gurpreet Posted May 28, 2009 Posted May 28, 2009 Hi, someone got admin in my game via the 50/50 chance as they told me that it was in this file. However, they didn't tell me how, they just said it was in the 50/50 file. I honestly don't know how they could via this file. <?php include "globals.php"; $minbet=100; $maxg=10; echo "<big>50 / 50 Chance Game</big> "; function add_game() { global $ir,$c,$userid, $db, $minbet, $maxg; if(!isset($_POST['amt'])) { echo "<big>Adding a game</big> <form action='chance.php?add=1' method='post'> Amount $<input type='text' name='amt' size=10 maxlength=10> <input type='submit' value='Add!'></form> ($maxg games max per user) [url='chance.php']Back[/url]"; } else { $_POST['amt'] = abs((int) $_POST['amt']); if($_POST['amt'] < $minbet){echo "The minimum bet is $minbet [url='chance.php?add=1']Back[/url]";exit;} $checkcount=$db->query("SELECT logID FROM chance WHERE userID={$ir['userid']} and active=1"); if($db->num_rows($checkcount) > ($maxg-1)){echo "There is a maximum of $maxg games per user. [url='chance.php']Back[/url]";exit;} if($ir['money'] < $_POST['amt']){echo "You cannot afford that amount. [url='chance.php']Back[/url]";exit;} $db->query("UPDATE users SET money = money - {$_POST['amt']} WHERE userid = {$ir['userid']}"); $ir['money']=$ir['money'] - $_POST['amt']; $db->query("INSERT INTO chance VALUES ('', {$ir['userid']}, {$_POST['amt']}, 1)"); echo "Your game has been set. Good Luck. [url='chance.php']Back[/url]"; } } function view_games() { global $ir,$c,$userid, $db, $maxg; $q=$db->query("SELECT c.*, u.username FROM chance c left join users u on u.userid = c.userID WHERE c.active = 1 ORDER BY c.logID ASC"); echo "[url='chance.php?add=1']Add Game[/url] Table of users awaiting a challenge <table class='table' width=50%><tr><th><font color=grey>Game ID</font></th><th><font color=grey>User</font></th><th><font color=grey>Amount</font></th><th><font color=grey>Challenge</font></th><th><font color=grey>Cancel</font></th></tr>"; if($db->num_rows($q) < 1){echo "<tr><td colspan=5>There are currenly no challenges</td></tr>";} while($r=$db->fetch_row($q)) { echo "<tr><td>{$r['logID']}</td><td>[url='viewuser.php?u={$r[']{$r['username']}[/url] [{$r['userID']}]</td><td>".money_formatter($r['amount'])."</td><td>[url='chance.php?chal={$r[']Challenge[/url]</td><td>"; if($ir['userid']==$r['userID']){echo "[url='chance.php?cancel={$r[']Cancel[/url]";} echo "</td></tr>"; } echo "</table>"; } function dogame() { global $ir,$c,$userid, $db; $_GET['chal'] = abs((int) $_GET['chal']); $q=$db->query("SELECT c.*, u.username from chance c LEFT JOIN users u ON c.userID = u.userid Where c.logID={$_GET['chal']} AND c.active = 1 LIMIT 1"); if($db->num_rows($q) > 0) { $r=$db->fetch_row($q); if($ir['money'] < $r['amount']){echo "You cannot afford the challenge amount. [url='chance.php']Back[/url]";exit;} if($ir['userid'] == $r['userID']){echo "You cannot accept your own challenge. [url='chance.php']Back[/url]";exit;} $rand=rand(1,2); if($rand == 1) { $winner=$r['userID']; $loser=$ir['userid']; $winnername=$r['username']; $losername=$ir['username']; $tstring="Sorry, you Lost. Better luck next time. [url='chance.php']Back[/url]"; $db->query("UPDATE users SET money = money - {$r['amount']} WHERE userid={$ir['userid']}"); $db->query("UPDATE users SET money = money + ({$r['amount']} * 2) WHERE userid={$r['userID']}"); } else { $winner=$ir['userid']; $loser=$r['userID']; $winnername=$ir['username']; $losername=$r['username']; $tstring="You Won! Congratulations! You Won ".money_formatter($r['amount'])." [url='chance.php']Back[/url]"; $db->query("UPDATE users SET money = money + {$r['amount']} WHERE userid={$ir['userid']}"); } event_add($winner, "The game of ".money_formatter($r['amount'])." challenged by [url='viewuser.php?u={$r[']{$r['username']}[/url] was won by [url='viewuser.php?u={$winner}']{$winnername}[/url].", $c); event_add($loser, "The game of ".money_formatter($r['amount'])." challenged by [url='viewuser.php?u={$r[']{$r['username']}[/url] was won by [url='viewuser.php?u={$winner}']{$winnername}[/url].", $c); $db->query("UPDATE chance SET active = 0 WHERE logID={$_GET['chal']}"); echo $tstring; } else { echo "This game has either been cancelled or someone played before you got the chance. [url='chance.php']Back[/url]"; exit; } } function cancel() { global $ir,$c,$userid, $db; $_GET['cancel'] = abs((int) $_GET['cancel']); $q=$db->query("SELECT * from chance where logID={$_GET['cancel']} AND active = 1"); if($db->num_rows($q) > 0) { $r=$db->fetch_row($q); $db->query("UPDATE users SET money = money + {$r['amount']} WHERE userid = {$ir['userid']}"); $ir['money']=$ir['money'] + $r['amount']; $db->query("UPDATE chance SET active = -1 WHERE logID = {$_GET['cancel']}"); echo "The game has been cancelled, and your money has been returned. [url='chance.php']Back[/url]"; } else { echo "This game has already been canceled, does not exist, or someone already played. [url='chance.php']Back[/url]"; } } if(isset($_GET['cancel'])){cancel();} elseif(isset($_GET['chal'])){dogame();} elseif(isset($_GET['add'])){add_game();} else{view_games();} $h->endpage(); ?> Could someone point out where they could do it and/or how. Quote
Miniman Posted May 28, 2009 Posted May 28, 2009 Re: Secure 50/50? Check the RAW logs, I'm betting it was done via the forums and they are trying to misslead you :-) Or if not the forums there is a popular FF addon that can gain you these types of privileges in a game. Quote
gurpreet Posted May 29, 2009 Author Posted May 29, 2009 Re: Secure 50/50? Where are the RAW logs? Never had to check these before? Somewhere in the Cpanel? Quote
ShizzleNizzle Posted May 29, 2009 Posted May 29, 2009 Re: Secure 50/50? Yes there in Cpanel. Next to your AWstats and your Error Logs. :) Quote
gurpreet Posted May 29, 2009 Author Posted May 29, 2009 Re: Secure 50/50? Yes there in Cpanel. Next to your AWstats and your Error Logs. :) Oh it was the "ip hack". Someone mind going on www.death-wars.com and just using that to make themselves admin? Casey did it before....But he/she logged off msn... Quote
ShizzleNizzle Posted May 29, 2009 Posted May 29, 2009 Re: Secure 50/50? Just tryed it, did'nt seem to work for me :) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.