 PHP interesse |
|
Beste mensen,
Ik heb een Mobile Money script gemaakt, die ik gebruik om donaties te ontvangen van leden, die vervolgens in plaats daarvoor credits ontvangen, maar een week geleden ben ik 2 keer gehackt op Mobile Money, het kwam erop neer dat het script niet goed was beveiligd, waardoor men het wachtwoord in het script kan zien van je Mobile Money account, want die moet je invoeren om verbinding te kunnen maken met je Mobile Money account, ik hoorde een aantal keren, dat je ook verbinding kan maken met je account zonder dat je een wachtwoord hoeft in te toetsen, dat heb ik dus geprobeerd, maar ik kom er maar niet uit.. dus ik wil jullie om hulp vragen.
-Ik hoop dat jullie me kunnen helpen.
MvG, bozmafia
~Het script ziet er als volgt uit:
//punten kopen
<?
if(isset($_POST['verify'])){
$code=$_POST['code'];
$checkpoints = mysql_query("SELECT * FROM `verify` WHERE `code` = '$code'");
$url = "http://www.mobilemoney.com/validate.asp?username=naam&password=blabla&pincode=$code&output=valid";
$open = file($url);
if(!$open){
echo "<font color=red>* The file couldn't be opened.</font>";
}
else{
if($open[0] == -2){
echo "<font color=red>* You don't have acces to this content.</font>";
}
elseif(mysql_num_rows($checkpoints) >= 1) {
echo "<font color=red>* Your code has already been used.</font>";
}
elseif($open[0] == -1){
echo "<font color=red>* This is an invalid code.</font>";
}
elseif($open[0] == -3){
echo "<font color=red>* You didn't enter a code.</font>";
}
elseif(preg_match("/#/i", "$code")) {
echo "<font color=red>* Don't try to exploit bitch.</font>";
}
elseif(preg_match("/&/i", "$code")) {
echo "<font color=red>* Don't try to exploit bitch.</font>";
}
elseif(mysql_num_rows($checkpoints) >= 1) {
echo "<font color=red>* Your code has already been used.</font>";
}
else{
mysql_query("UPDATE users SET points=points+'25' WHERE username='$username'");
$date = date('Y-m-d H:i:s');
mysql_query("INSERT INTO buypoints (`id`,`name`,`time`) VALUES ('','$username','$date')");
mysql_query("INSERT INTO verify (`id`,`user`,`code`,`datum`) VALUES ('','$username','$code','$date')");
echo "Thank you for purchasing points. Your points have been added to your account. You may not see them immediatly, try to click on points again.";
}
}
}
?>
<? if(isset($_POST['verify'])){ $code=$_POST['code']; $checkpoints = mysql_query("SELECT * FROM `verify` WHERE `code` = '$code'"); $url = "http://www.mobilemoney.com/validate.asp?username=naam&password=blabla&pincode=$code&output=valid"; if(!$open){ echo "<font color=red>* The file couldn't be opened.</font>"; } else{ if($open[0] == -2){ echo "<font color=red>* You don't have acces to this content.</font>"; } echo "<font color=red>* Your code has already been used.</font>"; } elseif($open[0] == -1){ echo "<font color=red>* This is an invalid code.</font>"; } elseif($open[0] == -3){ echo "<font color=red>* You didn't enter a code.</font>"; } echo "<font color=red>* Don't try to exploit bitch.</font>"; } echo "<font color=red>* Don't try to exploit bitch.</font>"; } echo "<font color=red>* Your code has already been used.</font>"; } else{ mysql_query("UPDATE users SET points=points+'25' WHERE username='$username'"); $date = date('Y-m-d H:i:s'); mysql_query("INSERT INTO buypoints (`id`,`name`,`time`) VALUES ('','$username','$date')"); mysql_query("INSERT INTO verify (`id`,`user`,`code`,`datum`) VALUES ('','$username','$code','$date')"); echo "Thank you for purchasing points. Your points have been added to your account. You may not see them immediatly, try to click on points again."; } } } ?>
Medewerker edit:
Fuck -tags en gebruik [code] tags.
|
Wat is jouw favoriete javascript framework? (S: 18, R: 2)
Gesponsorde links
).
Actiefste leden van de maand
