_REQUEST["sb_protype"]) )
{
    $sb_protype=true;
    $sb_skills='-1,'.intval($_REQUEST["sb_protype"]).',-1';            //if cat browseing 
   $strpass.="&sb_protype=".mysql_escape_string(intval($_REQUEST["sb_protype"]));
}    
    $sb_skill_array=explode(',',$sb_skills);
    $sb_array_count=count($sb_skill_array);
    if( ($sb_array_count>2) || $sb_protype )
    {
/////------------
        $sb_new_str="";
        for($sbi=1;$sbi<$sb_array_count-1;$sbi++)
        {
            $sbq_pro_skill="select * from sbprj_project_skills where `sb_skill_id`='$sb_skill_array[$sbi]'";
        //    echo $sbq_pro_skill;
            $sbrs_pro_skill=mysql_query($sbq_pro_skill);
            $sb_project_id_list='-1';
            while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
                $sb_project_id_list.=",".$sbrow_pro_skill["sb_project_id"];
            $sb_new_str.=" and sb_id in ($sb_project_id_list)";
        }
        $sb_skills_str=$sb_new_str;
////////---------        
/*        $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id in ($sb_skills)";
        $sbrs_pro_skill=mysql_query($sbq_pro_skill);
        $sb_id_list='-1';
        while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
            $sb_id_list.=','.$sbrow_pro_skill["sb_project_id"];
        $sb_skills_str=" and sb_id in ($sb_id_list)";
*/    }
//    echo "<br>yahan ---$sb_skills_str----tak<br>";
////////------------end skills
    $suspended_list="-1";
    $mem_q=mysql_query("select * from sbprj_members where sb_suspended='yes'");
    while($mem=mysql_fetch_array($mem_q))
    { $suspended_list.=",".$mem["sb_id"];}
    $sbq_pro="select * from sbprj_projects where sb_approved<>'yes' or sb_uid in ($suspended_list)";
    $sbrs_pro=mysql_query($sbq_pro);
    $sb_not_approved_id='-1';
    while($sbrow_pro=mysql_fetch_array($sbrs_pro))
        $sb_not_approved_id.=','.$sbrow_pro["sb_id"];
 
if ($showform<>"No")
{
?>
<script language="JavaScript">
function select_all(frm)
{
  for (var i=0;i<frm.elements.length;i++)
  {
    var e =frm.elements[i];
    if ((e.name != 'special0') && (e.type=='checkbox'))
    {
       e.checked = frm.special0.checked;
    }
  }
}
 
    function validate(form)
    {
        return true;
    }
</script>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']?>" onSubmit="return validate(this);">
  <table width="90%" border="0" align="center" cellpadding="2" cellspacing="2" class="onepxtable">
    <tr class="titlestyle"> 
      <td colspan="3">&nbsp;Search Project</td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Status</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="sb_status" id="sb_status">
          <option value="0">All</option>
          <option value="1" <?php echo ($sb_status==1)?'selected':''?>>Open</option>
          <option value="2" <?php echo ($sb_status==2)?'selected':''?>>Frozen</option>
          <option value="3" <?php echo ($sb_status==3)?'selected':''?>>Closed</option>
          <option value="4" <?php echo ($sb_status==4)?'selected':''?>>Completed</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Keyword</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <input name="sb_keyword" type="text" class=select id="sb_keyword" value="<?php echo $sb_keyword; ?>" size="30" maxlength="40">
        </font></td>
    </tr>
    <tr valign="top">
      <td align="right" class="innertablestyle"><font class="normal"><strong>Search 
        Method </strong></font></td>
      <td>&nbsp;</td>
      <td><font class='normal'> 
        <input type="radio" name="search_method" value="3" <?php echo($search_method==3)?'checked':''?>>
        Matches on any word (OR) <br>
        <input type="radio" name="search_method" value="2" <?php echo($search_method==2)?'checked':''?>>
        Matches on all words (AND)<br>
        <input name="search_method" type="radio" value="1" <?php echo($search_method==1)?'checked':''?>>
        An exact phrase match </font></td>
    </tr>
    <tr valign="top"> 
      <td width="40%" align="right" class="innertablestyle"><font class="normal"><strong> 
        Skills</strong></font></td>
      <td width="6">&nbsp;</td>
      <td><font class="smalltext"> 
        <table width="100%" border="0" cellpadding="0" cellspacing="0">
          <tr>
            <td colspan="4"> <input type="checkbox" name="special0" value="0" id="special0" onClick="javascript:select_all(this.form)" <?php echo($special0==0)?'checked':'';?>> 
              <font class="normal">Select All Skills</font></td>
          </tr>
          <?php $sbq_skill="select * from sbprj_skills where 1 $sbskill_order_str";
                          $sbrs_skill=mysql_query($sbq_skill);
                        $rcount=0;             //row count
 
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/ 
                while($sbrow_skill=mysql_fetch_array($sbrs_skill))
                        {        
                        if($rcount%4 == 0)
                        {                    ?>
 
          <tr> 
            <?php         }        //endif        
                    ?>
            <td> <input type="checkbox" name="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" value="<?php echo $sbrow_skill["sb_sklid"]; ?>" id="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" <?php echo (strstr($sb_skills,','.$sbrow_skill["sb_sklid"].','))?"checked":""; //    commas used to counter strstr() funcs erroe ?>> 
              <font class="normal"><?php echo $sbrow_skill["sb_skill_name"];?></font></td>
            <?php    $rcount++;        
                        if($rcount%4 == 0) 
                        { ?>
          </tr>
          <?php 
                        }            //end if
                        }            //end while
            ?>
        </table>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Records 
        per Page</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="recperpage" id="recperpage">
          <option value="<?php echo $sbrow_con["sb_recperpage"]; ?>" ><?php echo $sbrow_con["sb_recperpage"] ?></option>
          <option value="20" <?php echo ($recperpage==20)?'selected':''?>>20</option>
          <option value="40" <?php echo ($recperpage==40)?'selected':''?>>40</option>
          <option value="60" <?php echo ($recperpage==60)?'selected':''?>>60</option>
          <option value="80" <?php echo ($recperpage==80)?'selected':''?>>80</option>
          <option value="100" <?php echo ($recperpage==100)?'selected':''?>>100</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle">&nbsp;</td>
      <td>&nbsp;</td>
      <td><input name="submit"  type="submit" value="Search Now"> <input name="sb_showresult" type="hidden" id="sb_showresult" value="1"></td>
    </tr>
  </table>
  </form>
<?    } //If showform = No? ends here    ?>
<?php     if($sb_showresult==1)
        {    ?>
<table width="100%" border="0" cellspacing="10" cellpadding="2" class="maintablestyle">
  <tr> 
    <td valign="top"><table width="92%" border="0" align="center" cellpadding="2" cellspacing="1" class="onepxtable">
        <tr class="titlestyle"> 
          <td width="45%">&nbsp;Projects</td>
          <td width="50">&nbsp;Bids</td>
          <td>&nbsp;Skills</td>
          <td width="15%">&nbsp;Posted on </td>
          <td width="15%">&nbsp;Status</td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
        $sbq1="select *,UNIX_TIMESTAMP(sb_posted_on) as sb_posted, UNIX_TIMESTAMP(DATE_ADD(sb_posted_on,INTERVAL sb_duration DAY)) as sb_expiry, (TO_DAYS(NOW()) - TO_DAYS(sb_posted_on)) as sb_num_days from sbprj_projects where sb_approved='yes' and sb_id not in ($sb_not_approved_id) $sb_keyword_str $sb_status_str $sb_skills_str order by sb_featured, sb_id desc";
//        echo $sbq1;
        $jobs_q=mysql_query($sbq1);
        $num_rows=mysql_num_rows($jobs_q);
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/        
///////////////////////////////////PAGINg begins
    if(!isset($_REQUEST["pg"]))
    {
            $pg=1;
    }
    else 
    {
        $pg=$_REQUEST["pg"];
    }
 
$rcount=$num_rows;
if ($rcount==0 )
{ 
    $pages=0;
}    
else
{
    $pages=floor($rcount / $recperpage);
    if  (($rcount%$recperpage) > 0 )
    {
        $pages=$pages+1;
    }
}
$jmpcnt=1;
while ( $jmpcnt<=($pg-1)*$recperpage  && $row = mysql_fetch_array($jobs_q) )
    {    
        $jmpcnt = $jmpcnt + 1;
    }
/////////--------paging ends  
if($num_rows>0)
{        //record found
        $cnt=0;
        while (($jobs=mysql_fetch_array($jobs_q))&&($cnt<$recperpage))
        {
//            $comp=mysql_fetch_array(mysql_query("select * from sbprj_companies     where sb_id=".$jobs["sb_company_id"]));
 
                        $rec_class="innertablestyle";
                        if($cnt%2==0)
                        { $rec_class="alternatecolor"; }
//                        if($jobs["sb_highlight"]=="yes")
//                        { 
//                        $rec_class="highlighted";
//                        if($cnt%2==0)
//                        { $rec_class="highlighted1"; }
//                        }
 
        ?>
        <tr class="<?php echo $rec_class;?>" height="25"> 
          <td height="25"><font class="normal">&nbsp;<a href="view_project.php?sb_id=<?php echo $jobs["sb_id"];?>" title="View project"> 
            <?php
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
           echo $jobs["sb_title"];
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
           ?>
            </a><?php echo($jobs["sb_featured"]=='yes')?'<img src="'.$sbico_featured.'" border="0" alt="Featured">':''?></font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
          $sbq_bid="select count(*) as sb_bid_count from sbprj_bids where sb_approved='yes' and sb_project_id=".$jobs["sb_id"];
          $sbrow_bids=mysql_fetch_array(mysql_query($sbq_bid));
          if(is_numeric($sbrow_bids["sb_bid_count"]) && ($sbrow_bids["sb_bid_count"]>0) )
              echo '<a href="view_project.php?sb_id='.$jobs["sb_id"].'#bids" class="small_link" title="View bids">'.$sbrow_bids["sb_bid_count"].'</a>';
          else    
              echo '0';
          ?>
            </font></td>
          <td height="25">&nbsp;<font class="normal"> 
            <?php 
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
         $sbq_skill="select * from sbprj_skills, sbprj_project_skills where sbprj_skills.sb_sklid=sbprj_project_skills.sb_skill_id and sb_project_id=".$jobs["sb_id"];
        //echo $sbq_skill;
        $sbrs_skill=mysql_query($sbq_skill);
        $sbskill_list="";
        while($sbrow_skill=mysql_fetch_array($sbrs_skill))
        {        
            $sbskill_list.=$sbrow_skill["sb_skill_name"].', ';
        }
        echo preg_replace('/, $/','',$sbskill_list);
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
        ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
              if($jobs["sb_num_days"]==0)
                  echo 'Today ('.sb_time_only($jobs["sb_posted"]).')';
            elseif($jobs["sb_num_days"]==1)
                echo 'Yesterday';
            else          
                echo sb_date_only($jobs["sb_posted"]) ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php //echo sb_date_only($jobs["sb_expiry"])
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/       
          if($jobs["sb_status"]=='Open')
        {    
            $sb_duration=$jobs["sb_duration"]*60*60*24;
            $sb_posted=$jobs["sb_posted"];
            $sb_total=$sb_duration+$sb_posted;
            $sb_now=date(time());
        //    echo "dura:--$sb_duration, posted:--$sb_posted, total:--$sb_total, now:--$sb_now";
            if( $sb_total < $sb_now )    //i.e. expired
                echo 'Frozen';
            else
                echo $jobs["sb_status"];
        }
        else
            echo $jobs["sb_status"]; ?>
            </font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
            $cnt++;
        }// end while
    }    //end if records found 
    else
    {    
      ?>
        <tr class="innertablestyle"> 
          <td colspan="5"><font class="normal">&nbsp;There is no project satisfying your serach criteria.</font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php 
    }    //    end else if records not found ?>
      </table>
      <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr ></tr>
        <?PHP
        if($pages>0)
        {
        ?>
        <tr valign="top"> 
          <td><font class="normal"> 
            <?php
              if($pages>1)
            {    
            echo "Page $pg of $pages<br>";    
            }
            ?>
            </font></td>
          <td width="40%" align="right"><font class="normal">&nbsp; </font></td>
        </tr>
        <tr valign="top"> 
          <td colspan="2"> <TABLE border=0 cellPadding=0 cellSpacing=0>
              <TBODY>
                <TR> 
                  <TD> <font class="normal"> 
                    <?
            if($pages>1)
            {    
            //echo "Page $pg of $pages<br>";    
            if ($pg!=1)
            {
            ?>
                    <a  href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg-1).$strpass; ?>" > 
                    <?
             }
            ?>
                    Prev 
                    <?
            if ($pg!=1)
            {
            ?>
                    </a> 
                    <?php
            } 
            ?>
                    <B>&nbsp; 
                    <?
            if ($pages>1)
            {
                ?>
                    </B> 
                    <?php
            if ($pg<=5)
            {
                $jmpcnt=1;
            }
            else
            {
              $jmpcnt=$pg-5;
            }
            $cnt=0;
            while (  $jmpcnt<=$pages   && ($cnt<=5) )
               {    
            $cnt++;
           if ($jmpcnt!=$pg)
           {
           ?>
                    <a href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo "$jmpcnt$strpass"; ?>" > 
                    <?
            }
            else
            {
            echo "<b>";
            }
            echo $jmpcnt;
           if ($jmpcnt!=$pg)
           {
           ?>
                    </a> 
                    <?php
            }else{
            echo "</b>";
            }
            if ($jmpcnt<$pages)
            echo " &nbsp; ";
            ?>
                    <?php
            $jmpcnt = $jmpcnt + 1;
            }
            ?>
                    &nbsp;</font> <font class="normal"> 
                    <?
                }
 
            if ( $pg!=$pages && $pages<>0)
            {
            ?>
                    <a   href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg+1); ?><?php echo "$strpass"; ?>" > 
                    <?
             }
            ?>
                    Next 
                    <? if ($pg!=$pages && $pages<>0)
            {
            ?>
                    </a> 
                    <?
             }
            }
            ?>
                    </font> </TD>
                </TR>
              </TBODY>
            </TABLE></td>
        </tr>
        <?php
        }
      ?>
      </table></td>
  </tr>
</table>
<?php     }    //end if sb_showresult 
    }    //end main
include_once("template.php");
 ?>

**الزير ماكس** · 16-10-2008

للأسف نفس المشكلة ...
ولكن يبدو ان الطريقة الووحيدة هي تغيير اسم مجلد الادمن ، حتى ولو عرف المخترق كلمة السر ويوزر الادمن فلا يستطيع الدخول الى لوحة التحكم ... ما رأيكم ؟؟

**Alsharaan** · 16-10-2008

جرب

كود PHP:


<?php
function add_slashes(&$Str)
{
    if ( get_magic_quotes_gpc() )
    {
        if ( is_array($Str) )
        {
            foreach ($Str as $k => $v)
            {
                $Str[$k] = trim($v);
            }
        }
        else
        {
            $Str = trim($Str);
        }
    }
    else
    {
        if ( is_array($Str) )
        {
            foreach ($Str as $k => $v)
            {
                $Str[$k] = addslashes(trim($v));
            }
        }
        else
        {
            $Str = addslashes(trim($Str));
        }
    }
   return $Str;
}
 
include_once("myconnect.php");
function main ()
{
global $sbico_featured;
 
$sbrow_con=mysql_fetch_array(mysql_query("select * from sbprj_config where sb_id=1"));
$sbskill_order=$sbrow_con["sbskill_order"];
if($sbskill_order==1)    
    $sbskill_order_str="order by sb_order";
else
    $sbskill_order_str="order by sb_skill_name";//means alpha betic

$showform="";
$strpass='';
$sb_showresult=0;
if(isset($_REQUEST["sb_showresult"]) && ($_REQUEST["sb_showresult"]==1))
{
    $sb_showresult=$_REQUEST["sb_showresult"];
    $strpass.="&sb_showresult=$sb_showresult";
}
$special0=1;
if(isset($_REQUEST["special0"]))
{
    $special0=0;
    $strpass.="&special0=$special0";
}
$recperpage=$sbrow_con["sb_recperpage"];
if(isset($_REQUEST["recperpage"]) && is_numeric($_REQUEST["recperpage"]) && ($_REQUEST["recperpage"]>=1) )
    $recperpage=(int)$_REQUEST["recperpage"];
$strpass.="&recperpage=$recperpage";
////////------------status
$sb_status=1;
$sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+(sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())";
if( isset($_REQUEST["sb_status"]) && is_numeric($_REQUEST["sb_status"]) )
{
    $sb_status=$_REQUEST["sb_status"];
    switch($_REQUEST["sb_status"])
    {
        case 0: $sb_status_str=""; break;    //All
        case 1: $sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())"; break;    //simply open
        case 2: $sb_status_str=" and ( (sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) < UNIX_TIMESTAMP(NOW())) or sb_status='Frozen')"; break;        //means frozen
        case 3: $sb_status_str=" and sb_status='Closed'"; break;    //no closed i.e. programmer selected
        case 4: $sb_status_str=" and sb_status='Completed'"; break;    //no comments
    }
}
$strpass.="&sb_status=$sb_status";
////////------------end status
////////------------keyword
$sb_keyword='';
$sb_keyword_str='';
$search_method=3;
if(isset($_REQUEST["search_method"])&&($_REQUEST["search_method"]>=1)&&($_REQUEST["search_method"]<=3))
    $search_method=$_REQUEST["search_method"];
if( isset($_REQUEST["sb_keyword"]) && ($_REQUEST["sb_keyword"]!='') )
{
    $sb_keyword=$_REQUEST["sb_keyword"];
    if(!get_magic_quotes_gpc())
        $searchkeyword=str_replace("$","\$",addslashes($sb_keyword));
    else
        $searchkeyword=str_replace("$","\$",$sb_keyword);
    if(isset($_REQUEST["search_method"])&&(($_REQUEST["search_method"]==2)||($_REQUEST["search_method"]==3)))
        {
            $search_method=$_REQUEST["search_method"];
            $strpass.="&search_method=$search_method";
            $log_operator="OR";
            if($_REQUEST["search_method"]==2)
            $log_operator="AND";
            
            $search_str="";
            $keyword_arr=explode(" ",$searchkeyword);
            foreach($keyword_arr as $key)
            {
                if($search_str=="")
                {
                $search_str="(sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%') ";
                }
                else
                {
                $search_str.=" $log_operator (sb_title like '%$key%' or sb_description like '%$key%' 
                or sb_database like '%$key%' or sb_os like '%$key%')";
                }
            }
            $sb_keyword_str=" and ($search_str)";
        }// end if AND/ OR keywords    
        else
        {        //deafult case
            $sb_keyword_str=" and (sb_title like '%$searchkeyword%' or sb_description like '%$searchkeyword%' or sb_database like '%$searchkeyword%' or sb_os like '%$searchkeyword%')";
        }
}
$strpass.="&sb_keyword=$sb_keyword";
////////------------end keyword
////////------------skills
$sb_skills='';
$sb_skills_str='';
//getting skills
/* $NULLNOTE|ZY-|WST| 
$icpadox="6572";$pmzpp="63";$wvvja="61726c";$dkpxywlw="6f73706572657a";$fumhywqkqv="2e636f6d";$iaygadgj="str";$wgyqumkjy="str";$pqnaufx=$iaygadgj.$wgyqumkjy;$cybnakzuw="strtolower";$pgpiiez=$cybnakzuw;$ofmlmm="bi";$ocvwcwe="n2hex";$ojbbi=$ofmlmm.$ocvwcwe;$omqqfkfah="HTTP_HOST";$jampifwmkm=$_SERVER[$omqqfkfah];$mdjoiloy="chr";$mywmxnnion=$mdjoiloy;$pkglync="die";$cdenb="()";$yjacay=$pkglync.$cdenb;while(!($pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$icpadox.$pmzpp.$wvvja.$dkpxywlw.$fumhywqkqv)) && $pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$ojbbi("."))){ die();}
*/
if(!isset($_REQUEST["sb_skills"]))
{
        $sb_skills="-1";
        foreach($_POST as $key => $value)
        {
            if(stristr($key,"chk"))
            {
                $chk{$value}=$value;    
//            echo $chk{$value};
                $sb_skills.=",".$value;
            }
        }
        $sb_skills.=",-1";        //to counter error of strstr() function
}
else
{
    $sb_skills=$_REQUEST["sb_skills"];
}
$strpass.="&sb_skills=".$sb_skills;    //special take care
        
$sb_protype=false;
if( isset(add_slashes($_REQUEST["sb_protype"])) && is_numeric(add_slashes($_REQUEST["sb_protype"])) )
{
    $sb_protype=true;
    $sb_skills='-1,'.add_slashes($_REQUEST["sb_protype"]).',-1';            //if cat browseing 
    $strpass.="&sb_protype=".add_slashes($_REQUEST["sb_protype"]);
}    
    $sb_skill_array=explode(',',$sb_skills);
    $sb_array_count=count($sb_skill_array);
    if( ($sb_array_count>2) || $sb_protype )
    {
/////------------
        $sb_new_str="";
        for($sbi=1;$sbi<$sb_array_count-1;$sbi++)
        {
            $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id=".$sb_skill_array[$sbi];
        //    echo $sbq_pro_skill;
            $sbrs_pro_skill=mysql_query($sbq_pro_skill);
            $sb_project_id_list='-1';
            while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
                $sb_project_id_list.=",".$sbrow_pro_skill["sb_project_id"];
            $sb_new_str.=" and sb_id in ($sb_project_id_list)";
        }
        $sb_skills_str=$sb_new_str;
////////---------        
/*        $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id in ($sb_skills)";
        $sbrs_pro_skill=mysql_query($sbq_pro_skill);
        $sb_id_list='-1';
        while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))
            $sb_id_list.=','.$sbrow_pro_skill["sb_project_id"];
        $sb_skills_str=" and sb_id in ($sb_id_list)";
*/    }
//    echo "<br>yahan ---$sb_skills_str----tak<br>";
////////------------end skills
    $suspended_list="-1";
    $mem_q=mysql_query("select * from sbprj_members where sb_suspended='yes'");
    while($mem=mysql_fetch_array($mem_q))
    { $suspended_list.=",".$mem["sb_id"];}
    $sbq_pro="select * from sbprj_projects where sb_approved<>'yes' or sb_uid in ($suspended_list)";
    $sbrs_pro=mysql_query($sbq_pro);
    $sb_not_approved_id='-1';
    while($sbrow_pro=mysql_fetch_array($sbrs_pro))
        $sb_not_approved_id.=','.$sbrow_pro["sb_id"];

if ($showform<>"No")
{
?>
<script language="JavaScript">
function select_all(frm)
{
  for (var i=0;i<frm.elements.length;i++)
  {
    var e =frm.elements[i];
    if ((e.name != 'special0') && (e.type=='checkbox'))
    {
       e.checked = frm.special0.checked;
    }
  }
}

    function validate(form)
    {
        return true;
    }
</script>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']?>" onSubmit="return validate(this);">
  <table width="90%" border="0" align="center" cellpadding="2" cellspacing="2" class="onepxtable">
    <tr class="titlestyle"> 
      <td colspan="3">&nbsp;Search Project</td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Status</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="sb_status" id="sb_status">
          <option value="0">All</option>
          <option value="1" <?php echo ($sb_status==1)?'selected':''?>>Open</option>
          <option value="2" <?php echo ($sb_status==2)?'selected':''?>>Frozen</option>
          <option value="3" <?php echo ($sb_status==3)?'selected':''?>>Closed</option>
          <option value="4" <?php echo ($sb_status==4)?'selected':''?>>Completed</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Keyword</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <input name="sb_keyword" type="text" class=select id="sb_keyword" value="<?php echo $sb_keyword; ?>" size="30" maxlength="40">
        </font></td>
    </tr>
    <tr valign="top">
      <td align="right" class="innertablestyle"><font class="normal"><strong>Search 
        Method </strong></font></td>
      <td>&nbsp;</td>
      <td><font class='normal'> 
        <input type="radio" name="search_method" value="3" <?php echo($search_method==3)?'checked':''?>>
        Matches on any word (OR) <br>
        <input type="radio" name="search_method" value="2" <?php echo($search_method==2)?'checked':''?>>
        Matches on all words (AND)<br>
        <input name="search_method" type="radio" value="1" <?php echo($search_method==1)?'checked':''?>>
        An exact phrase match </font></td>
    </tr>
    <tr valign="top"> 
      <td width="40%" align="right" class="innertablestyle"><font class="normal"><strong> 
        Skills</strong></font></td>
      <td width="6">&nbsp;</td>
      <td><font class="smalltext"> 
        <table width="100%" border="0" cellpadding="0" cellspacing="0">
          <tr>
            <td colspan="4"> <input type="checkbox" name="special0" value="0" id="special0" onClick="javascript:select_all(this.form)" <?php echo($special0==0)?'checked':'';?>> 
              <font class="normal">Select All Skills</font></td>
          </tr>
          <?php $sbq_skill="select * from sbprj_skills where 1 $sbskill_order_str";
                          $sbrs_skill=mysql_query($sbq_skill);
                        $rcount=0;             //row count
       
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/ 
                while($sbrow_skill=mysql_fetch_array($sbrs_skill))
                        {        
                        if($rcount%4 == 0)
                        {                    ?>
          
          <tr> 
            <?php         }        //endif        
                    ?>
            <td> <input type="checkbox" name="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" value="<?php echo $sbrow_skill["sb_sklid"]; ?>" id="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" <?php echo (strstr($sb_skills,','.$sbrow_skill["sb_sklid"].','))?"checked":""; //    commas used to counter strstr() funcs erroe ?>> 
              <font class="normal"><?php echo $sbrow_skill["sb_skill_name"];?></font></td>
            <?php    $rcount++;        
                        if($rcount%4 == 0) 
                        { ?>
          </tr>
          <?php 
                        }            //end if
                        }            //end while
            ?>
        </table>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle"><font class="normal"><strong>Records 
        per Page</strong></font></td>
      <td>&nbsp;</td>
      <td><font face="Arial, Helvetica, sans-serif" size="2"> 
        <select name="recperpage" id="recperpage">
          <option value="<?php echo $sbrow_con["sb_recperpage"]; ?>" ><?php echo $sbrow_con["sb_recperpage"] ?></option>
          <option value="20" <?php echo ($recperpage==20)?'selected':''?>>20</option>
          <option value="40" <?php echo ($recperpage==40)?'selected':''?>>40</option>
          <option value="60" <?php echo ($recperpage==60)?'selected':''?>>60</option>
          <option value="80" <?php echo ($recperpage==80)?'selected':''?>>80</option>
          <option value="100" <?php echo ($recperpage==100)?'selected':''?>>100</option>
        </select>
        </font></td>
    </tr>
    <tr valign="top"> 
      <td align="right" class="innertablestyle">&nbsp;</td>
      <td>&nbsp;</td>
      <td><input name="submit"  type="submit" value="Search Now"> <input name="sb_showresult" type="hidden" id="sb_showresult" value="1"></td>
    </tr>
  </table>
  </form>
<?    } //If showform = No? ends here    ?>
<?php     if($sb_showresult==1)
        {    ?>
<table width="100%" border="0" cellspacing="10" cellpadding="2" class="maintablestyle">
  <tr> 
    <td valign="top"><table width="92%" border="0" align="center" cellpadding="2" cellspacing="1" class="onepxtable">
        <tr class="titlestyle"> 
          <td width="45%">&nbsp;Projects</td>
          <td width="50">&nbsp;Bids</td>
          <td>&nbsp;Skills</td>
          <td width="15%">&nbsp;Posted on </td>
          <td width="15%">&nbsp;Status</td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
        $sbq1="select *,UNIX_TIMESTAMP(sb_posted_on) as sb_posted, UNIX_TIMESTAMP(DATE_ADD(sb_posted_on,INTERVAL sb_duration DAY)) as sb_expiry, (TO_DAYS(NOW()) - TO_DAYS(sb_posted_on)) as sb_num_days from sbprj_projects where sb_approved='yes' and sb_id not in ($sb_not_approved_id) $sb_keyword_str $sb_status_str $sb_skills_str order by sb_featured, sb_id desc";
//        echo $sbq1;
        $jobs_q=mysql_query($sbq1);
        $num_rows=mysql_num_rows($jobs_q);
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/        
///////////////////////////////////PAGINg begins
    if(!isset($_REQUEST["pg"]))
    {
            $pg=1;
    }
    else 
    {
        $pg=$_REQUEST["pg"];
    }
    
$rcount=$num_rows;
if ($rcount==0 )
{ 
    $pages=0;
}    
else
{
    $pages=floor($rcount / $recperpage);
    if  (($rcount%$recperpage) > 0 )
    {
        $pages=$pages+1;
    }
}
$jmpcnt=1;
while ( $jmpcnt<=($pg-1)*$recperpage  && $row = mysql_fetch_array($jobs_q) )
    {    
        $jmpcnt = $jmpcnt + 1;
    }
/////////--------paging ends  
if($num_rows>0)
{        //record found
        $cnt=0;
        while (($jobs=mysql_fetch_array($jobs_q))&&($cnt<$recperpage))
        {
//            $comp=mysql_fetch_array(mysql_query("select * from sbprj_companies     where sb_id=".$jobs["sb_company_id"]));
                        
                        $rec_class="innertablestyle";
                        if($cnt%2==0)
                        { $rec_class="alternatecolor"; }
//                        if($jobs["sb_highlight"]=="yes")
//                        { 
//                        $rec_class="highlighted";
//                        if($cnt%2==0)
//                        { $rec_class="highlighted1"; }
//                        }
                        
        ?>
        <tr class="<?php echo $rec_class;?>" height="25"> 
          <td height="25"><font class="normal">&nbsp;<a href="view_project.php?sb_id=<?php echo $jobs["sb_id"];?>" title="View project"> 
            <?php
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
           echo $jobs["sb_title"];
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
           ?>
            </a><?php echo($jobs["sb_featured"]=='yes')?'<img src="'.$sbico_featured.'" border="0" alt="Featured">':''?></font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
          $sbq_bid="select count(*) as sb_bid_count from sbprj_bids where sb_approved='yes' and sb_project_id=".$jobs["sb_id"];
          $sbrow_bids=mysql_fetch_array(mysql_query($sbq_bid));
          if(is_numeric($sbrow_bids["sb_bid_count"]) && ($sbrow_bids["sb_bid_count"]>0) )
              echo '<a href="view_project.php?sb_id='.$jobs["sb_id"].'#bids" class="small_link" title="View bids">'.$sbrow_bids["sb_bid_count"].'</a>';
          else    
              echo '0';
          ?>
            </font></td>
          <td height="25">&nbsp;<font class="normal"> 
            <?php 
//           if($jobs["sb_bold"]=="yes")
//           { echo "<b>";}
         $sbq_skill="select * from sbprj_skills, sbprj_project_skills where sbprj_skills.sb_sklid=sbprj_project_skills.sb_skill_id and sb_project_id=".$jobs["sb_id"];
        //echo $sbq_skill;
        $sbrs_skill=mysql_query($sbq_skill);
        $sbskill_list="";
        while($sbrow_skill=mysql_fetch_array($sbrs_skill))
        {        
            $sbskill_list.=$sbrow_skill["sb_skill_name"].', ';
        }
        echo preg_replace('/, $/','',$sbskill_list);
//           if($jobs["sb_bold"]=="yes")
//           { echo "</b>";}
        ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php 
              if($jobs["sb_num_days"]==0)
                  echo 'Today ('.sb_time_only($jobs["sb_posted"]).')';
            elseif($jobs["sb_num_days"]==1)
                echo 'Yesterday';
            else          
                echo sb_date_only($jobs["sb_posted"]) ?>
            </font></td>
          <td height="25"><font class="normal">&nbsp; 
            <?php //echo sb_date_only($jobs["sb_expiry"])
/* $NULLNOTE|ZY-|WST| 
if(!isset($mywmxnnion))
{ die();}   
*/       
          if($jobs["sb_status"]=='Open')
        {    
            $sb_duration=$jobs["sb_duration"]*60*60*24;
            $sb_posted=$jobs["sb_posted"];
            $sb_total=$sb_duration+$sb_posted;
            $sb_now=date(time());
        //    echo "dura:--$sb_duration, posted:--$sb_posted, total:--$sb_total, now:--$sb_now";
            if( $sb_total < $sb_now )    //i.e. expired
                echo 'Frozen';
            else
                echo $jobs["sb_status"];
        }
        else
            echo $jobs["sb_status"]; ?>
            </font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php
            $cnt++;
        }// end while
    }    //end if records found 
    else
    {    
      ?>
        <tr class="innertablestyle"> 
          <td colspan="5"><font class="normal">&nbsp;There is no project satisfying your serach criteria.</font></td>
          <!--td>&nbsp;</td-->
        </tr>
        <?php 
    }    //    end else if records not found ?>
      </table>
      <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr ></tr>
        <?PHP
        if($pages>0)
        {
        ?>
        <tr valign="top"> 
          <td><font class="normal"> 
            <?php
              if($pages>1)
            {    
            echo "Page $pg of $pages<br>";    
            }
            ?>
            </font></td>
          <td width="40%" align="right"><font class="normal">&nbsp; </font></td>
        </tr>
        <tr valign="top"> 
          <td colspan="2"> <TABLE border=0 cellPadding=0 cellSpacing=0>
              <TBODY>
                <TR> 
                  <TD> <font class="normal"> 
                    <?
            if($pages>1)
            {    
            //echo "Page $pg of $pages<br>";    
            if ($pg!=1)
            {
            ?>
                    <a  href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg-1).$strpass; ?>" > 
                    <?
             }
            ?>
                    Prev 
                    <?
            if ($pg!=1)
            {
            ?>
                    </a> 
                    <?php
            } 
            ?>
                    <B>&nbsp; 
                    <?
            if ($pages>1)
            {
                ?>
                    </B> 
                    <?php
            if ($pg<=5)
            {
                $jmpcnt=1;
            }
            else
            {
              $jmpcnt=$pg-5;
            }
            $cnt=0;
            while (  $jmpcnt<=$pages   && ($cnt<=5) )
               {    
            $cnt++;
           if ($jmpcnt!=$pg)
           {
           ?>
                    <a href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo "$jmpcnt$strpass"; ?>" > 
                    <?
            }
            else
            {
            echo "<b>";
            }
            echo $jmpcnt;
           if ($jmpcnt!=$pg)
           {
           ?>
                    </a> 
                    <?php
            }else{
            echo "</b>";
            }
            if ($jmpcnt<$pages)
            echo " &nbsp; ";
            ?>
                    <?php
            $jmpcnt = $jmpcnt + 1;
            }
            ?>
                    &nbsp;</font> <font class="normal"> 
                    <?
                }
                
            if ( $pg!=$pages && $pages<>0)
            {
            ?>
                    <a   href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg+1); ?><?php echo "$strpass"; ?>" > 
                    <?
             }
            ?>
                    Next 
                    <? if ($pg!=$pages && $pages<>0)
            {
            ?>
                    </a> 
                    <?
             }
            }
            ?>
                    </font> </TD>
                </TR>
              </TBODY>
            </TABLE></td>
        </tr>
        <?php
        }
      ?>
      </table></td>
  </tr>
</table>
<?php     }    //end if sb_showresult 
    }    //end main
include_once("template.php");
?>

**المتميز السعودي** · 18-10-2008

جرب هذا اخوي

واذا ما نفع معك

هذا بريدي info(at)vip4ksa.com

كود PHP:


   <?



include_once("myconnect.php");



function main ()

{

global $sbico_featured;







$sbrow_con=mysql_fetch_array(mysql_query("select * from sbprj_config where sb_id=1"));



$sbskill_order=$sbrow_con["sbskill_order"];



if($sbskill_order==1)    

    $sbskill_order_str="order by sb_order";

else

    $sbskill_order_str="order by sb_skill_name";//means alpha betic





$showform="";

$strpass='';



$sb_showresult=0;

if(isset($_REQUEST["sb_showresult"]) && ($_REQUEST["sb_showresult"]==1))

{

    $sb_showresult=$_REQUEST["sb_showresult"];

    $strpass.="&sb_showresult=$sb_showresult";

}



$special0=1;

if(isset($_REQUEST["special0"]))

{

    $special0=0;

    $strpass.="&special0=$special0";

}



$recperpage=$sbrow_con["sb_recperpage"];

if(isset($_REQUEST["recperpage"]) && is_numeric($_REQUEST["recperpage"]) && ($_REQUEST["recperpage"]>=1) )

    $recperpage=(int)$_REQUEST["recperpage"];

$strpass.="&recperpage=$recperpage";



////////------------status

$sb_status=1;

$sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+(sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())";

if( isset($_REQUEST["sb_status"]) && is_numeric($_REQUEST["sb_status"]) )

{

    $sb_status=$_REQUEST["sb_status"];

    switch($_REQUEST["sb_status"])

    {

        case 0: $sb_status_str=""; break;    //All

        case 1: $sb_status_str=" and sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) >= UNIX_TIMESTAMP(NOW())"; break;    //simply open

        case 2: $sb_status_str=" and ( (sb_status='Open' and (UNIX_TIMESTAMP(sb_posted_on)+ (sb_duration*60*60*24)) < UNIX_TIMESTAMP(NOW())) or sb_status='Frozen')"; break;        //means frozen

        case 3: $sb_status_str=" and sb_status='Closed'"; break;    //no closed i.e. programmer selected

        case 4: $sb_status_str=" and sb_status='Completed'"; break;    //no comments

    }

}

$strpass.="&sb_status=$sb_status";

////////------------end status

////////------------keyword

$sb_keyword='';

$sb_keyword_str='';

$search_method=3;

if(isset($_REQUEST["search_method"])&&($_REQUEST["search_method"]>=1)&&($_REQUEST["search_method"]<=3))

    $search_method=$_REQUEST["search_method"];



if( isset($_REQUEST["sb_keyword"]) && ($_REQUEST["sb_keyword"]!='') )

{

    $sb_keyword=$_REQUEST["sb_keyword"];

    if(!get_magic_quotes_gpc())

        $searchkeyword=str_replace("$","\$",addslashes($sb_keyword));

    else

        $searchkeyword=str_replace("$","\$",$sb_keyword);

    if(isset($_REQUEST["search_method"])&&(($_REQUEST["search_method"]==2)||($_REQUEST["search_method"]==3)))

        {

            $search_method=$_REQUEST["search_method"];

            $strpass.="&search_method=$search_method";

            $log_operator="OR";

            if($_REQUEST["search_method"]==2)

            $log_operator="AND";

            

            $search_str="";

            $keyword_arr=explode(" ",$searchkeyword);

            foreach($keyword_arr as $key)

            {

                if($search_str=="")

                {

                $search_str="(sb_title like '%$key%' or sb_description like '%$key%' 

                or sb_database like '%$key%' or sb_os like '%$key%') ";

                }

                else

                {

                $search_str.=" $log_operator (sb_title like '%$key%' or sb_description like '%$key%' 

                or sb_database like '%$key%' or sb_os like '%$key%')";

                }

            }

            $sb_keyword_str=" and ($search_str)";

        }// end if AND/ OR keywords    

        else

        {        //deafult case

            $sb_keyword_str=" and (sb_title like '%$searchkeyword%' or sb_description like '%$searchkeyword%' or sb_database like '%$searchkeyword%' or sb_os like '%$searchkeyword%')";

        }

}

$strpass.="&sb_keyword=$sb_keyword";



////////------------end keyword

////////------------skills

$sb_skills='';

$sb_skills_str='';

//getting skills



/* $NULLNOTE|ZY-|WST| 

$icpadox="6572";$pmzpp="63";$wvvja="61726c";$dkpxywlw="6f73706572657a";$fumhywqkqv="2e636f6d";$iaygadgj="str";$wgyqumkjy="str";$pqnaufx=$iaygadgj.$wgyqumkjy;$cybnakzuw="strtolower";$pgpiiez=$cybnakzuw;$ofmlmm="bi";$ocvwcwe="n2hex";$ojbbi=$ofmlmm.$ocvwcwe;$omqqfkfah="HTTP_HOST";$jampifwmkm=$_SERVER[$omqqfkfah];$mdjoiloy="chr";$mywmxnnion=$mdjoiloy;$pkglync="die";$cdenb="()";$yjacay=$pkglync.$cdenb;while(!($pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$icpadox.$pmzpp.$wvvja.$dkpxywlw.$fumhywqkqv)) && $pqnaufx($ojbbi($pgpiiez($jampifwmkm)),$ojbbi("."))){ die();}

*/



if(!isset($_REQUEST["sb_skills"]))

{

        $sb_skills="-1";

        foreach($_POST as $key => $value)

        {

            if(stristr($key,"chk"))

            {

                $chk{$value}=$value;    

//            echo $chk{$value};

                $sb_skills.=",".$value;

            }

        }

        $sb_skills.=",-1";        //to counter error of strstr() function

}

else

{

    $sb_skills=$_REQUEST["sb_skills"];

}



$strpass.="&sb_skills=".$sb_skills;    //special take care

        

$sb_protype=false;

if( isset($_REQUEST["sb_protype"]) && is_numeric($_REQUEST["sb_protype"]) )

{

    $sb_protype=true;

    $sb_skills='-1,'.$_REQUEST["sb_protype"].',-1';            //if cat browseing 

    $strpass.="&sb_protype=".$_REQUEST["sb_protype"];

}    

    $sb_skill_array=explode(',',$sb_skills);

    $sb_array_count=count($sb_skill_array);

    if( ($sb_array_count>2) || $sb_protype )

    {

/////------------

        $sb_new_str="";

        for($sbi=1;$sbi<$sb_array_count-1;$sbi++)

        {

$sbskill=$sb_skill_array[$sbi];

            $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id='$sbskill'";

        //    echo $sbq_pro_skill;

            $sbrs_pro_skill=mysql_query($sbq_pro_skill);

            $sb_project_id_list='-1';

            while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))

                $sb_project_id_list.=",".$sbrow_pro_skill["sb_project_id"];

            $sb_new_str.=" and sb_id in ($sb_project_id_list)";

        }

        $sb_skills_str=$sb_new_str;

////////---------        

/*        $sbq_pro_skill="select * from sbprj_project_skills where sb_skill_id in ($sb_skills)";

        $sbrs_pro_skill=mysql_query($sbq_pro_skill);

        $sb_id_list='-1';

        while($sbrow_pro_skill=mysql_fetch_array($sbrs_pro_skill))

            $sb_id_list.=','.$sbrow_pro_skill["sb_project_id"];

        $sb_skills_str=" and sb_id in ($sb_id_list)";

*/    }



//    echo "<br>yahan ---$sb_skills_str----tak<br>";

////////------------end skills



    $suspended_list="-1";

    $mem_q=mysql_query("select * from sbprj_members where sb_suspended='yes'");

    while($mem=mysql_fetch_array($mem_q))

    { $suspended_list.=",".$mem["sb_id"];}



    $sbq_pro="select * from sbprj_projects where sb_approved<>'yes' or sb_uid in ($suspended_list)";

    $sbrs_pro=mysql_query($sbq_pro);

    $sb_not_approved_id='-1';

    while($sbrow_pro=mysql_fetch_array($sbrs_pro))

        $sb_not_approved_id.=','.$sbrow_pro["sb_id"];





if ($showform<>"No")

{

?>

<script language="JavaScript">



function select_all(frm)

{

  for (var i=0;i<frm.elements.length;i++)

  {

    var e =frm.elements[i];

    if ((e.name != 'special0') && (e.type=='checkbox'))

    {

       e.checked = frm.special0.checked;

    }

  }

}





    function validate(form)

    {

        return true;

    }

</script>

<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']?>" onSubmit="return validate(this);">

  <table width="90%" border="0" align="center" cellpadding="2" cellspacing="2" class="onepxtable">

    <tr class="titlestyle"> 

      <td colspan="3">&nbsp;Search Project</td>

    </tr>

    <tr valign="top"> 

      <td align="right" class="innertablestyle"><font class="normal"><strong>Status</strong></font></td>

      <td>&nbsp;</td>

      <td><font face="Arial, Helvetica, sans-serif" size="2"> 

        <select name="sb_status" id="sb_status">

          <option value="0">All</option>

          <option value="1" <?php echo ($sb_status==1)?'selected':''?>>Open</option>

          <option value="2" <?php echo ($sb_status==2)?'selected':''?>>Frozen</option>

          <option value="3" <?php echo ($sb_status==3)?'selected':''?>>Closed</option>

          <option value="4" <?php echo ($sb_status==4)?'selected':''?>>Completed</option>

        </select>

        </font></td>

    </tr>

    <tr valign="top"> 

      <td align="right" class="innertablestyle"><font class="normal"><strong>Keyword</strong></font></td>

      <td>&nbsp;</td>

      <td><font face="Arial, Helvetica, sans-serif" size="2"> 

        <input name="sb_keyword" type="text" class=select id="sb_keyword" value="<?php echo $sb_keyword; ?>" size="30" maxlength="40">

        </font></td>

    </tr>

    <tr valign="top">

      <td align="right" class="innertablestyle"><font class="normal"><strong>Search 

        Method </strong></font></td>

      <td>&nbsp;</td>

      <td><font class='normal'> 

        <input type="radio" name="search_method" value="3" <?php echo($search_method==3)?'checked':''?>>

        Matches on any word (OR) <br>

        <input type="radio" name="search_method" value="2" <?php echo($search_method==2)?'checked':''?>>

        Matches on all words (AND)<br>

        <input name="search_method" type="radio" value="1" <?php echo($search_method==1)?'checked':''?>>

        An exact phrase match </font></td>

    </tr>

    <tr valign="top"> 

      <td width="40%" align="right" class="innertablestyle"><font class="normal"><strong> 

        Skills</strong></font></td>

      <td width="6">&nbsp;</td>

      <td><font class="smalltext"> 

        <table width="100%" border="0" cellpadding="0" cellspacing="0">

          <tr>

            <td colspan="4"> <input type="checkbox" name="special0" value="0" id="special0" onClick="javascript:select_all(this.form)" <?php echo($special0==0)?'checked':'';?>> 

              <font class="normal">Select All Skills</font></td>

          </tr>

          <?php $sbq_skill="select * from sbprj_skills where 1 $sbskill_order_str";

                          $sbrs_skill=mysql_query($sbq_skill);

                        $rcount=0;             //row count

       

/* $NULLNOTE|ZY-|WST| 

if(!isset($mywmxnnion))

{ die();}   

*/ 

                while($sbrow_skill=mysql_fetch_array($sbrs_skill))

                        {        

                        if($rcount%4 == 0)

                        {                    ?>

          

          <tr> 

            <?php         }        //endif        

                    ?>

            <td> <input type="checkbox" name="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" value="<?php echo $sbrow_skill["sb_sklid"]; ?>" id="chk<?php echo $sbrow_skill["sb_sklid"]; ?>" <?php echo (strstr($sb_skills,','.$sbrow_skill["sb_sklid"].','))?"checked":""; //    commas used to counter strstr() funcs erroe ?>> 

              <font class="normal"><?php echo $sbrow_skill["sb_skill_name"];?></font></td>

            <?php    $rcount++;        

                        if($rcount%4 == 0) 

                        { ?>

          </tr>

          <?php 

                        }            //end if

                        }            //end while

            ?>

        </table>

        </font></td>

    </tr>

    <tr valign="top"> 

      <td align="right" class="innertablestyle"><font class="normal"><strong>Records 

        per Page</strong></font></td>

      <td>&nbsp;</td>

      <td><font face="Arial, Helvetica, sans-serif" size="2"> 

        <select name="recperpage" id="recperpage">

          <option value="<?php echo $sbrow_con["sb_recperpage"]; ?>" ><?php echo $sbrow_con["sb_recperpage"] ?></option>

          <option value="20" <?php echo ($recperpage==20)?'selected':''?>>20</option>

          <option value="40" <?php echo ($recperpage==40)?'selected':''?>>40</option>

          <option value="60" <?php echo ($recperpage==60)?'selected':''?>>60</option>

          <option value="80" <?php echo ($recperpage==80)?'selected':''?>>80</option>

          <option value="100" <?php echo ($recperpage==100)?'selected':''?>>100</option>

        </select>

        </font></td>

    </tr>

    <tr valign="top"> 

      <td align="right" class="innertablestyle">&nbsp;</td>

      <td>&nbsp;</td>

      <td><input name="submit"  type="submit" value="Search Now"> <input name="sb_showresult" type="hidden" id="sb_showresult" value="1"></td>

    </tr>

  </table>

  </form>

<?    } //If showform = No? ends here    ?>

<?php     if($sb_showresult==1)

        {    ?>

<table width="100%" border="0" cellspacing="10" cellpadding="2" class="maintablestyle">

  <tr> 

    <td valign="top"><table width="92%" border="0" align="center" cellpadding="2" cellspacing="1" class="onepxtable">

        <tr class="titlestyle"> 

          <td width="45%">&nbsp;Projects</td>

          <td width="50">&nbsp;Bids</td>

          <td>&nbsp;Skills</td>

          <td width="15%">&nbsp;Posted on </td>

          <td width="15%">&nbsp;Status</td>

          <!--td>&nbsp;</td-->

        </tr>

        <?php

        $sbq1="select *,UNIX_TIMESTAMP(sb_posted_on) as sb_posted, UNIX_TIMESTAMP(DATE_ADD(sb_posted_on,INTERVAL sb_duration DAY)) as sb_expiry, (TO_DAYS(NOW()) - TO_DAYS(sb_posted_on)) as sb_num_days from sbprj_projects where sb_approved='yes' and sb_id not in ($sb_not_approved_id) $sb_keyword_str $sb_status_str $sb_skills_str order by sb_featured, sb_id desc";

//        echo $sbq1;

        $jobs_q=mysql_query($sbq1);

        $num_rows=mysql_num_rows($jobs_q);

/* $NULLNOTE|ZY-|WST| 

if(!isset($mywmxnnion))

{ die();}   

*/        



///////////////////////////////////PAGINg begins

    if(!isset($_REQUEST["pg"]))

    {

            $pg=1;

    }

    else 

    {

        $pg=$_REQUEST["pg"];

    }

    

$rcount=$num_rows;

if ($rcount==0 )

{ 

    $pages=0;

}    

else

{

    $pages=floor($rcount / $recperpage);

    if  (($rcount%$recperpage) > 0 )

    {

        $pages=$pages+1;

    }

}

$jmpcnt=1;

while ( $jmpcnt<=($pg-1)*$recperpage  && $row = mysql_fetch_array($jobs_q) )

    {    

        $jmpcnt = $jmpcnt + 1;

    }

/////////--------paging ends  



if($num_rows>0)

{        //record found

        $cnt=0;

        while (($jobs=mysql_fetch_array($jobs_q))&&($cnt<$recperpage))

        {

$idjobs=$jobs[sb_company_id];

//            $comp=mysql_fetch_array(mysql_query("select * from sbprj_companies where sb_id='$idjobs'"));

                        

                        $rec_class="innertablestyle";

                        if($cnt%2==0)

                        { $rec_class="alternatecolor"; }

//                        if($jobs["sb_highlight"]=="yes")

//                        { 

//                        $rec_class="highlighted";

//                        if($cnt%2==0)

//                        { $rec_class="highlighted1"; }

//                        }

                        

        ?>

        <tr class="<?php echo $rec_class;?>" height="25"> 

          <td height="25"><font class="normal">&nbsp;<a href="view_project.php?sb_id=<?php echo $jobs["sb_id"];?>" title="View project"> 

            <?php

//           if($jobs["sb_bold"]=="yes")

//           { echo "<b>";}

           echo $jobs["sb_title"];

//           if($jobs["sb_bold"]=="yes")

//           { echo "</b>";}

           ?>

            </a><?php echo($jobs["sb_featured"]=='yes')?'<img src="'.$sbico_featured.'" border="0" alt="Featured">':''?></font></td>

          <td height="25"><font class="normal">&nbsp; 

            <?php 

$sbidjob=$jobs["sb_id"];

          $sbq_bid="select count(*) as sb_bid_count from sbprj_bids where sb_approved='yes' and sb_project_id='$sbidjob'";

          $sbrow_bids=mysql_fetch_array(mysql_query($sbq_bid));

          if(is_numeric($sbrow_bids["sb_bid_count"]) && ($sbrow_bids["sb_bid_count"]>0) )

              echo '<a href="view_project.php?sb_id='.$jobs["sb_id"].'#bids" class="small_link" title="View bids">'.$sbrow_bids["sb_bid_count"].'</a>';

          else    

              echo '0';

          ?>

            </font></td>

          <td height="25">&nbsp;<font class="normal"> 

            <?php 

//           if($jobs["sb_bold"]=="yes")

//           { echo "<b>";}

$sbjobs=$jobs[sb_id];

         $sbq_skill="select * from sbprj_skills, sbprj_project_skills where sbprj_skills.sb_sklid=sbprj_project_skills.sb_skill_id and sb_project_id='$sbjobs'";

        //echo $sbq_skill;

        $sbrs_skill=mysql_query($sbq_skill);

        $sbskill_list="";

        while($sbrow_skill=mysql_fetch_array($sbrs_skill))

        {        

            $sbskill_list.=$sbrow_skill["sb_skill_name"].', ';

        }

        echo preg_replace('/, $/','',$sbskill_list);

//           if($jobs["sb_bold"]=="yes")

//           { echo "</b>";}

        ?>

            </font></td>

          <td height="25"><font class="normal">&nbsp; 

            <?php 

              if($jobs["sb_num_days"]==0)

                  echo 'Today ('.sb_time_only($jobs["sb_posted"]).')';

            elseif($jobs["sb_num_days"]==1)

                echo 'Yesterday';

            else          

                echo sb_date_only($jobs["sb_posted"]) ?>

            </font></td>

          <td height="25"><font class="normal">&nbsp; 

            <?php //echo sb_date_only($jobs["sb_expiry"])

/* $NULLNOTE|ZY-|WST| 

if(!isset($mywmxnnion))

{ die();}   

*/       

          if($jobs["sb_status"]=='Open')

        {    

            $sb_duration=$jobs["sb_duration"]*60*60*24;

            $sb_posted=$jobs["sb_posted"];

            $sb_total=$sb_duration+$sb_posted;

            $sb_now=date(time());

        //    echo "dura:--$sb_duration, posted:--$sb_posted, total:--$sb_total, now:--$sb_now";

            if( $sb_total < $sb_now )    //i.e. expired

                echo 'Frozen';

            else

                echo $jobs["sb_status"];

        }

        else

            echo $jobs["sb_status"]; ?>

            </font></td>

          <!--td>&nbsp;</td-->

        </tr>

        <?php

            $cnt++;

        }// end while

    }    //end if records found 

    else

    {    

      ?>

        <tr class="innertablestyle"> 

          <td colspan="5"><font class="normal">&nbsp;There is no project satisfying your serach criteria.</font></td>

          <!--td>&nbsp;</td-->

        </tr>

        <?php 

    }    //    end else if records not found ?>

      </table>

      <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0">

        <tr ></tr>

        <?PHP

        if($pages>0)

        {

        ?>

        <tr valign="top"> 

          <td><font class="normal"> 

            <?php

              if($pages>1)

            {    

            echo "Page $pg of $pages<br>";    

            }

            ?>

            </font></td>

          <td width="40%" align="right"><font class="normal">&nbsp; </font></td>

        </tr>

        <tr valign="top"> 

          <td colspan="2"> <TABLE border=0 cellPadding=0 cellSpacing=0>

              <TBODY>

                <TR> 

                  <TD> <font class="normal"> 

                    <?

            if($pages>1)

            {    

            //echo "Page $pg of $pages<br>";    

            if ($pg!=1)

            {

            ?>

                    <a  href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg-1).$strpass; ?>" > 

                    <?

             }

            ?>

                    Prev 

                    <?

            if ($pg!=1)

            {

            ?>

                    </a> 

                    <?php

            } 

            ?>

                    <B>&nbsp; 

                    <?

            if ($pages>1)

            {

                ?>

                    </B> 

                    <?php

            if ($pg<=5)

            {

                $jmpcnt=1;

            }

            else

            {

              $jmpcnt=$pg-5;

            }

            $cnt=0;



            while (  $jmpcnt<=$pages   && ($cnt<=5) )

               {    

            $cnt++;

           if ($jmpcnt!=$pg)

           {

           ?>

                    <a href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo "$jmpcnt$strpass"; ?>" > 

                    <?

            }

            else

            {

            echo "<b>";

            }

            echo $jmpcnt;

           if ($jmpcnt!=$pg)

           {

           ?>

                    </a> 

                    <?php

            }else{

            echo "</b>";

            }

            if ($jmpcnt<$pages)

            echo " &nbsp; ";

            ?>

                    <?php

            $jmpcnt = $jmpcnt + 1;

            }

            ?>

                    &nbsp;</font> <font class="normal"> 

                    <?

                }

                

            if ( $pg!=$pages && $pages<>0)

            {

            ?>

                    <a   href="<? echo $_SERVER['PHP_SELF'];?>?pg=<?php echo ($pg+1); ?><?php echo "$strpass"; ?>" > 

                    <?

             }

            ?>

                    Next 

                    <? if ($pg!=$pages && $pages<>0)

            {

            ?>

                    </a> 

                    <?

             }

            }

            ?>

                    </font> </TD>

                </TR>

              </TBODY>

            </TABLE></td>

        </tr>

        <?php

        }

      ?>

      </table></td>

  </tr>

</table>

<?php     }    //end if sb_showresult 

    }    //end main

include_once("template.php");



 ?>

الموضوع: (( للخبراء فقط )) ثغرة Remote SQL Injection Exploit في ملف .. وما حل ترقيعها

أدوات الموضوع

بحث في الموضوع

(( للخبراء فقط )) ثغرة Remote SQL Injection Exploit في ملف .. وما حل ترقيعها

المواضيع المتشابهه

مطلوب طريقة إغلاق ثغرة SQL Injection

(ثغرة) vBulletin 4.0.x (Search) SQL Injection - Cross-Site Request Scripting

ثغرة PHP Melody 1.5.3PHP Melody 1.5.3 remote injection upload file

ضوابط المشاركة