Jump to content
MakeWebGames

ipn_donator.php not crediting!


Ragnar

Recommended Posts

I keep buying myself a Will Potion to test it out, and I'm not geting credited or the event.

 

if($pack==1)
{
  $db->query("INSERT INTO inventory VALUES('',3,$userid,1)",$c);
$db->query("INSERT INTO logsdonation VALUES('','Pack 1 Will Potion','$userid','$ir[username]',unix_timestamp())");
event_add($userid,"You receive a Will Potion. Check your inventory.",$c);
$d=0;
$t="willpotion";
}

 

The normal donator days donation code is

 

else if($pack==5)
{
$db->query("INSERT INTO inventory VALUES('',1,$userid,25)");
$db->query("INSERT INTO inventory VALUES('',3,$userid,1)");
$db->query("INSERT INTO inventory VALUES('',5,$userid,25)");
$db->query("INSERT INTO inventory VALUES('',51,$userid,1)");
$db->query("INSERT INTO logsdonation VALUES('','Donator Days','$userid','$ir[username]',unix_timestamp())");
event_add($userid,"You receive a Donator Status Mega Pack. Check your inventory.",$c);
$d=30;
$t="donatordays";
}

 

I'm guessing

<input type="hidden" name="item_name" value="{$domain}|DP|1|{$userid}">

tells it it's Pack 1.

When done with the order, PayPal links to

domain.com/donatordone.php?tx=XXXX&st=Completed&amt=1.00&cc=USD&cm=&item_number=&action=done&type=willpotion&sig=jhdfbgjfLONGCODE&merchant_return_link=Return+to+John+Smith&form_charset=UTF-8

generating the thank you message. Any one know what's wrong? :?

Link to comment
Share on other sites

Re: ipn_donator.php not crediting!

 

The Origional Mc Donator Page Is Very Buggy With Not All The Features Working

Yep, I quickly noticed that and decided to dump ipn_donator.php

 

Your Best bet Is To Make Donator Items And Wait For The Donation To Transfer Before They Recive The Benfits ;) =]

That's what I ended up doing after buying myself donations to test it out! I got donatordone.php doing everthing. Right now I got it so after paying, they click the image to the site, get the donation if PayPal provides a tx code, and then redirect to another URL that doesn't show the long URL that PayPal goes to...

domain.com/donatordone.php?tx=2VS123455TX6789666&...SNIPED...&sig=hJudUOMoYD....

hiding the tx code. The script has

if(!$_GET['tx'])

{

//Log people trying to cheat....

$db->query("INSERT INTO logsdonation VALUES('','Die-Donator Pack.','$userid','$ir[username]',unix_timestamp())");

$db->query("UPDATE userstats SET donator=yes where userid=$userid",$c);

die ("PayPal did not confirm the order. If you just made an order, contact <A HREF=DOMAIN.com/mailbox.php?action=compose&ID=1>the admin</a> with your PayPal E-mail address and transaction number.");

}

//tx provided, credit player...

$db->query("INSERT INTO logsdonation VALUES('','Donator Pack','$userid','$ir[username]',unix_timestamp())");

$db->query("INSERT INTO inventory VALUES('',1,$userid,25)");

$db->query("INSERT INTO inventory VALUES('',3,$userid,1)");

$db->query("INSERT INTO inventory VALUES('',5,$userid,25)");

$db->query("INSERT INTO inventory VALUES('',51,$userid,1)");

$db->query("UPDATE userstats SET donator='yes' where userid='$userid'",$c);

event_add($userid,"You receive a Donator Pack. Check your inventory.",$c);

header("Location: donatordone.php?action=packdone");

}

and there's just one exploit. A player can press back on his browser to go to PayPal again, click the button linking to the donatordone.php page again...and get the donation again!! Is there a way to have the tx number from the URL (tx=2VS123455TX6789666 in this example.) be added to the logsdonation table and when ever some one loads donatordone.php it checks to see if the tx number is unique??

One idea I had was to only allow a donation every XX minutes, so they can't donate again until they are loged out of PayPal, or the cache on PayPal expires, though I would love to make it secure with out having donation time restrictions!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...