Author Topic: Security Fix: members/retract_credits_link.php  (Read 2539 times)

0 Members and 1 Guest are viewing this topic.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Security Fix: members/retract_credits_link.php
« on: April 03, 2011, 02:21:25 AM »
It has come to our attention that people have been adding ad credits through their my ads pages. Here is the fix:

Go to your members/retract_credits_link.php  file around lines 24 to 40, remove what is in bold:

if($action == "retract") {
   if($credits < 1) {
      $error_msg="You must enter at least 1 credit!";
   }
 else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else {
      if($credits > $thisad[credits]) {
         $credits=$thisad[credits];
      }
      else {
      $sql=$Db1->query("UPDATE ads SET credits=credits-$credits WHERE id='$id'");
      $sql=$Db1->query("UPDATE user SET link_credits=link_credits+".($credits*$settings['class_'.strtolower($thisad['class']).'_credit_ratio'])." WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=link&".$url_variables."");

   }
}

and then add what is in bold so it looks like the code below:

if($action == "retract") {
   if($credits < 1) {
      $error_msg="You must enter at least 1 credit!";
   }   
   else if( ereg("[^0-9]", $credits) ){
        $error_msg="You can only put in numbers 0 to 9";
      }  
   else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else if($credits > $thisad[credits]) {
      $error_msg="You can not remove more credits than you have!!";
   }
   else {
      $credits=asql($credits);
      $username=asql($username);
      $formula=($credits*$settings['class_'.strtolower($thisad['class']).'_credit_ratio']);
      if(is_int($formula) || is_float($formula))
      {
         $sql=$Db1->query("UPDATE ads SET credits=credits-$credits WHERE id='$id'");
         $sql=$Db1->query("UPDATE user SET link_credits=link_credits+$formula WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=link&".$url_variables."");
      }

   }
}
« Last Edit: May 18, 2011, 08:28:45 AM by cARRIE »

Offline DDesign

  • Sr. Member
  • ****
  • Posts: 414
  • Spam Bot Destroyer
    • View Profile
    • is tango down?
Re: Security Fix: members/retract_credits_link.php
« Reply #1 on: April 03, 2011, 02:52:55 AM »
also be advised that you need to have your host disable the linux command wget. this will stop people from php shelling your site. Which is UBER bad.

Offline reider666

  • Full Member
  • ***
  • Posts: 191
    • View Profile
Re: Security Fix: members/retract_credits_link.php
« Reply #2 on: April 06, 2011, 04:07:26 AM »
I added this but when I try to retract credits i got always : You can only put in numbers 0 to 9

Offline DDesign

  • Sr. Member
  • ****
  • Posts: 414
  • Spam Bot Destroyer
    • View Profile
    • is tango down?
Re: Security Fix: members/retract_credits_link.php
« Reply #3 on: April 06, 2011, 05:37:33 AM »
I added this but when I try to retract credits i got always : You can only put in numbers 0 to 9
are you only using numbers?

Offline reider666

  • Full Member
  • ***
  • Posts: 191
    • View Profile
Re: Security Fix: members/retract_credits_link.php
« Reply #4 on: April 06, 2011, 02:43:27 PM »
Yes  i tried different numbers but result was this message

Offline bprasetio

  • Hero Member
  • *****
  • Posts: 831
    • View Profile
Re: Security Fix: members/retract_credits_link.php
« Reply #5 on: April 06, 2011, 04:38:29 PM »
I think JT missed some parts...

here my modified version, tested on my local machine only..

remove this code:
Quote
  if($credits < 1) {
      $error_msg="You must enter at least 1 credit!";
   }

replace with this code:
Quote
  if( ereg("[^0-9]", $credits) ){
        $error_msg="You can only put in numbers 0 to 9";
   }  


Remove this code
Quote
  else if( ereg("[0-9]", $credits) ){
        $error_msg="You can only put in numbers 0 to 9";
   }  


So, the final piece of code looks like this:
Quote
if($action == "retract") {
  if( ereg("[^0-9]", $credits) ){
        $error_msg="You can only put in numbers 0 to 9";
   }  
  else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else if($credits > $thisad[credits]) {
      $error_msg="You can not remove more credits than you have!!";
   }
   else {
      $sql=$Db1->query("UPDATE ads SET credits=credits-$credits WHERE id='$id'");
      $sql=$Db1->query("UPDATE user SET link_credits=link_credits+".($credits*$settings['class_'.strtolower($thisad['class']).'_credit_ratio'])." WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=link&".$url_variables."");
   }
}

and same with other retract credit ad (banner, fbanner, xsite, ptsu, ptrads, fad, email)

Hope this help...
« Last Edit: April 06, 2011, 04:45:49 PM by bprasetio »

Offline reider666

  • Full Member
  • ***
  • Posts: 191
    • View Profile
Re: Security Fix: members/retract_credits_link.php
« Reply #6 on: April 07, 2011, 01:43:48 PM »
thx now it works

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Re: Security Fix: members/retract_credits_link.php
« Reply #7 on: April 10, 2011, 09:32:23 AM »
yeah looks like I forgot the ^ in that code. OP updated as well as the others.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Re: Security Fix: members/retract_credits_link.php
« Reply #8 on: April 10, 2011, 01:22:31 PM »
 else {
      $credits=asql($credits);
      $username=asql($username);
      $formula=($thisad[credits]*$settings['class_'.strtolower($thisad['class']).'_credit_ratio']);
      $formula=asql($formula);
      if(is_int($formula) || is_float($formula))
      {
         $sql=$Db1->query("UPDATE ads SET credits=credits-$credits WHERE id='$id'");
         $sql=$Db1->query("UPDATE user SET link_credits=link_credits+$formula WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=link&".$url_variables."");
      }
   }

Added by Greg from Offerscript.

Thanks Greg

You will also need to add this functions to your includes/function.php file:
This is copyrighted by CODE COPYRIGHT TO GPSBLACK/OFFERSCRIPT

function asql($string)
{
  if(get_magic_quotes_gpc())
  {
     $string = strip_tags($string);
     $string = stripslashes($string);
  }
  if (phpversion() >= '4.3.0')
  {
     $string = strip_tags($string);
      $string = mysql_real_escape_string($string);
  }
  else
  {
     $string = mysql_escape_string($string);
  }
  return $string;
}
« Last Edit: April 10, 2011, 02:06:04 PM by 757jterrell »

Offline forcingnet

  • Jr. Member
  • **
  • Posts: 82
    • View Profile
Re: Security Fix: members/retract_credits_link.php
« Reply #9 on: April 24, 2011, 09:49:07 AM »
I got this error

Parse error: syntax error, unexpected $end in /home/clicksca/public_html/members/retract_credits_link.php on line 88
 and on line 88  i have this: ?>
then the file finished.


Offline DDesign

  • Sr. Member
  • ****
  • Posts: 414
  • Spam Bot Destroyer
    • View Profile
    • is tango down?
Re: Security Fix: members/retract_credits_link.php
« Reply #10 on: April 27, 2011, 12:17:21 PM »
that means your missing a } somewhere

Offline clickinator

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Security Fix: members/retract_credits_link.php
« Reply #11 on: May 03, 2011, 02:34:05 PM »
So is this what I should now have in my retract-credit-links.php folder ?

if($action == "retract") {
  if( ereg("[^0-9]", $credits) ){
        $error_msg="You can only put in numbers 0 to 9";
   } 
  else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else if($credits > $thisad[credits]) {
      $error_msg="You can not remove more credits than you have!!";
   }
   else {
      $credits=asql($credits);
      $username=asql($username);
      $formula=($thisad[credits]*$settings['class_'.strtolower($thisad['class']).'_credit_ratio']);
      $formula=asql($formula);
      if(is_int($formula) || is_float($formula))
      {
         $sql=$Db1->query("UPDATE ads SET credits=credits-$credits WHERE id='$id'");
         $sql=$Db1->query("UPDATE user SET link_credits=link_credits+$formula WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=link&".$url_variables."");
      }
   }

Also you say add some code to includes/functions folder does it matter where you put the code in that folder ?


You will also need to add this functions to your includes/function.php file:
This is copyrighted by CODE COPYRIGHT TO GPSBLACK/OFFERSCRIPT

function asql($string)
{
  if(get_magic_quotes_gpc())
  {
     $string = strip_tags($string);
     $string = stripslashes($string);
  }
  if (phpversion() >= '4.3.0')
  {
     $string = strip_tags($string);
      $string = mysql_real_escape_string($string);
  }
  else
  {
     $string = mysql_escape_string($string);
  }
  return $string;
}

can I add this anywhere ?

Offline DDesign

  • Sr. Member
  • ****
  • Posts: 414
  • Spam Bot Destroyer
    • View Profile
    • is tango down?
Re: Security Fix: members/retract_credits_link.php
« Reply #12 on: May 04, 2011, 12:59:00 PM »
the function should go in the functions but it is possible that you already have it, if you still using the files you had me secure.

Offline cARRIE

  • Hero Member
  • *****
  • Posts: 1452
    • View Profile
    • EonCreatives
Re: Security Fix: members/retract_credits_link.php
« Reply #13 on: May 18, 2011, 08:32:40 AM »
OP has been updated.