Jump to content
MakeWebGames

hack

acer240

By acer240
in GRPG Support

 Share

Recommended Posts

corruptcity || skalman Enthusiast

corruptcity || skalman

Posted
Posted

yeah its coz you havent secured the get yet use this

$_GET['ID'] = isset($_GET['ID']) && is_numeric($_GET['ID']) ? abs((int) $_GET['ID']) : false;

$_POST['amnt'] = isset($_POST['amnt']) && is_numeric($_POST['amnt']) ? abs((int) $_POST['amnt']) : false;

$_POST['price'] = isset($_POST['price']) && is_numeric($_POST['price']) ? abs((int) $_POST['price']) : false;

Link to comment
Share on other sites
acer240 Newbie

acer240

Posted
  • Author
Posted

hack

30 views , 400 users online lol is no-one able to show the best way to secure the script below ?

Any Help would be very much appreciated chaps ?

and could someone pm me the actual hack they do in the market for future reference and hack solving please ?

 

<?php
include 'header.php'; 

if (!empty($_POST['buypoints'])){
$_POST['amount'] = abs((int) $_POST['amount']);
$_POST['points_id'] = abs((int) $_POST['points_id']);
	$result = mysql_query("SELECT * FROM `pointsmarket` WHERE `id`='".$_POST['points_id']."'");
   $worked = mysql_fetch_array($result);
   $price = $worked['price'];
   $amount = $worked['amount'];
	$totalcost = $price * $_POST['amount'];
	$newpointsinmarket = $amount - $_POST['amount'];
	$user_points = new User($worked['owner']);


if ($worked['owner'] == $user_class->id) {

	if($_POST['amount'] > $amount){
	echo Message("You do not have that many Points.");
include 'footer.php';
die();
}
else
{

	if($_POST['amount'] < 0){
	echo Message("<font size=2>GTFO!");
include 'footer.php';
die();
}

else
{
$_POST['amount'] = abs((int)$_POST['amount']);
	echo Message("You have taken ".$_POST['amount']." points off the market.");
	$newpoints = $user_class->points + $_POST['amount'];;
	$result = mysql_query("UPDATE `grpgusers` SET `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'");
	$user_class = new User($_SESSION['id']);
		if ($newpointsinmarket == 0){
			$result = mysql_query("DELETE FROM `pointsmarket` WHERE `id`='".$worked['id']."'");
		} else {
			$result = mysql_query("UPDATE `pointsmarket` SET `amount` = '".$newpointsinmarket."' WHERE `id`='".$worked['id']."'");
	}
include 'footer.php';
die();
}
}}
else {
	if($_POST['amount'] > $amount){
	echo Message("<font size=2>They are not selling that many points.");
}
elseif($_POST['amount'] < 1){
	echo Message("<font size=2>Please enter a valid amount of points to buy.");
}
elseif ($totalcost > $user_class->money){
	echo Message("<font size=2>You don't have enough money.");
}
else {
	echo Message("<font size=2>You have bought ".$_POST['amount']." points for $".prettynum($totalcost));
	Send_Event($user_points->id, $user_class->username." bought ".$_POST['amount']." points for $".prettynum($totalcost));
	$newpoints = $user_class->points + $_POST['amount'];
	$newmoney = $user_class->money - $totalcost;


	$result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newmoney."', `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'");
	$newmoney = $user_points->money + $totalcost;
	$result = mysql_query("UPDATE `grpgusers` SET `money` = '".$newmoney."' WHERE `id`='".$user_points->id."'");
	$user_class = new User($_SESSION['id']);
		if ($newpointsinmarket == 0){
			$result = mysql_query("DELETE FROM `pointsmarket` WHERE `id`='".$worked['id']."'");
		} else {
			$result = mysql_query("UPDATE `pointsmarket` SET `amount` = '".$newpointsinmarket."' WHERE `id`='".$worked['id']."'");
		}
}
}}


if ($_POST['addpoints']){
       if($_POST['price'] > 40000){
       echo Message("<font size=2>You cant add points into the market for more than $40,000 each.");
       include 'footer.php';
       die();
       }
$_POST['amount'] = abs((int) $_POST['amount']);
	if($_POST['amount'] > $user_class->points){
	echo Message("<font size=2>You don't have that many points.");
}
if($_POST['amount'] < 1){
	echo Message("<font size=2>Please enter a valid amount of points.");
}
if($_POST['price'] < 1){
	echo Message("<font size=2>Please enter a valid amount of money.");
}
if($_POST['amount'] >= 1 && $_POST['amount'] <= $user_class->points && $_POST['price'] >= 1){
	echo Message("<font size=2>You have added ".$_POST['amount']." points to the market a price of $".$_POST['price']." per point.");
	$result= mysql_query("INSERT INTO `pointsmarket` (owner, amount, price)"."VALUES ('$user_class->id', '$_POST[amount]', '$_POST[price]')");
	$newpoints = $user_class->points - $_POST['amount'];
	$result = mysql_query("UPDATE `grpgusers` SET `points` = '".$newpoints."' WHERE `id`='".$user_class->id."'");
	$user_class = new User($_SESSION['id']);
}
}

?>
<tr><td class="contenthead">Point Market</td></tr>
<tr><td class="contentcontent"><font size=2>
Use this form to add points to the points market.


<form method='post'>
<table align="center">
<tr>
<td><font size=2>Amount of points</td><td><input type='hidden' value="1" name="buypoints"><input type='text' name='amount' size='10' maxlength='20' value='<? echo $user_class->points ?>'></td>
</tr>
<tr>
<td>Price per point</td><td>$<input type='text' name='price' size='10' maxlength='20'></td>
<tr><td align="center" colspan="2"><input type='submit' name='addpoints' value='Add Points'></form></td>
</tr></table>
</td></tr>
<tr><td class="contentcontent">
<table width=100%><tr><td class="contenthead"><center><font size=2>Seller</center></td><td class="contenthead"><center><font size=2>Amount</center></td><td class="contenthead"><center><font size=2>Price</center></td><td class="contenthead"><center><font size=2>Buy</center></td></tr>
</td></tr>
<tr>
<?php
$result = mysql_query("SELECT * FROM `pointsmarket` ORDER BY `price` DESC");
while($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
$user_points = new User($line['owner']);
if ($user_points->id == $user_class->id){
	$submittext = "Remove Points";
} else {
	$submittext = "Buy";
}
echo "<form method='post'>";
echo "<tr><td align=center><font size=2>".$user_points->formattedname."</td><td align=center><font size=2>".prettynum($line['amount'])."</td><td align=center><font size=2>".prettynum($line['price'])."</td><td align=center> <input type='text' name='amount' size='3' maxlength='20' value='".$line['amount']."'><input type='hidden' name='buypoints' value='buy'><input type='hidden' name='points_id' value='".$line['id']."'><input type='submit' name='bypoints' value='".$submittext."'></form></td></tr>";
}
?>
</td></tr>
<?php
include 'footer.php';
?>
Link to comment
Share on other sites
seanybob Newbie

seanybob

Posted
Posted
Firstly replace all your

[mysql]

$_POST['amount'] = abs((int) $_POST['amount']);

$_POST['points_id'] = abs((int) $_POST['points_id']);

[/mysql]

With..

 

[mysql]$_POST['amount'] = abs(intval($_POST['amount']));

$_POST['points_id'] = abs(intval($_POST['points_id']));

[/mysql]

Why? (Not challenging you, genuinely curious)

Link to comment
Share on other sites
Jordan Palmer Newbie

Jordan Palmer

Posted
Posted
Firstly replace all your

[mysql]

$_POST['amount'] = abs((int) $_POST['amount']);

$_POST['points_id'] = abs((int) $_POST['points_id']);

[/mysql]

With..

 

[mysql]$_POST['amount'] = abs(intval($_POST['amount']));

$_POST['points_id'] = abs(intval($_POST['points_id']));

[/mysql]

Why? (Not challenging you, genuinely curious)

Quite a good question, However I know you know xD

 

Anyway

abs(); only does half the job of ''securing'' the number, either intval(); or floatval(); is required to completely secure the number.

 

The reason I did intval is simple too, A whole number is expected, Floatval(); Always decimals and considering where using it on a Points market I doubt decimals need to be there

Link to comment
Share on other sites
Zero-Affect Newbie

Zero-Affect

Posted
Posted

Weird how not many "GURU's" post on anything but MCC lol

if (!empty($_POST['buypoints'])){
$_POST['amount'] = abs((int) $_POST['amount']);
   $_POST['points_id'] = abs((int) $_POST['points_id']);

replace with

if ( !empty($_POST['buypoints']) AND ctype_digit($_POST['buypoints']) ){
$_POST['amount'] = ( isset($_POST['amount']) AND ctype_digit($_POST['amount']) ) ? $_POST['amount'] : '' ;
$_POST['points_id'] = ( isset($_POST['points_id']) AND ctype_digit($_POST['points_id']) ) ? $_POST['points_id'] : '' ;
  if ( empty($_POST['amount']) AND empty($_POST['points_id']) ) {
 echo '
       Invalid Command.
 ';
       include 'footer.php';
       die();
  }

Need anymore security help refer to =>

[mp]17[/mp]

Link to comment
Share on other sites
Jordan Palmer Newbie

Jordan Palmer

Posted
Posted
Weird how not many "GURU's" post on anything but MCC lol 
if (!empty($_POST['buypoints'])){
$_POST['amount'] = abs((int) $_POST['amount']);
   $_POST['points_id'] = abs((int) $_POST['points_id']);

replace with

if ( !empty($_POST['buypoints']) AND ctype_digit($_POST['buypoints']) ){
$_POST['amount'] = ( isset($_POST['amount']) AND ctype_digit($_POST['amount']) ) ? $_POST['amount'] : '' ;
$_POST['points_id'] = ( isset($_POST['points_id']) AND ctype_digit($_POST['points_id']) ) ? $_POST['points_id'] : '' ;
  if ( empty($_POST['amount']) AND empty($_POST['points_id']) ) {
 echo '
       Invalid Command.
 ';
       include 'footer.php';
       die();
  }

Need anymore security help refer to =>

[mp]17[/mp]

Was that comment issued at me? If so when did I ever claim to be a guru? :wacko:

Link to comment
Share on other sites
seanybob Newbie

seanybob

Posted
Posted

Quite a good question, However I know you know xD

 

Anyway

abs(); only does half the job of ''securing'' the number, either intval(); or floatval(); is required to completely secure the number.

 

The reason I did intval is simple too, A whole number is expected, Floatval(); Always decimals and considering where using it on a Points market I doubt decimals need to be there

I get that part, my question is more of why intval instead of (int). Casting it should perform the same function... right? *heads over to php.net*

Link to comment
Share on other sites
Jordan Palmer Newbie

Jordan Palmer

Posted
Posted

Quite a good question, However I know you know xD

 

Anyway

abs(); only does half the job of ''securing'' the number, eitherintval(); or floatval(); is required to completely secure the number.

 

The reason I did intval is simple too, A whole number is expected, Floatval(); Always decimals and considering where using it on a Points market I doubt decimals need to be there

I get that part, my question is more of why intval instead of (int). Casting it should perform the same function... right? *heads over to php.net*

I never use the int(); function, The ways I posted above are more PHP ''Friendly'' from what I have been told many time's. I could be very wrong however many site's have always said do the way I do, Because it ensures the number is a number and it more friendly on the PHP Side off things.
Link to comment
Share on other sites
seanybob Newbie

seanybob

Posted
Posted
Intval() gets the integer value

echo intval('+53'); would output 53

echo intval('-53'); would output -53

echo abs(intval('-53'); would output 53

Yes, from what I understand so does (int).

echo (int) '+53'; would output 53

echo (int) '-53'; would output -53

echo abs((int)'-53'); would output 53

Correct?

Link to comment
Share on other sites
SlanderDesign Newbie

SlanderDesign

Posted
Posted
That script is all jacked up.........................

Well how about stop complaining and make a custom one?...

Generic RPG is in BETA stage, for the people who paid for it you will get updates from the owner every time he has one.

If you didn't pay for, well try update it yourself?

Seen as most of us do a better job than the creator anyway XD

Link to comment
Share on other sites
AlabamaHit Newbie

AlabamaHit

Posted
Posted

I was refering to the post up there on that page.

I DO have my own game engine.

I DON'T have this GRPG Engine. Like I said I was talking about the one posted. NOTE I SAID SCRIPT. Not ENGINE.

Why not update this script? Simple

80% of people don't appreciate the time it takes.

20% Just complain about how you do things.

Rant over.

(I will not be posting back on this Topic, cause I'm not going to set here and argue over something stupid.)

Link to comment
Share on other sites
SlanderDesign Newbie

SlanderDesign

Posted
Posted
Well said AB, the script is jacked up and could do with a recode in sections, i did offer a small bit of code above which no one seemed to comment on so rather they didn't understand it or just don't like me ;(

No not at all, I like it. But I have had my point market recoded so didn't help me much...

Although I have saved to my comment notepad ;)

And who said they don't like you? 8|

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...