Author Topic: Security Fix: members/retract_credits_email.php  (Read 869 times)

0 Members and 1 Guest are viewing this topic.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1637
    • View Profile
    • PTC Factory
Security Fix: members/retract_credits_email.php
« on: April 03, 2011, 02:26:27 AM »
It has come to our attention that people have been adding ad credits through their my ads pages. Here is the fix:

Go to your members/retract_credits_email.php  file around lines 24 to 40, remove what is in bold:

if($action == "retract") {
   if($credits < 1) {
      $error_msg="You must enter at least 1 credit!";
   }
   else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else {
      if($credits > $thisad[credits]) {
         $credits=$thisad[credits];
      }

      $sql=$Db1->query("UPDATE emails SET credits=credits-$credits WHERE id='$id'");
      $sql=$Db1->query("UPDATE user SET ptr_credits=ptr_credits+$credits WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=emails&".$url_variables."");
   }
}

and then add what is in bold so it looks like the code below:

if($action == "retract") {
   if($credits < 1) {
      $error_msg="You must enter at least 1 credit!";
   }
   else if($thisad[username] != $username) {
      $error_msg="You do not have permission to edit this!!";
   }
   else if( ereg("[^0-9]", $credits) ){
           $error_msg="You can only put in numbers 0 to 9";
      }
      else if($credits > $thisad[credits]) {
            $error_msg="You can not remove more credits than you have!!";
      }

   else {
                $credits=asql($credits);
      $username=asql($username);

                $sql=$Db1->query("UPDATE emails SET credits=credits-$credits WHERE id='$id'");
      $sql=$Db1->query("UPDATE user SET ptr_credits=ptr_credits+$credits WHERE username='$username'");
      $Db1->sql_close();
      header("Location: index.php?view=account&ac=myads&adtype=emails&".$url_variables."");
   }
}
« Last Edit: April 10, 2011, 03:43:45 PM by 757jterrell »

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1637
    • View Profile
    • PTC Factory
Re: Security Fix: members/retract_credits_email.php
« Reply #1 on: April 10, 2011, 01:19:27 PM »
$credits=asql($credits);
$username=asql($username);

Added by Greg from Offerscript

Thanks Greg

You will also need to add this functions to your includes/function.php file:
This is copyrighted by CODE COPYRIGHT TO GPSBLACK/OFFERSCRIPT

function asql($string)
{
  if(get_magic_quotes_gpc())
  {
     $string = strip_tags($string);
     $string = stripslashes($string);
  }
  if (phpversion() >= '4.3.0')
  {
     $string = strip_tags($string);
      $string = mysql_real_escape_string($string);
  }
  else
  {
     $string = mysql_escape_string($string);
  }
  return $string;
}
« Last Edit: April 10, 2011, 01:39:53 PM by 757jterrell »