Skov I am almost complete with a fully dynamic system and automated system that I think you should wait for.
Solved Donation system (paid $$$)
Discussion in 'Plugin Requests' started by Skov, Jun 30, 2015.
-
Line 103: $result = mysql_query("SELECT DonationTotal FROM accounts WHERE SteamID = ".$steamprofile['steamid']." LIMIT 1");
this is returned by steam api meaning that it will be a valid reponse
please learn how to programme before making such acusations
so bitch got owned, this script is fully safe, i would like to see you try sql inject it lol you mega noob
and finally i was setting this up for him thus it did not matter what php version i used as its fully safe -
-
i dont think you know how safe this script is and yes i know what a sql injection is, i suggest you try such things before commenting because its fully safe. go learn please kid, i used to run a gunz server back in the day with 2000 players online and if my site was vulnerable i would be the first to know about it so please go try.
all the parameters are sent to paypal and paypal responds checking if they are valid and the steam api thats not getting the steam id via users input its actually getting it from steam
so again please learn.
your clearly the guy that made me get scammed by making up lies for their money, You are just as bad as these two who only payed me half for the script.Last edited by a moderator: Dec 7, 2015 -
Wulf Community Admin
Once again, please keep it civil else take it elsewhere. Warnings will be issued if it continues.
-
sorry man but when people dis my work and make false accusations they need to know they made the wrong judgement because this guy made me look bad and made me loose out on getting paid for a script i made i only received half the payment for.
-
Dobody did that except you in this thread. -
i only insulted the people who did not pay me the rest of the money and the person who told them that it had vulnerability, yet it does not
-
In DonationPage.php on line 128
Code:<input type="hidden" name="custom" value="'.$steamprofile['steamid'].'">
Regex101 - online regex editor and debuggerLast edited by a moderator: Dec 7, 2015 -
and you dint notice the clean function on the steam id on the ipn reply ????
$SteamID = clean($_POST['custom']);
Code:function clean($value) { $value = preg_replace(sql_regcase("/(select|shutdown|from|insert|delete|union|0x|cast|exec|varchar|insert into|delete from|update account|update login|update character|ugradeid|drop table|show tables|name|password|login|account|login|clan|character|set|where|#|\*|--|\\\\)/"),"",$value); $value = trim($value); $value = strip_tags($value); $value = addslashes($value); $value = str_replace("'", "", $value); $value = stripcslashes($value); $value = htmlspecialchars($value); return( $value ); }
Last edited by a moderator: Dec 8, 2015 -
i have one done i released it in the other thread and proved this guy above wrong 3 times about the security of it and i am willing to help you out at any price cheaper then Dyceman
-
I am being very civil about trying to show the reason why they didn't pay the rest. I am not acting like a child at all, in fact I am being very professional. I am not the one who is insulting people. The risks of doing freelance work is that there are no guarantees. I have been in your situation before but I never plastered sensitive information and insulted anyone. I will ignore your posts and conversations for now on.
-
because you got proven wrong 3x in a row, and made up lies to get my job nice going bro, yet you are not even a plugin developer i seriously think you will edit my code and use that and only change it around a tiny bit claiming its safe but yeah it was already safe as i used it for 6 years on a server with 2000+ players that constantly tried to abuse the system but infact it did not work so please learn how to read my programming before insulting my work, my work is like my baby when you have something to say i will be there to defend my honnor and if you was wrong i will point it out so you can learn for future references and become a better programmer if anything you should be thanking me that i actually taught you something, that a switch does not insert into a database (like you initially assumed for some reason) and that my paypal ipn verifies all parameters with paypal and that the steam id is checked for any sql injections, so to sum it up you have no idea whats going on.
Last edited by a moderator: Dec 8, 2015 -
PS. This is just my opinion on this, its not meant to insult anyone in any way.
Greetings,
LaserHydra -
I also have a system like this hooked into paypals callback - depends on how you wish to d it, is your web server on the same machine as your rust?
-
Either way, at this point I cant implement your plugin or code in good faith. As said before, feel free to resell the code. The intent of this wasn't to scam code out of you, if it was why would I of paid for more than the first half? When Dyce is done I will compare the two codes (which Dyce has been showing me as he has been building it) If I find anything that is copy of your code, I'm not going to use it either. Had we not had issues implementing this, it would all be over and done by now. Yeah I also probably should of implemented this in test environments, and shielded you from my database passwords etc. better, seeing as you copy pasted it at some point as you leaked my info in your prior post. I'm not going to respond any more, please don't try to contact me any more.
-
we never had issues your host failed on you bro, even your host gator confirmed it was infact a autoback up that caused your web to get wiped we dint even apply any php files on it at that point only made a mysql database, so goodbye.
@LaserHydra
if he insults my scripts i have every right to defend the fact that it is not exploitable, he just kept listing more and more false exploits lol i seriously dont care to be honest its just im proving my point as it is still entirely safe, and in any other situation any plugin developer would defend the fact that their code is secure.
and i'm done and gone, gotta get back to programming StayAlive.Last edited by a moderator: Dec 8, 2015 -
Alright.
-
This can be closed, Dyceman completed the project, much to our satisfaction. Highly recommend contacting him if anyone is interested in a similar system!
-
A simple solution would be the use of the promocodes plugin read out the codes from another script the codes are saved in a json format so that should be easy and giving these out to users who donate via a Sonate script ON your Website
Note a small change within promocodes that adds users to a specific group