Ragnar Posted May 20, 2008 Posted May 20, 2008 I keep buying myself a Will Potion to test it out, and I'm not geting credited or the event. if($pack==1) { $db->query("INSERT INTO inventory VALUES('',3,$userid,1)",$c); $db->query("INSERT INTO logsdonation VALUES('','Pack 1 Will Potion','$userid','$ir[username]',unix_timestamp())"); event_add($userid,"You receive a Will Potion. Check your inventory.",$c); $d=0; $t="willpotion"; } The normal donator days donation code is else if($pack==5) { $db->query("INSERT INTO inventory VALUES('',1,$userid,25)"); $db->query("INSERT INTO inventory VALUES('',3,$userid,1)"); $db->query("INSERT INTO inventory VALUES('',5,$userid,25)"); $db->query("INSERT INTO inventory VALUES('',51,$userid,1)"); $db->query("INSERT INTO logsdonation VALUES('','Donator Days','$userid','$ir[username]',unix_timestamp())"); event_add($userid,"You receive a Donator Status Mega Pack. Check your inventory.",$c); $d=30; $t="donatordays"; } I'm guessing <input type="hidden" name="item_name" value="{$domain}|DP|1|{$userid}"> tells it it's Pack 1. When done with the order, PayPal links to domain.com/donatordone.php?tx=XXXX&st=Completed&amt=1.00&cc=USD&cm=&item_number=&action=done&type=willpotion&sig=jhdfbgjfLONGCODE&merchant_return_link=Return+to+John+Smith&form_charset=UTF-8 generating the thank you message. Any one know what's wrong? :? Quote
SaMz Posted May 24, 2008 Posted May 24, 2008 Re: ipn_donator.php not crediting! the paypal address you get money through should have a USD Currency... or there is something wrong with your code Quote
Delete ! Posted May 24, 2008 Posted May 24, 2008 Re: ipn_donator.php not crediting! The Origional Mc Donator Page Is Very Buggy With Not All The Features Working Your Best bet Is To Make Donator Items And Wait For The Donation To Transfer Before They Recive The Benfits ;) =] Quote
-Matt- Posted May 24, 2008 Posted May 24, 2008 Re: ipn_donator.php not crediting! OR simply search the forums i'm shore OXI posted somthing along the lines. Also You Don't Need To Say Everone Word In Caps. Quote
Ragnar Posted May 24, 2008 Author Posted May 24, 2008 Re: ipn_donator.php not crediting! The Origional Mc Donator Page Is Very Buggy With Not All The Features Working Yep, I quickly noticed that and decided to dump ipn_donator.php Your Best bet Is To Make Donator Items And Wait For The Donation To Transfer Before They Recive The Benfits ;) =] That's what I ended up doing after buying myself donations to test it out! I got donatordone.php doing everthing. Right now I got it so after paying, they click the image to the site, get the donation if PayPal provides a tx code, and then redirect to another URL that doesn't show the long URL that PayPal goes to... domain.com/donatordone.php?tx=2VS123455TX6789666&...SNIPED...&sig=hJudUOMoYD.... hiding the tx code. The script has if(!$_GET['tx']) { //Log people trying to cheat.... $db->query("INSERT INTO logsdonation VALUES('','Die-Donator Pack.','$userid','$ir[username]',unix_timestamp())"); $db->query("UPDATE userstats SET donator=yes where userid=$userid",$c); die ("PayPal did not confirm the order. If you just made an order, contact <A HREF=DOMAIN.com/mailbox.php?action=compose&ID=1>the admin</a> with your PayPal E-mail address and transaction number."); } //tx provided, credit player... $db->query("INSERT INTO logsdonation VALUES('','Donator Pack','$userid','$ir[username]',unix_timestamp())"); $db->query("INSERT INTO inventory VALUES('',1,$userid,25)"); $db->query("INSERT INTO inventory VALUES('',3,$userid,1)"); $db->query("INSERT INTO inventory VALUES('',5,$userid,25)"); $db->query("INSERT INTO inventory VALUES('',51,$userid,1)"); $db->query("UPDATE userstats SET donator='yes' where userid='$userid'",$c); event_add($userid,"You receive a Donator Pack. Check your inventory.",$c); header("Location: donatordone.php?action=packdone"); } and there's just one exploit. A player can press back on his browser to go to PayPal again, click the button linking to the donatordone.php page again...and get the donation again!! Is there a way to have the tx number from the URL (tx=2VS123455TX6789666 in this example.) be added to the logsdonation table and when ever some one loads donatordone.php it checks to see if the tx number is unique?? One idea I had was to only allow a donation every XX minutes, so they can't donate again until they are loged out of PayPal, or the cache on PayPal expires, though I would love to make it secure with out having donation time restrictions! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.