Jump to content
MakeWebGames

Problems need help with finding errors


Mr-Scripts
 Share

Recommended Posts

A player has come to me and said there are error and bugs in the following files he/she has not said where......so i need a eagle eyed person to help me identify the problem

 

Bank Sending Money

http://pastebin.com/aUAxGnwj

Normal Bank ( withdraw / deposit )

http://pastebin.com/Aej2YnHQ

 

Bullet Factory

http://pastebin.com/8LqXKFMA

 

Black Market / Bullets

http://pastebin.com/pGmYDSCk

 

Black Market / Credits

http://pastebin.com/EsuLGUKV

Link to comment
Share on other sites

The easiest thing to do is ask the person what they were doing when the bug/error occurred with any error messages that may have popped up. Also get rid of ereg and replace with preg_match. I only noticed it in the first few files posted but i only scanned through them but if they are linked some how it may kick a couple errors if you are using anything < than 5.3.0

Link to comment
Share on other sites

  • 2 weeks later...

check your server log files, can be found in cpanel if you have that.

Also, I hope you secure the $_POST data somewhere, other than just strip the tags

   $giveto = strip_tags($_POST['giveto']);
   $giveamount = strip_tags($_POST['giveamount']);

$query2=mysql_query("SELECT * FROM users WHERE username='$giveto' LIMIT 1");
Link to comment
Share on other sites

check your server log files, can be found in cpanel if you have that.

Also, I hope you secure the $_POST data somewhere, other than just strip the tags

   $giveto = strip_tags($_POST['giveto']);
   $giveamount = strip_tags($_POST['giveamount']);

$query2=mysql_query("SELECT * FROM users WHERE username='$giveto' LIMIT 1");

are you refering to send money if so i dont think i do im new to this so what you see in the file is what i have

Link to comment
Share on other sites

if($_POST['Send_button']){



$send_amount=intval(strip_tags($_POST['send_amount']));







$to_person = strip_tags($_POST['to_person']);



if (!$to_person){



echo "Please enter a username.";











}elseif ($to_person){







$num_true=mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='$to_person'"));







if ($num_true == 0){



echo "No such user."; 























}elseif ($num_true != 0){



if ($send_amount > "0"){



	if ($send_amount == 0 || !$send_amount || ereg('[^0-9]',$send_amount)){



print "You cant send that amount.";







}elseif ($send_amount != 0 || $send_amount || !ereg('[^0-9]',$send_amount)){







{   







if ($send_amount > $fetch->bank){



echo "You do not have that much money in your bank.";



}elseif ($send_amount <= $fetch->bank){



$newer = mysql_query("SELECT * FROM users WHERE username='$to_person'");



       $abcdef=mysql_fetch_object($newer);

Edited by Mr-Scripts
Link to comment
Share on other sites

Yes that was in send money.

Unless the $_POST data is validated in another place, like in a functions.php your script is vulnerable to mysql injections.

Open includes/functions.php and search for $_POST hopefully there is something that checks each entry in the array.

You probably shouldnt rely on includes to validate your data, do it manually for everything.

Link to comment
Share on other sites

Without knowing what is going on exactly its hard to tell. Has anymore users come to you and say they bugs errors? If not and you investigated everything you can do In the script then I would say its fine they probably dont know what they are talking about.

Thank you kyle ill have a look like i said in a previous topic im still learning so any tips or way you can secure the sendmoney.php file or where i can read up about i use php.net already

Link to comment
Share on other sites

check your server log files, can be found in cpanel if you have that.

Also, I hope you secure the $_POST data somewhere, other than just strip the tags

   $giveto = strip_tags($_POST['giveto']);
   $giveamount = strip_tags($_POST['giveamount']);

$query2=mysql_query("SELECT * FROM users WHERE username='$giveto' LIMIT 1");

thats pretty much the go to place but you shouldnt always use striptags for ints. There are better options like abs() is_int() intval()

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...