Joshua Posted October 26, 2009 Share Posted October 26, 2009 This isn't going to stop ALL hacks, but it helps stop some of the beginners. I'm trying to take the click click boom mod and make it where it Auto Feds users when they try and inject Only problem I'm having is It won't update the FedJail sentence. Anyone help me out here? if($_GET['ID'] != abs(@intval($_GET['ID']))) { die("For attempting a known sql injection, your IP and Name has been banned. Nice attempt, Enjoy your Fed jail sentence."); $db->query("INSERT INTO fedjail VALUES('',{$_GET['ID']}, 300, $userid, 'Hack Attempt')"); } Quote Link to comment Share on other sites More sharing options...
Dave Posted October 26, 2009 Share Posted October 26, 2009 It's because you have a die command before the mysql statement is ran, Try this if($_GET['ID'] != abs(@intval($_GET['ID']))) { $db->query("INSERT INTO fedjail VALUES('',{$_GET['ID']}, 300, $userid, 'Hack Attempt')"); die("For attempting a known sql injection, your IP and Name has been banned. Nice attempt, Enjoy your Fed jail sentence."); } Quote Link to comment Share on other sites More sharing options...
Danny696 Posted October 27, 2009 Share Posted October 27, 2009 Ermm. slight problem, you need to update the user table, as thats where the header file will check to see if the user is in fed or not. Quote Link to comment Share on other sites More sharing options...
CrackTheCoder Posted October 27, 2009 Share Posted October 27, 2009 RE: Help with Auto-Fed, For all users. if($_GET['ID'] != abs(@intval($_GET['ID']))) {$db->query("INSERT INTO fedjail VALUES('',{$_GET['ID']}, 300, $userid, 'Hack Attempt')"); die("For attempting a known sql injection, your IP and Name has been banned. Nice attempt, Enjoy your Fed jail sentence."); } change to if($_GET['ID'] != abs(@intval($_GET['ID']))) {$db->query("INSERT INTO fedjail VALUES('',{$_GET['ID']}, 300, $userid, 'Hack Attempt')");$db->query("UPDATE users SET fedjail=1 WHERE userid=$userid"); die("For attempting a known sql injection, your IP and Name has been banned. Nice attempt, Enjoy your Fed jail sentence."); } that should work. Quote Link to comment Share on other sites More sharing options...
Danny696 Posted October 28, 2009 Share Posted October 28, 2009 WRONG! if($_GET['ID'] != abs(@intval($_GET['ID']))) { $db->query("INSERT INTO fedjail VALUES('',{$_GET['ID']}, 300, $userid, 'Hack Attempt')"); $db->query("UPDATE users SET fedjail=300 WHERE userid={$_GET['ID']}"); die("For attempting a known sql injection, your IP and Name has been banned. Nice attempt, Enjoy your Fed jail sentence."); } Quote Link to comment Share on other sites More sharing options...
Joshua Posted October 28, 2009 Author Share Posted October 28, 2009 Wow, with the exception of not adding the reason to fed jail, Danny's worked better than the one I had > < Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted October 29, 2009 Share Posted October 29, 2009 Just something which came to my mind. If $_GET["ID"] is not a number, then putting it into a sql like: $db->query("INSERT INTO fedjail VALUES('',{$_GET['ID']}, 300, $userid, 'Hack Attempt')"); Is certainly bad. So replace with: $db->query("INSERT INTO fedjail VALUES('',".($_GET['ID']+0).", 300, $userid, 'Hack Attempt')"); Quote Link to comment Share on other sites More sharing options...
Danny696 Posted October 29, 2009 Share Posted October 29, 2009 You could also use a function, then its eiser than typing it all out. heres one i made before (blue peter FTW!!) function fedjail($id,$days,$reason) { global $ir,$db; $reason=$db->escape($reason): $db->query("UPDATE users SET fedjail=$days WHERE userid=$id"); $db->query("INSERT INTO fedjail VALUES('', $id, $days, {$ir['userid']}, '{$reason}')"); return 1; } in use: fedjail($userid,365,'Attempted SQL injection'); Thats one that i made. Only for v2 tho. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.