Mr-Scripts Posted January 1, 2013 Share Posted January 1, 2013 Firstly thank you for taking the time to look or glance here i have a problem when gaining credits via glpayment i use the keycode i i get when texting it in i use it on this page and i do not gain the credits/points on the account i think its something to do with line 162where it asks for a password what do i put as the password ?? <? session_start(); include_once "includes/db_connect.php"; include_once"includes/functions.php"; logincheck(); $username=$_SESSION['username']; $query=mysql_query("SELECT * FROM users WHERE username='$username'"); $fetch=mysql_fetch_object($query); $query1=mysql_query("SELECT * FROM user_info WHERE username='$username'"); $user=mysql_fetch_object($query1); $creds=strip_tags($_GET['creds']); ?> <html> <head> <title>Blank</title> <script language=JavaScript> <!-- //Disable right click script III- By Renigade ([email protected]) //For full source code, visit http://www.dynamicdrive.com var message=''; /////////////////////////////////// function clickIE() {if (document.all) {(message);return false;}} function clickNS(e) {if (document.layers||(document.getElementById&&!document.all)) { if (e.which==2||e.which==3) {(message);return false;}}} if (document.layers) {document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;} else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;} document.oncontextmenu=new Function('return false') // --> </script> <link rel="shortcut icon" href="favicon.png"> <link href="style.css" rel="stylesheet" type="text/css"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <table width="350" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="" class="table"> <tr><td align=center>Please note when you are <b>CLAIMING</b> credits that the URL <b>MUST</b> be <b>URL</b> thank you!<br><br><font color=red>You Buy Credits At Your Own Risk, We Stand On A Non Refundable Policy!</font> </td></tr></table><br> <table width="350" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="" class="table"> <tr><td class="header" colspan="5">Buying Credits - Mobile & Home Phone</td> </tr> <tr class="subhead"><td class="tableborder" align="center" ><u>Cost</u></td> <td class="tableborder" align="center" ><u>Amount</u></td> <td class="tableborder" align="center" ><u>Text</u></td> <td width="20%" align="center" class="tableborder" ><u>Claim</u></td> </tr> <tr><td width="14%" align="center" class="tableborder">£1.50</div></td> <td width="14%" align="center" class="tableborder">120</td> <td width="27%" align="center" class="tableborder">GL pay to 87070</td> <td width="20%" align="center" class="tableborder"><a href="?creds=120">Claim!</a></td> </tr> <tr><td width="14%" align="center" class="tableborder">£3.00</div></td> <td width="14%" align="center" class="tableborder">250</td> <td width="27%" align="center" class="tableborder">GL prem to 87070</td> <td width="20%" align="center" class="tableborder"><a href="?creds=250">Claim!</a></td> </tr> <tr><td width="14%" align="center" class="tableborder">£4.50</div></td> <td width="14%" align="center" class="tableborder">420</td> <td width="27%" align="center" class="tableborder">GL token to 87070</td> <td width="20%" align="center" class="tableborder"><a href="?creds=420">Claim!</a></td> </tr> <tr><td width="14%" align="center" class="tableborder">£6.00</div></td> <td width="14%" align="center" class="tableborder">670</td> <td width="27%" align="center" class="tableborder">GL bonus to 87070</td> <td width="20%" align="center" class="tableborder"><a href="?creds=670">Claim!</a></td> </tr> <tr><td width="14%" align="center" class="tableborder">£7.50</div></td> <td width="14%" align="center" class="tableborder">830</td> <td width="27%" align="center" class="tableborder">GL cool to 87070</td> <td width="20%" align="center" class="tableborder"><a href="?creds=830">Claim!</a></td> </tr> <tr><td width="14%" align="center" class="tableborder">£9.00</div></td> <td width="14%" align="center" class="tableborder">900</td> <td width="27%" align="center" class="tableborder">GL shot to 87070</td> <td width="20%" align="center" class="tableborder"><a href="?creds=900">Claim!</a></td> </tr> </table> <? if ($fetch->pban == "0"){ ?> <br> <br> <table width="25%" border="0" align="center" cellpadding="3" cellspacing="1" bordercolor="#000000" class="table"> <tr> <td colspan=2 class="header">Donate by Paypal </center></td> </tr> <tr> <td align="center" ><form action="https://www.paypal.com/cgi-bin/webscr" method="post" target=_blank> <center> <select name=amount class=textinput> <option value=5.00 >£5.00 - 480 Credits</option> <option value=10.00 >£10.00 - 1,200 Credits</option> <option value=15.00 >£15.00 - 1,920 Credits</option> <option value=20.00 >£20.00 - 2,520 Credits</option> <option value=25.00 >£25.50 - 3,300 Credits</option> <option value=30.00 >£30.00 - 4,200 Credits</option> <option value=100.00 >£100.00 - 16,800 Credits</option> </select> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="currency_code" value="GBP"> <input type="hidden" name="business" value="Hidden"> <input type="hidden" name="item_name" value="Hidden"> <input type="submit" class="button" border="0" value="Continue" onClick="confirmbuy()" name="submit" alt="Click To Redeem Your Points"> </center> </form></td> </tr> </table><? } ?><br> <?php if ($creds == "120"){ $id = "13040"; } if ($creds == "250"){ $id = "13553"; } if ($creds == "420"){ $id = "13222"; } if ($creds == "670"){ $id = "12643"; } if ($creds == "830"){ $id = "12644"; } if ($creds == "900"){ $id = "12645"; } if ($creds != ""){ ?> <form name="glform" method="post" action="http://www.glpayment.co.uk/glpay0205/Auth_Standard.php"> <table align="center" class="table" width="20%" cellpadding="3" cellspacing="1" border="0"> <tr><td class="header">Claim Credits - Keycodes</td></tr> <tr><td align="center" class="tableborder" > Keycode: <input type="text" class="textinput" name="number"><br><br> <input type="submit" class="button" value="Submit Keycode"> <input type="hidden" name="ddi_id" value="<? echo "$id"; ?>"> </td></tr> </table> </form> <br><br> <? } if ($_GET[payment] != ""){ if($_GET[payment] == "true" && $_POST[price] && $_POST[Password] == "" && $_POST[CovNum]) { $query = mysql_query("SELECT keycode FROM payments WHERE keycode='$_POST[CovNum]'"); $rows = mysql_num_rows($query); if($rows == 0) { if($_POST[price] == "1.50"){ $credgain = "120"; } elseif($_POST[price] == "3.00"){ $credgain = "250"; } elseif($_POST[price] == "4.50"){ $credgain = "420"; } elseif($_POST[price] == "6.00"){ $credgain = "670"; } elseif($_POST[price] == "7.50"){ $credgain = "830"; } elseif($_POST[price] == "9.00"){ $credgain = "900"; } mysql_query("UPDATE users SET points=points+$credgain WHERE username='$username'"); mysql_query("UPDATE users SET donate='Yes' WHERE username='$username'"); mysql_query("INSERT INTO payments SET username='$username', keycode='$_POST[CovNum]', date=NOW(''), creds='$credgain'"); echo "<div class=success>Thanks for donating $credgain credits have been added to your account $username<br><br>"; }else{ echo "<center><font color=red><b>The keycode entered has been used before.<br><br>"; } }else{ echo "<center><font color=red><b>This keycode has been used before or is invalid.<br><br>"; }} ?> <br> Quote Link to comment Share on other sites More sharing options...
Mr-Scripts Posted January 2, 2013 Author Share Posted January 2, 2013 Handling Variables Upon successful completion of a transaction, the Green Light Billing Server redirects your customer to a page of your choice (your "PassURL"). Whilst carrying out this redirect, we also post data a series of data to that page via HTTP Post. Some of this data is standard system information, whilst other data can be supplied by you. In other words, you can insert additional fileds into the web form we have provided you with (using the naming convention set out below) and we will return that data to your Pass URL following successful payment. The data included in this can be divided into two categories: 1. User Variables. Data sent by your website (via the "launch form") such as your unique reference, customer ID, postal address etc. 2. System Variables. Standard information about the transaction which you may find useful to know and use. VARIABLE NAMING AND EXPLANATIONS Name Type Description CovNum System The Receipt Code / Keycode generated by Green Light and issued to the customer. This is a unique reference so you may wish to make use of it. Password System This particularly useful for secure verification when receiving post data from us. You will receive your account password along with this data, and you can verify that it is correct in order to prevent misuse of the system. NB this is only passed to you via the HTTP post method i.e. it is not sent via email for security reasons. method System Payment method used by cuistomer - Telephone, SMS, Credit Card orDebit Card. payment System This is the value of "outpayment" due from Green Light to you for this specific transaction. price System The price of this product, as set by you. var1 User This is an open variable that can be used for any purpose you require. For example, if you have captured a customer telephone number and wish to receive that data back again at the end of the process along with the data above, simply name a form field "var1" and you will receive the data back with that same name following a successful transaction. var2 User as above var3 User as above var4 User as above var5 User as above var6 User as above var7 User as above var8 User as above var9 User as above var10 User as above Cust_Name User Whilst this is a user variable and can in theory be used for any data you wish, we have reserved it for the name of your customer. Cust_Email User as above Please ensure that you use the exact spelling and case stated above for all variables. Quote Link to comment Share on other sites More sharing options...
Someone Posted January 2, 2013 Share Posted January 2, 2013 (edited) First a few things.... NEVER EVER insert an unsecured variable directly to the database!!!! INSERT INTO payments SET username='$username', keycode='$_POST[CovNum]', date=NOW(''), creds='$credgain'"); $_POST[price] might work as PHP assumes you ment $_POST['price'] if there is no constant named price. But it will run slower and fill up error logs, and kittens will die. Their API does not seem to have a public documentation :( You will receive your account password along with this data, and you can verify that it is correct in order to prevent misuse of the system.. Seems odd that your suppose to use your account password, as anybody working on a site will have access to it. And sending data over http is about as safe as sending a post card. if($_GET['payment'] == true && $_POST['price'] && $_POST['Password'] == "YOURACCOUNTPASSWORD" && $_POST[CovNum']) { Edit: Also note that == "true" is not the same as == true, "true" or 'true' is a string containing the word true, while == true means that it has been set. The variable should also be checked if the exist, in this example you can get away with changing: //if ($_GET[payment] != ""){ if ( isset($_GET[payment]) ){ If that do not work, right after <? } if ($_GET[payment] != ""){ insert echo '<pre>'.print_r($_POST).'</pre>'; echo '<pre>'.print_r($_GET).'</pre>'; That should show you what data is sent back. Edited January 3, 2013 by Someone Quote Link to comment Share on other sites More sharing options...
Mr-Scripts Posted January 3, 2013 Author Share Posted January 3, 2013 First a few things.... NEVER EVER insert an unsecured variable directly to the database!!!! INSERT INTO payments SET username='$username', keycode='$_POST[CovNum]', date=NOW(''), creds='$credgain'"); what do you suggest doing here Quote Link to comment Share on other sites More sharing options...
sniko Posted January 3, 2013 Share Posted January 3, 2013 what do you suggest doing here Filter and sanitize inputs (_GET and _POST variables. Also these variables that are held in memory under different vars; for example $var = $_POST['var'];) Quote Link to comment Share on other sites More sharing options...
Someone Posted January 3, 2013 Share Posted January 3, 2013 (edited) Your scripts should have sort of variable securing function, probably in includes/functions.php in the lack of that you could use $CovNum = mysql_real_escape_string( $_POST['CovNum'] ); //$credgain also need to be secured All data that comes from a user $_GET and $_POST needs to be secured. If I went to your page and in the browser wrote: pagename.php?creds='###REMOVED### All users would be admins, that was an example, and based on some assumptions about the database.. INSERT INTO payments SET username='$username', keycode='$CovNum', date=NOW(''), creds='$credgain'"); Edited January 3, 2013 by Someone removed the sample exploit Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.