Solved Donation system (paid $$$)

Discussion in 'Plugin Requests' started by Skov, Jun 30, 2015.

  1. Skov I am almost complete with a fully dynamic system and automated system that I think you should wait for.
     
  2. Line 45: switch($_POST['payment_status']) this is not inserting into a database please learn that these responses are authed and verified via paypal thus will never return a sql injection


    Line 103: $result = mysql_query("SELECT DonationTotal FROM accounts WHERE SteamID = ".$steamprofile['steamid']." LIMIT 1");

    this is returned by steam api meaning that it will be a valid reponse

    please learn how to programme before making such acusations

    so bitch got owned, this script is fully safe, i would like to see you try sql inject it lol you mega noob

    and finally i was setting this up for him thus it did not matter what php version i used as its fully safe :)
     
  3. I don't think you know what a SQL injection is. (SQL Injection - OWASP)
     
  4. i dont think you know how safe this script is and yes i know what a sql injection is, i suggest you try such things before commenting because its fully safe. go learn please kid, i used to run a gunz server back in the day with 2000 players online and if my site was vulnerable i would be the first to know about it so please go try.


    all the parameters are sent to paypal and paypal responds checking if they are valid and the steam api thats not getting the steam id via users input its actually getting it from steam

    so again please learn.

    your clearly the guy that made me get scammed by making up lies for their money, You are just as bad as these two who only payed me half for the script.
     
    Last edited by a moderator: Dec 7, 2015
  5. Wulf

    Wulf Community Admin

    Once again, please keep it civil else take it elsewhere. Warnings will be issued if it continues.
     
  6. sorry man but when people dis my work and make false accusations they need to know they made the wrong judgement because this guy made me look bad and made me loose out on getting paid for a script i made i only received half the payment for.
     
  7. You make yourself look bad by insulting people randomly ;)
    Dobody did that except you in this thread.
     
  8. i only insulted the people who did not pay me the rest of the money and the person who told them that it had vulnerability, yet it does not
     
  9. In DonationPage.php on line 128
    Code:
    <input type="hidden" name="custom" value="'.$steamprofile['steamid'].'">
    is your vulnerability because I can set custom to '<a steamid goes here>' AND steamID IN('<a steamid goes here>','<a steamid goes here>', '<a steamid goes here>')-#- and it will run right through and adjust the other steamids

    Regex101 - online regex editor and debugger
     
    Last edited by a moderator: Dec 7, 2015
  10. and you dint notice the clean function on the steam id on the ipn reply ????

    $SteamID = clean($_POST['custom']);

    Code:
    function clean($value)
    {
        $value = preg_replace(sql_regcase("/(select|shutdown|from|insert|delete|union|0x|cast|exec|varchar|insert into|delete from|update account|update login|update character|ugradeid|drop table|show tables|name|password|login|account|login|clan|character|set|where|#|\*|--|\\\\)/"),"",$value);
        $value = trim($value);
        $value = strip_tags($value);
        $value = addslashes($value);
        $value = str_replace("'", "", $value);
        $value = stripcslashes($value);
        $value = htmlspecialchars($value);
        return( $value );
    }
    I am sorry bro but anything you try to prove will be proven wrong, I am serious stop trying to prove me wrong its one thing your stealing my money its a second thing you thing that you keep claiming my script is not safe yet I've proven you wrong 3x in a row please for peet sakes just give up as you lost already. Stop trying to prove your better because i don't care any more your acting like a child and its rather silly as wolf said leave this place and stop spamming with useless comments that mean nothing and are not actually vulnerability (as they are checked on the callback like where any logical person), although i cant imagine how bad your script will actually be due to all these fake vulnerability you keep picking up on makes me think if you actually saw one you wouldn't know it was one and by the sounds of it you have had 1 year experience or maybe 2 at a push because anyone with knowledge would totally be able to full interpretation the scripts and understand what's going on but you failed to 3 times lol!
     
    Last edited by a moderator: Dec 8, 2015
  11. i have one done i released it in the other thread and proved this guy above wrong 3 times about the security of it and i am willing to help you out at any price cheaper then Dyceman
     
  12. I am being very civil about trying to show the reason why they didn't pay the rest. I am not acting like a child at all, in fact I am being very professional. I am not the one who is insulting people. The risks of doing freelance work is that there are no guarantees. I have been in your situation before but I never plastered sensitive information and insulted anyone. I will ignore your posts and conversations for now on.
     
  13. because you got proven wrong 3x in a row, and made up lies to get my job nice going bro, yet you are not even a plugin developer i seriously think you will edit my code and use that and only change it around a tiny bit claiming its safe but yeah it was already safe as i used it for 6 years on a server with 2000+ players that constantly tried to abuse the system but infact it did not work so please learn how to read my programming before insulting my work, my work is like my baby when you have something to say i will be there to defend my honnor and if you was wrong i will point it out so you can learn for future references and become a better programmer if anything you should be thanking me that i actually taught you something, that a switch does not insert into a database (like you initially assumed for some reason) and that my paypal ipn verifies all parameters with paypal and that the steam id is checked for any sql injections, so to sum it up you have no idea whats going on.
     
    Last edited by a moderator: Dec 8, 2015
  14. I am watching this conversation since some posts now. And really. Just leave it like it is. ownprox you are picking it back up with every post, all you do is repeating yourself. I don't think Dyceman will change his mind if you will tell him the same over and over again. You should maybe just stop this conversation and remain peaceful and civil. This is just my advise. Also as Wulf said, that is not supposed to be discussed here. If you want to continue on this conversation anyways, I'd recommend moving to PM or some chat application (skype, steam etc.).
    PS. This is just my opinion on this, its not meant to insult anyone in any way.
    Greetings,
    LaserHydra
     
  15. I also have a system like this hooked into paypals callback - depends on how you wish to d it, is your web server on the same machine as your rust?
     
  16. Either way, at this point I cant implement your plugin or code in good faith. As said before, feel free to resell the code. The intent of this wasn't to scam code out of you, if it was why would I of paid for more than the first half? When Dyce is done I will compare the two codes (which Dyce has been showing me as he has been building it) If I find anything that is copy of your code, I'm not going to use it either. Had we not had issues implementing this, it would all be over and done by now. Yeah I also probably should of implemented this in test environments, and shielded you from my database passwords etc. better, seeing as you copy pasted it at some point as you leaked my info in your prior post. I'm not going to respond any more, please don't try to contact me any more.
     
  17. we never had issues your host failed on you bro, even your host gator confirmed it was infact a autoback up that caused your web to get wiped we dint even apply any php files on it at that point only made a mysql database, so goodbye.

    @LaserHydra
    if he insults my scripts i have every right to defend the fact that it is not exploitable, he just kept listing more and more false exploits lol i seriously dont care to be honest its just im proving my point as it is still entirely safe, and in any other situation any plugin developer would defend the fact that their code is secure.

    and i'm done and gone, gotta get back to programming StayAlive.
     
    Last edited by a moderator: Dec 8, 2015
  18. Alright.
     
  19. This can be closed, Dyceman completed the project, much to our satisfaction. Highly recommend contacting him if anyone is interested in a similar system!
     
  20. A simple solution would be the use of the promocodes plugin read out the codes from another script the codes are saved in a json format so that should be easy and giving these out to users who donate via a Sonate script ON your Website

    Note a small change within promocodes that adds users to a specific group