acer240 Posted February 20, 2010 Share Posted February 20, 2010 what is the solution to the point hack ? new player joining and within 30 secs having 1000's of points any ideas anyone ? Quote Link to comment Share on other sites More sharing options...
SlanderDesign Posted February 20, 2010 Share Posted February 20, 2010 Yes. Pointmarket.php Not fixed it yet myself....:( Quote Link to comment Share on other sites More sharing options...
corruptcity || skalman Posted February 20, 2010 Share Posted February 20, 2010 yeah its coz you havent secured the get yet use this $_GET['ID'] = isset($_GET['ID']) && is_numeric($_GET['ID']) ? abs((int) $_GET['ID']) : false; $_POST['amnt'] = isset($_POST['amnt']) && is_numeric($_POST['amnt']) ? abs((int) $_POST['amnt']) : false; $_POST['price'] = isset($_POST['price']) && is_numeric($_POST['price']) ? abs((int) $_POST['price']) : false; Quote Link to comment Share on other sites More sharing options...
Veasey Posted February 20, 2010 Share Posted February 20, 2010 will that secure the points market for GRPG? Quote Link to comment Share on other sites More sharing options...
acer240 Posted February 20, 2010 Author Share Posted February 20, 2010 hack 30 views , 400 users online lol is no-one able to show the best way to secure the script below ? Any Help would be very much appreciated chaps ? and could someone pm me the actual hack they do in the market for future reference and hack solving please ? <?php include 'header.php'; if (!empty($_POST['buypoints'])){ $_POST['amount'] = abs((int) $_POST['amount']); $_POST['points_id'] = abs((int) $_POST['points_id']); $result = mysql_query("SELECT * FROM `pointsmarket` WHERE `id`='".$_POST['points_id']."'"); $worked = mysql_fetch_array($result); $price = $worked['price']; $amount = $worked['amount']; $totalcost = $price * $_POST['amount']; $newpointsinmarket = $amount - $_POST['amount']; $user_points = new User($worked['owner']); if ($worked['owner'] == $user_class->id) { if($_POST['amount'] > $amount){ echo Message("You do not have that many Points."); include 'footer.php'; die(); } else { if($_POST['amount'] < 0){ echo Message("<font size=2>GTFO!"); include 'footer.php'; die(); } else { $_POST['amount'] = abs((int)$_POST['amount']); echo Message("You have taken ".$_POST['amount']." points off the market."); $newpoints = $user_class->points + $_POST['amount'];; $result = mysql_query("UPDATE `grpgusers` SET `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'"); $user_class = new User($_SESSION['id']); if ($newpointsinmarket == 0){ $result = mysql_query("DELETE FROM `pointsmarket` WHERE `id`='".$worked['id']."'"); } else { $result = mysql_query("UPDATE `pointsmarket` SET `amount` = '".$newpointsinmarket."' WHERE `id`='".$worked['id']."'"); } include 'footer.php'; die(); } }} else { if($_POST['amount'] > $amount){ echo Message("<font size=2>They are not selling that many points."); } elseif($_POST['amount'] < 1){ echo Message("<font size=2>Please enter a valid amount of points to buy."); } elseif ($totalcost > $user_class->money){ echo Message("<font size=2>You don't have enough money."); } else { echo Message("<font size=2>You have bought ".$_POST['amount']." points for $".prettynum($totalcost)); Send_Event($user_points->id, $user_class->username." bought ".$_POST['amount']." points for $".prettynum($totalcost)); $newpoints = $user_class->points + $_POST['amount']; $newmoney = $user_class->money - $totalcost; $result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newmoney."', `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'"); $newmoney = $user_points->money + $totalcost; $result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newmoney."' WHERE `id`='".$user_points->id."'"); $user_class = new User($_SESSION['id']); if ($newpointsinmarket == 0){ $result = mysql_query("DELETE FROM `pointsmarket` WHERE `id`='".$worked['id']."'"); } else { $result = mysql_query("UPDATE `pointsmarket` SET `amount` = '".$newpointsinmarket."' WHERE `id`='".$worked['id']."'"); } } }} if ($_POST['addpoints']){ if($_POST['price'] > 40000){ echo Message("<font size=2>You cant add points into the market for more than $40,000 each."); include 'footer.php'; die(); } $_POST['amount'] = abs((int) $_POST['amount']); if($_POST['amount'] > $user_class->points){ echo Message("<font size=2>You don't have that many points."); } if($_POST['amount'] < 1){ echo Message("<font size=2>Please enter a valid amount of points."); } if($_POST['price'] < 1){ echo Message("<font size=2>Please enter a valid amount of money."); } if($_POST['amount'] >= 1 && $_POST['amount'] <= $user_class->points && $_POST['price'] >= 1){ echo Message("<font size=2>You have added ".$_POST['amount']." points to the market a price of $".$_POST['price']." per point."); $result= mysql_query("INSERT INTO `pointsmarket` (owner, amount, price)"."VALUES ('$user_class->id', '$_POST[amount]', '$_POST[price]')"); $newpoints = $user_class->points - $_POST['amount']; $result = mysql_query("UPDATE `grpgusers` SET `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'"); $user_class = new User($_SESSION['id']); } } ?> <tr><td class="contenthead">Point Market</td></tr> <tr><td class="contentcontent"><font size=2> Use this form to add points to the points market. <form method='post'> <table align="center"> <tr> <td><font size=2>Amount of points</td><td><input type='hidden' value="1" name="buypoints"><input type='text' name='amount' size='10' maxlength='20' value='<? echo $user_class->points ?>'></td> </tr> <tr> <td>Price per point</td><td>$<input type='text' name='price' size='10' maxlength='20'></td> <tr><td align="center" colspan="2"><input type='submit' name='addpoints' value='Add Points'></form></td> </tr></table> </td></tr> <tr><td class="contentcontent"> <table width=100%><tr><td class="contenthead"><center><font size=2>Seller</center></td><td class="contenthead"><center><font size=2>Amount</center></td><td class="contenthead"><center><font size=2>Price</center></td><td class="contenthead"><center><font size=2>Buy</center></td></tr> </td></tr> <tr> <?php $result = mysql_query("SELECT * FROM `pointsmarket` ORDER BY `price` DESC"); while($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $user_points = new User($line['owner']); if ($user_points->id == $user_class->id){ $submittext = "Remove Points"; } else { $submittext = "Buy"; } echo "<form method='post'>"; echo "<tr><td align=center><font size=2>".$user_points->formattedname."</td><td align=center><font size=2>".prettynum($line['amount'])."</td><td align=center><font size=2>".prettynum($line['price'])."</td><td align=center> <input type='text' name='amount' size='3' maxlength='20' value='".$line['amount']."'><input type='hidden' name='buypoints' value='buy'><input type='hidden' name='points_id' value='".$line['id']."'><input type='submit' name='bypoints' value='".$submittext."'></form></td></tr>"; } ?> </td></tr> <?php include 'footer.php'; ?> Quote Link to comment Share on other sites More sharing options...
corruptcity || skalman Posted February 20, 2010 Share Posted February 20, 2010 no sorry mine was for mccodes Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted February 20, 2010 Share Posted February 20, 2010 Firstly replace all your [mysql] $_POST['amount'] = abs((int) $_POST['amount']); $_POST['points_id'] = abs((int) $_POST['points_id']); [/mysql] With.. Â [mysql]$_POST['amount'] = abs(intval($_POST['amount'])); $_POST['points_id'] = abs(intval($_POST['points_id'])); [/mysql] Quote Link to comment Share on other sites More sharing options...
seanybob Posted February 20, 2010 Share Posted February 20, 2010 Firstly replace all your [mysql] $_POST['amount'] = abs((int) $_POST['amount']); $_POST['points_id'] = abs((int) $_POST['points_id']); [/mysql] With.. Â [mysql]$_POST['amount'] = abs(intval($_POST['amount'])); $_POST['points_id'] = abs(intval($_POST['points_id'])); [/mysql] Why? (Not challenging you, genuinely curious) Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted February 20, 2010 Share Posted February 20, 2010 Firstly replace all your [mysql] $_POST['amount'] = abs((int) $_POST['amount']); $_POST['points_id'] = abs((int) $_POST['points_id']); [/mysql] With.. Â [mysql]$_POST['amount'] = abs(intval($_POST['amount'])); $_POST['points_id'] = abs(intval($_POST['points_id'])); [/mysql] Why? (Not challenging you, genuinely curious) Quite a good question, However I know you know xD Â Anyway abs(); only does half the job of ''securing'' the number, either intval(); or floatval(); is required to completely secure the number. Â The reason I did intval is simple too, A whole number is expected, Floatval(); Always decimals and considering where using it on a Points market I doubt decimals need to be there Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted February 20, 2010 Share Posted February 20, 2010 Weird how not many "GURU's" post on anything but MCC lol if (!empty($_POST['buypoints'])){ $_POST['amount'] = abs((int) $_POST['amount']); $_POST['points_id'] = abs((int) $_POST['points_id']); replace with if ( !empty($_POST['buypoints']) AND ctype_digit($_POST['buypoints']) ){ $_POST['amount'] = ( isset($_POST['amount']) AND ctype_digit($_POST['amount']) ) ? $_POST['amount'] : '' ; $_POST['points_id'] = ( isset($_POST['points_id']) AND ctype_digit($_POST['points_id']) ) ? $_POST['points_id'] : '' ; if ( empty($_POST['amount']) AND empty($_POST['points_id']) ) { echo ' Invalid Command. '; include 'footer.php'; die(); } Need anymore security help refer to => [mp]17[/mp] Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted February 20, 2010 Share Posted February 20, 2010 Weird how not many "GURU's" post on anything but MCC lol if (!empty($_POST['buypoints'])){ $_POST['amount'] = abs((int) $_POST['amount']); $_POST['points_id'] = abs((int) $_POST['points_id']); replace with if ( !empty($_POST['buypoints']) AND ctype_digit($_POST['buypoints']) ){ $_POST['amount'] = ( isset($_POST['amount']) AND ctype_digit($_POST['amount']) ) ? $_POST['amount'] : '' ; $_POST['points_id'] = ( isset($_POST['points_id']) AND ctype_digit($_POST['points_id']) ) ? $_POST['points_id'] : '' ; if ( empty($_POST['amount']) AND empty($_POST['points_id']) ) { echo ' Invalid Command. '; include 'footer.php'; die(); } Need anymore security help refer to => [mp]17[/mp] Was that comment issued at me? If so when did I ever claim to be a guru? :wacko: Quote Link to comment Share on other sites More sharing options...
seanybob Posted February 20, 2010 Share Posted February 20, 2010 Quite a good question, However I know you know xD Â Anyway abs(); only does half the job of ''securing'' the number, either intval(); or floatval(); is required to completely secure the number. Â The reason I did intval is simple too, A whole number is expected, Floatval(); Always decimals and considering where using it on a Points market I doubt decimals need to be there I get that part, my question is more of why intval instead of (int). Casting it should perform the same function... right? *heads over to php.net* Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted February 20, 2010 Share Posted February 20, 2010 abs(inval) i really had trouble with understanding at first but i think i have it down right. abs = Absolute value (strips away +/- and so on leaving only floats and integers). inval = Changes the variable into integer. floatval = Changes the variable into float. Why not use my method? Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted February 20, 2010 Share Posted February 20, 2010 Quite a good question, However I know you know xD Â Anyway abs(); only does half the job of ''securing'' the number, eitherintval(); or floatval(); is required to completely secure the number. Â The reason I did intval is simple too, A whole number is expected, Floatval(); Always decimals and considering where using it on a Points market I doubt decimals need to be there I get that part, my question is more of why intval instead of (int). Casting it should perform the same function... right? *heads over to php.net* I never use the int(); function, The ways I posted above are more PHP ''Friendly'' from what I have been told many time's. I could be very wrong however many site's have always said do the way I do, Because it ensures the number is a number and it more friendly on the PHP Side off things. Quote Link to comment Share on other sites More sharing options...
Djkanna Posted February 20, 2010 Share Posted February 20, 2010 Intval() gets the integer value echo intval('+53'); would output 53 echo intval('-53'); would output -53 echo abs(intval('-53')); would output 53 Quote Link to comment Share on other sites More sharing options...
seanybob Posted February 20, 2010 Share Posted February 20, 2010 Intval() gets the integer value echo intval('+53'); would output 53 echo intval('-53'); would output -53 echo abs(intval('-53'); would output 53 Yes, from what I understand so does (int). echo (int) '+53'; would output 53 echo (int) '-53'; would output -53 echo abs((int)'-53'); would output 53 Correct? Quote Link to comment Share on other sites More sharing options...
Djkanna Posted February 20, 2010 Share Posted February 20, 2010 From what I understand yes it does (http://www.php.net/integer) Quote Link to comment Share on other sites More sharing options...
AlabamaHit Posted February 20, 2010 Share Posted February 20, 2010 That script is all jacked up......................... Quote Link to comment Share on other sites More sharing options...
SlanderDesign Posted February 20, 2010 Share Posted February 20, 2010 That script is all jacked up......................... Well how about stop complaining and make a custom one?... Generic RPG is in BETA stage, for the people who paid for it you will get updates from the owner every time he has one. If you didn't pay for, well try update it yourself? Seen as most of us do a better job than the creator anyway XD Quote Link to comment Share on other sites More sharing options...
AlabamaHit Posted February 20, 2010 Share Posted February 20, 2010 I was refering to the post up there on that page. I DO have my own game engine. I DON'T have this GRPG Engine. Like I said I was talking about the one posted. NOTE I SAID SCRIPT. Not ENGINE. Why not update this script? Simple 80% of people don't appreciate the time it takes. 20% Just complain about how you do things. Rant over. (I will not be posting back on this Topic, cause I'm not going to set here and argue over something stupid.) Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted February 20, 2010 Share Posted February 20, 2010 Well said AB, the script is jacked up and could do with a recode in sections, i did offer a small bit of code above which no one seemed to comment on so rather they didn't understand it or just don't like me ;( Quote Link to comment Share on other sites More sharing options...
SlanderDesign Posted February 20, 2010 Share Posted February 20, 2010 Well said AB, the script is jacked up and could do with a recode in sections, i did offer a small bit of code above which no one seemed to comment on so rather they didn't understand it or just don't like me ;( No not at all, I like it. But I have had my point market recoded so didn't help me much... Although I have saved to my comment notepad ;) And who said they don't like you? 8| Quote Link to comment Share on other sites More sharing options...
SlanderDesign Posted February 20, 2010 Share Posted February 20, 2010 Can this thread get moved to the normal section of GRPG? I don't see this as a mod ?( ?( ?( Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.