index.php?action=plusses
genproc.php?action=plusses
ok guy here are the code im using to share credits but last night i saw sumone got a way to take all my credits with it now i got -9000000 lol so im not sure if its this code or sumwhere else how they got a way to get more credits
how to get the input fields more secure
Code:
else if($action=="plusses") { $who = $_GET["who"]; addonline(getuid_sid($sid),"Sharing credits",""); $pstyle = gettheme($sid); echo xhtmlheadchat("$stitle",$pstyle); echo "<p align=\"center\">"; echo popup($sid); echo "<b>Give Credits To ".getnick_uid($who)."</b><br/><br/>"; $gps = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".getuid_sid($sid)."'")); echo "You have $gps[0] Credits<br/><br/>"; echo "Credits to give<br/>"; echo "<form action=\"genproc.php?action=plusses&sid=$sid&who=$who\" method=\"post\">"; echo "<input name=\"ptg\" format=\"*N\" maxlength=\"3\"/>"; echo "<input type=\"submit\" value=\"Give\"/>"; echo "</form>"; $thid = mysql_fetch_array(mysql_query("SELECT themeid FROM ibwf_users WHERE id='".$uid."'")); $themeimageset = mysql_fetch_array(mysql_query("SELECT themedir FROM ibwf_iconset WHERE id='".$thid[0]."'")); $unick = getnick_uid($who); echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/themes/$themeimageset[0]/home.gif\" alt=\"*\"/>"; echo "Home</a>"; echo "</p>"; echo xhtmlfoot(); exit(); }
Code:
//////////////////////////////////////////////////////////////////////Give credits else if($action=="plusses") { addonline(getuid_sid($sid),"Sharing Credits",""); $who = $_GET["who"]; $ptg = $_POST["ptg"]; $pstyle = gettheme($sid); echo xhtmlhead("$stitle",$pstyle); echo "<p align=\"center\">"; //$uid = getuid_sid($sid); $gpsf = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$uid."'")); $gpst = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$who."'")); if($gpsf[0]>=$ptg){ $gpsf = $gpsf[0]-$ptg; $gpst = $gpst[0]+$ptg; $res = mysql_query("UPDATE ibwf_users SET plusses='".$gpst."' WHERE id='".$who."'"); if($res) { $ad = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$who."'")); $res = mysql_query("UPDATE ibwf_users SET plusses='".$gpsf."' WHERE id='".$uid."'"); echo "<img src=\"images/ok.gif\" alt=\"o\"/>Credits Updated Successfully<br/>"; $wintext = "".getnick_uid($uid)." Shared $ptg Credits With u..Now U hv $gpst credits![br/][i] p.s. note: This is an automatic pm from $stitle service centre[/i]"; $res = mysql_query("INSERT INTO ibwf_private SET text='".$wintext."', byuid='".$uid."', touid='".$who."', timesent='".time()."'"); }else{ echo "<img src=\"images/notok.gif\" alt=\"x\"/>Database Error!<br/>"; } }else{ echo "<img src=\"images/notok.gif\" alt=\"x\"/>You don't have enough Credits to give<br/>"; } echo "<br/>"; $thid = mysql_fetch_array(mysql_query("SELECT themeid FROM ibwf_users WHERE id='".$uid."'")); $themeimageset = mysql_fetch_array(mysql_query("SELECT themedir FROM ibwf_iconset WHERE id='".$thid[0]."'")); echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/themes/$themeimageset[0]/home.gif\" alt=\"*\"/>"; echo "Home</a>"; echo "</p>"; echo xhtmlfoot(); exit(); }
how to get the input fields more secure
Comment