share credits

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    share credits

    index.php?action=plusses
    Code:
    else if($action=="plusses")
{
  $who = $_GET["who"];
  addonline(getuid_sid($sid),"Sharing credits","");
$pstyle = gettheme($sid);
      echo xhtmlheadchat("$stitle",$pstyle);
   echo "<p align=\"center\">";
 echo popup($sid);
  echo "<b>Give Credits To ".getnick_uid($who)."</b><br/><br/>";
  $gps = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users
WHERE id='".getuid_sid($sid)."'"));
  echo "You have $gps[0] Credits<br/><br/>";
  echo "Credits to give<br/>";
echo "<form action=\"genproc.php?action=plusses&amp;sid=$sid&amp;who=$who\" method=\"post\">";
  echo "<input name=\"ptg\" format=\"*N\" maxlength=\"3\"/>";
echo "<input type=\"submit\" value=\"Give\"/>";
echo "</form>";
 $thid = mysql_fetch_array(mysql_query("SELECT themeid FROM ibwf_users WHERE id='".$uid."'"));
    $themeimageset = mysql_fetch_array(mysql_query("SELECT themedir FROM ibwf_iconset WHERE id='".$thid[0]."'"));
    $unick = getnick_uid($who);
          echo "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/themes/$themeimageset[0]/home.gif\" alt=\"*\"/>";
echo "Home</a>";
  echo "</p>";
    echo xhtmlfoot();
exit();
}
    genproc.php?action=plusses
    Code:
    //////////////////////////////////////////////////////////////////////Give credits
else if($action=="plusses")
{
    addonline(getuid_sid($sid),"Sharing Credits","");
    $who = $_GET["who"];
    $ptg = $_POST["ptg"];
$pstyle = gettheme($sid);
      echo xhtmlhead("$stitle",$pstyle);
  echo "<p align=\"center\">";
  //$uid = getuid_sid($sid);
  $gpsf = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$uid."'"));
  $gpst = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$who."'"));
  if($gpsf[0]>=$ptg){
    $gpsf = $gpsf[0]-$ptg;
    $gpst = $gpst[0]+$ptg;
    $res = mysql_query("UPDATE ibwf_users SET plusses='".$gpst."' WHERE id='".$who."'");
  if($res)
        {
          $ad = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$who."'"));
          $res = mysql_query("UPDATE ibwf_users SET plusses='".$gpsf."' WHERE id='".$uid."'");
            echo "<img src=\"images/ok.gif\" alt=\"o\"/>Credits Updated Successfully<br/>";

				$wintext = "".getnick_uid($uid)." Shared  $ptg Credits With u..Now U hv $gpst  credits![br/][i] p.s. note: This is an automatic pm from $stitle service centre[/i]";
				$res = mysql_query("INSERT INTO ibwf_private SET text='".$wintext."', byuid='".$uid."', touid='".$who."', timesent='".time()."'");
        }else{
          echo "<img src=\"images/notok.gif\" alt=\"x\"/>Database Error!<br/>";
        }
      }else{
          echo "<img src=\"images/notok.gif\" alt=\"x\"/>You don't have enough Credits to give<br/>";
        }

        echo "<br/>";

         $thid = mysql_fetch_array(mysql_query("SELECT themeid FROM ibwf_users WHERE id='".$uid."'"));
    $themeimageset = mysql_fetch_array(mysql_query("SELECT themedir FROM ibwf_iconset WHERE id='".$thid[0]."'"));
    echo "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/themes/$themeimageset[0]/home.gif\" alt=\"*\"/>";
echo "Home</a>";
  echo "</p>";
  echo xhtmlfoot();
 exit();
    }
    ok guy here are the code im using to share credits but last night i saw sumone got a way to take all my credits with it now i got -9000000 lol so im not sure if its this code or sumwhere else how they got a way to get more credits

    how to get the input fields more secure
    ________________
    Jacques
    jacques@gw-designs.co.za
    http://coding.biz.tm
    Come join and lets make it a place to learn all the noobies how to code
    __________________

    NEVER FORGET TO CLICK THE TANX BUTTON IF U LIKE WHAT IM SHARING OR HELPING WITH
    Tags: None
    #2
    $who = $_GET["who"];
    $ptg = $_POST["ptg"];

    ------------------------------->

    $who = htmlspecialchars($_GET["who"], ENT_QUOTES);
    $ptg = htmlspecialchars($_POST["ptg"], ENT_QUOTES);
    $uid = htmlspecialchars($uid, ENT_QUOTES);
    $sid = htmlspecialchars($sid, ENT_QUOTES);

    Comment

      #3
      if you want to do what is ailing the variable to be negative, the filter as:
      $var = abs(intval($var));

      Comment

        #4
        ENT_QUOTES remains text to be normalized but when u source code some quotes was changed right br0.?..specially qoutes
        Last edited by wapmetal; 23.05.10, 12:05.
        com site: http://vampist.net
        download site: http://wapdloads.net
        fb: http://www.facebook.com/pmplx

        Comment

          #5
          How to make this code so ppl cant add figures les than 0 in the input field i found out how they got the plusses les they just put in -9999 then it minus the users plusses
          ________________
          Jacques
          jacques@gw-designs.co.za
          http://coding.biz.tm
          Come join and lets make it a place to learn all the noobies how to code
          __________________

          NEVER FORGET TO CLICK THE TANX BUTTON IF U LIKE WHAT IM SHARING OR HELPING WITH

          Comment

            #6
            PHP Code:
            if($ptg<0){
            ?>
            All your points have been deducted for cheating<br/>
            <?
            }

            Comment

              #7
              what is ur site mate ,...just disable the (-) sign because it affects the conversion process..... so example... i want to convert my plusses to gamepoints then when i just add negative sign then it will subtract and change anyhting credits to have...or mean inverse..i dont know how but it some of chars affect the site.. when it is vuln


              u can add this every function like share plusses or just anything else br0...
              $text = str_replace("-","negative",$text);
              com site: http://vampist.net
              download site: http://wapdloads.net
              fb: http://www.facebook.com/pmplx

              Comment

                #8
                Just use a if greater dan 0 statement.
                PHP Code:
                $amount = (int) $_POST['amount'];
                if(                $amount 0)
                {
                                  /// Great

                Comment

                  #9
                  mobile must i add that in my index or genproc
                  ________________
                  Jacques
                  jacques@gw-designs.co.za
                  http://coding.biz.tm
                  Come join and lets make it a place to learn all the noobies how to code
                  __________________

                  NEVER FORGET TO CLICK THE TANX BUTTON IF U LIKE WHAT IM SHARING OR HELPING WITH

                  Comment

                    #10
                    werever d plusses update process is. Im assumin dats genproc

                    Comment

                    Previous template Next
                    Working...
                    X