Jump to content
MakeWebGames

Cheats


wilkesy
 Share

Recommended Posts

Re: Cheats

SQL Injection into the cmarket.php most likely

Unless you know how to secure your game, I'd suggest removing your forums too.

Add this into your header for a quick fix.

$_GET['ID'] = abs(@intval($_GET['ID']));
$_GET['viewtopic'] = abs(@intval($_GET['viewtopic']));
$_GET['viewforum'] = abs(@intval($_GET['viewforum']));
Link to comment
Share on other sites

Re: Cheats

A secure cmarket.php for you too ;)

Crystal Market - cmarket.php

<?php
include("globals.php");
echo ("<h3>Crystal Market</h3>");
//-----------
$_GET['ID'] = abs(@intval($_GET['ID']));
//-----------
$_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : "";
//-----------
switch($_GET['action'])
{
case "buy":
crystal_buy();
break;

case "remove":
crystal_remove();
break;

case "add":
crystal_add();
break;

default:
cmarket_index();
break;
}
function cmarket_index()
{
global $db,$ir,$c,$userid,$h;
print "[url='cmarket.php?action=add']> Add A Listing[/url]


Viewing all listings...
<table width='95%' cellspacing='2' cellpadding='2' class='table' border='1'>
<tr style='background:gray'>
<th>Adder</th>
<th>Qty</th>
<th>Price each</th> <th>Price total</th>
<th>Links</th>
</tr>";
$SELECT_ALL_NEEDED_INFO_INSTEAD_OF_JUST_EVERYTHING_AS_THAT_IS_VERY_STUPID = (
"SELECT cm.*, u.userid, u.username " .
"FROM crystalmarket AS cm " .
"LEFT JOIN users AS u ON (u.userid = cm.cmADDER) " .
"ORDER BY cmPRICE/cmQTY ASC"
);
$q = $db->query($SELECT_ALL_NEEDED_INFO_INSTEAD_OF_JUST_EVERYTHING_AS_THAT_IS_VERY_STUPID);
while($r=$db->fetch_row($q))
{
$link = ($r['cmADDER'] == $userid) ? 
sprintf("[url='cmarket.php?action=remove&ID=%u']Remove[/url]", $r['cmID']) : 
sprintf("[url='cmarket.php?action=buy&ID=%u']Buy[/url]", $r['cmID']);
$each = abs(@intval($r['cmPRICE'])) / abs(@intval($r['cmQTY']));
echo ("<tr>");
echo sprintf("<td style='text-align:center;'>[url='viewuser.php?u=%u']%s[/url] [%s]</td>", intval($r['userid']), htmlentities($r['username']), number_format($r['userid']));
echo sprintf("<td style='text-align:right;'>%s</td>", number_format($r['cmQTY']));
echo sprintf("<td style='text-align:right;'>\$%s</td>", number_format($each));
echo sprintf("<td style='text-align:right;'>\$%s</td>", number_format($r['cmPRICE']));
echo sprintf("<td style='text-align:center;'>[%s]</td>", $link);
echo ("</tr>");
}
echo ("</table>");
}
function crystal_remove()
{
global $db,$ir,$c,$userid,$h;
$q=$db->query("SELECT * FROM crystalmarket WHERE cmID={$_GET['ID']} AND cmADDER=$userid");
if(!$db->num_rows($q))
{
die("Error, either these crystals do not exist, or you are not the owner.

[url='cmarket.php']> Back[/url]");
}
$r=$db->fetch_row($q);
$UpdateUsers	= sprintf("UPDATE users SET crystals = crystals + %u WHERE (userid = %u)", $r['cmQTY'], $userid);
$DeleteFromCM	= sprintf("DELETE FROM crystals WHERE (cmID = %u)", $_GET['ID']);
$db->query($UpdateUsers);
$db->query($DeleteFromCM);
print "Crystals removed from market!

[url='cmarket.php']> Back[/url]";
}
function crystal_buy()
{
global $db,$ir,$c,$userid,$h;
$q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID={$_GET['ID']}");
if(!$db->num_rows($q))
{
die("Error, either these crystals do not exist, or they have already been bought.

[url='cmarket.php']> Back[/url]");
}
$r=$db->fetch_row($q);
if($r['cmPRICE'] > $ir['money'])
{
die("Error, you do not have the funds to buy these crystals.

[url='cmarket.php']> Back[/url]");
}
$GiveCrystals 	= sprintf("UPDATE users SET crystals = crystals + %u WHERE (userid = %u)", $r['cmQTY'], intval($userid));
$DeleteCMEntry	= sprintf("DELETE FROM crystalmarket WHERE (cmID = %u)", $_GET['ID']);
$TakeMoney		= sprintf("UPDATE users SET money = money - %u WHERE (userid = %u)", intval($r['cmPRICE']), intval($userid));
$GiveMoney		= sprintf("UPDATE users SET money = money + %u WHERE (userid = %u)", intval($r['cmPRICE']), intval($r['cmADDER']));
$db->query($GiveCrystals);
$db->query($DeleteCMEntry);
$db->query($TakeMoney);
$db->query($GiveMoney);
$CrystalsBoughtEvent = sprintf("[url='viewuser.php?u=%u']%s[/url] [%s] bought your %s crystals from the market. You received %s as payment in full", intval($userid), htmlentites($ir['username']), intval(number_format($userid)), number_format($r['cmQTY']), number_format($r['cmPRICE']));
event_add($r['cmADDER'], $CrystalsBoughtEvent);
echo sprintf("You bought the %s crystals from the market for \$%s.", intval($r['cmQTY']), number_format($r['cmPRICE']));

}
function crystal_add()
{
global $db,$ir,$c,$userid,$h;
$_POST['amnt'] = abs(@intval($_POST['amnt']));
$_POST['price'] = abs(@intval($_POST['price']));
if($_POST['amnt'])
{
if($_POST['amnt'] > $ir['crystals'])
{
die ("You are trying to add more crystals to the market than you have.");
}
$tp = $_POST['amnt'] * $_POST['price'];
$CreateListing	= sprintf("INSERT INTO crystalmarket VALUES ('', %u, %u, %u)", $_POST['amnt'], intval($userid), $tp);
$DockCrystals	= sprintf("UPDATE users SET crystals = crystals - %u WHERE (userid = %u)", $_POST['amnt'], intval($userid));
$db->query($CreateListing);
$db->query($DockCrystals);
print "Crystals added to market!

[url='cmarket.php']> Back[/url]";
}
else
{
echo ("[b]Adding a listing...[/b]

");
$s = ($ir['crystals'] == 1) ? "" : "s";
echo sprintf("You have [b]%s[/b] crystal%s that you can add to the market.", number_format($ir['crystals']), $s);
echo ("<form action='cmarket.php?action=add' method='post'>");
echo ("<table width=50% border=2>");
echo ("<tr>");
echo ("<td>Crystals:</td>");
echo sprintf("<td><input type='text' name='amnt' value='%u' /></td>", intval($ir['crystals']));
echo ("</tr>");
echo ("<tr>");
echo ("<td>Price Each:</td>");
echo ("<td><input type='text' name='price' /></td>");
echo ("</tr>");
echo ("<tr>");
echo ("<td colspan=2 align=center><input type='submit' value='Add To Market' /></td>");
echo ("</tr>");
echo ("</table>");
echo ("</form>");
}
}
$h->endpage();
?>

 

Edit: Removed an include() where it's not needed

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...