[Release] WebShop For 97d+99i Update 4

DemonuMu · Dec 16, 2016

DarkMaster fixed the problems with the security some guys show me this message

I appreciate your efforts, but this is actually still quite hackable. I haven't run this to try it first hand, but looking at the code you can see typical security risks. For example, below you don't use any parameterised queries for your INSERT/UPDATE queries.

imanager.php -

Code:

update [WebShop] set
[name]='".$_POST['newname']."',
[credits]='".$_POST['credits']."',
[default_durability]='".$_POST['itemdur']."',
[X]='".$_POST['itemx']."',
[Y]='".$_POST['itemy']."',
[luck]='".$useLuck."',
[skill]='".$useSkill."',
[hasLevel]='".$useLvl."',
[id]='".$_POST['item_id']."',
[type]='".$_POST['item_index']."',
[hasOption]='".$useOpt."',
[optionType]='".$_POST['opt']."',
[ex_type]='".$_POST['exl']."',
[category]='".$_POST['cat']."',
[stickLevel]='".$_POST['stickLevel']."',
[maxitop]='".$_POST['maxitop']."',
[maxitxl]='".$_POST['maxitxl']."',
[maxitlv]='".$_POST['maxitlv']."'
where [uid]='".$_POST['itemid']."';
";
if (!mssql_query($newquery))
print '<br>'.mssql_get_last_message();
else
print '<br>> Item edited successfully < <select style="display:none;">';
}

You can falsify $_POST data by injecting a JS script in to feed a string in as the required $_POST variables. But here you just directly feed raw $_POST data into the DB. Suddenly you'll find some top option items and wonder where they came from.

But thanks for sharing, a lot of people might want this just on their local server to make it easier to add items if they're new to administrating the game

.

RaFa · Dec 16, 2016

DemonuMu said:
DarkMaster fixed the problems with the security some guys show me this message

I appreciate your efforts, but this is actually still quite hackable. I haven't run this to try it first hand, but looking at the code you can see typical security risks. For example, below you don't use any parameterised queries for your INSERT/UPDATE queries.

imanager.php -

Code:

update [WebShop] set
[name]='".$_POST['newname']."',
[credits]='".$_POST['credits']."',
[default_durability]='".$_POST['itemdur']."',
[X]='".$_POST['itemx']."',
[Y]='".$_POST['itemy']."',
[luck]='".$useLuck."',
[skill]='".$useSkill."',
[hasLevel]='".$useLvl."',
[id]='".$_POST['item_id']."',
[type]='".$_POST['item_index']."',
[hasOption]='".$useOpt."',
[optionType]='".$_POST['opt']."',
[ex_type]='".$_POST['exl']."',
[category]='".$_POST['cat']."',
[stickLevel]='".$_POST['stickLevel']."',
[maxitop]='".$_POST['maxitop']."',
[maxitxl]='".$_POST['maxitxl']."',
[maxitlv]='".$_POST['maxitlv']."'
where [uid]='".$_POST['itemid']."';
";
if (!mssql_query($newquery))
print '<br>'.mssql_get_last_message();
else
print '<br>> Item edited successfully < <select style="display:none;">';
}

You can falsify $_POST data by injecting a JS script in to feed a string in as the required $_POST variables. But here you just directly feed raw $_POST data into the DB. Suddenly you'll find some top option items and wonder where they came from.

But thanks for sharing, a lot of people might want this just on their local server to make it easier to add items if they're new to administrating the game .

Won't happen. It's not a good practice either. But on line 4 you can see that the function ISeeDeadPeople is invoked. It won't be found (it's not included in this file) the script will terminate with Fatal error and the SQL query won't be executed.

djagripnos · Dec 22, 2016

@DarkMAster Please ADd Modules Paypal For Buy Credits Automatic Add account

DemonuMu · Dec 22, 2016

add new commands for this webshop to work buy soul life chaos bless etc because this webshop dont have this commands

GTI · Dec 22, 2016

DemonuMu said:
add new commands for this webshop to work buy soul life chaos bless etc because this webshop dont have this commands

As you wish My King!

djagripnos · Dec 28, 2016

@DarkMAster Add New Modules Webshop paypal buy credits automatic

DemonuMu · Dec 31, 2016

new problems i found DarkMaster with the webshop the install work correct login panel + admin panel same work correct with no problems but when you try to buy items no work

this is the problems when you try to buy items:

djagripnos · Dec 31, 2016

Webshop is Bugs Check i am sellect one items is not Show option sellect buy

DarkMaster · Dec 31, 2016

DemonuMu said:
new problems i found DarkMaster with the webshop the install work correct login panel + admin panel same work correct with no problems but when you try to buy items no work

this is the problems when you try to buy items:

djagripnos said:
Webshop is Bugs Check i am sellect one items is not Show option sellect buy

Re-download.

Apfre · Jan 1, 2017

DemonuMu said:
add new commands for this webshop to work buy soul life chaos bless etc because this webshop dont have this commands

Tutorial add item manualy in 97d+99i webshop.

Add some new item in db:
Example:

INSERT INTO [WebShop] (id,type,ex_type,name,credits,X,Y,luck,skill,hasLevel,default_durability,hasOption,optionType,category,stickLevel,maxitop,maxitlv,maxitxl) VALUES (0,13,0,'Guardian Angel',0,1,1,0,0,0,0,0,0,0,0,0,0,0);

1.Open item manager [in htpp://..../webshop]
2.Chose Guardian angel[you will no lost guardian angel because you add new guardian angel, and we just changed one of them]

3.Change item like you want(index id name ....) (use your server item.txt in Data\lang\kor)

*Remember about Display category i use this

4.Click save and now you can buy new item...
To add image , find image what you wan to display and rename it to 00019.gif .../webshop/index/image/00019.gif ]
and put in correct folder.
Hope i help you how to add manualy some items.

DemonuMu · Jan 1, 2017

Apfre said:
Tutorial add item manualy in 97d+99i webshop.

Add some new item in db:
Example:

INSERT INTO [WebShop] (id,type,ex_type,name,credits,X,Y,luck,skill,hasLevel,default_durability,hasOption,optionType,category,stickLevel,maxitop,maxitlv,maxitxl) VALUES (0,13,0,'Guardian Angel',0,1,1,0,0,0,0,0,0,0,0,0,0,0);

1.Open item manager [in htpp://..../webshop]
2.Chose Guardian angel[you will no lost guardian angel because you add new guardian angel, and we just changed one of them]

3.Change item like you want(index id name ....) (use your server item.txt in Data\lang\kor)

*Remember about Display category i use this

4.Click save and now you can buy new item...
To add image , find image what you wan to display and rename it to 00019.gif .../webshop/index/image/00019.gif ]
and put in correct folder.
Hope i help you how to add manualy some items.

thanks for the tutorial but i dont think I understood maybe for you is easy but for some on is hard when is try for the first time

DemonuMu · Jul 12, 2017

fixed

DemonuMu · Dec 15, 2017

Hi DarkMaster I found a bug let's say that I want players to buy items from the webshop with up to 2 options does not work

$webshop['limit']['item_excellent'] = 2; // Max excellent options an item can have (Default: 6)

In the first picture we see that it shows us a message that only 2 options can buy

But if I press ok I can again select which option I want,then I add it in my vault and have full option

Apfre · Dec 15, 2017

DemonuMu said:
Hi DarkMaster I found a bug let's say that I want players to buy items from the webshop with up to 2 options does not work

In the first picture we see that it shows us a message that only 2 options can buy

But if I press ok I can again select which option I want,then I add it in my vault and have full option

In database you can change the max options and other things.

G]

But also write same ex options in webshop options.

Speedy · Dec 26, 2017

anyoane knows how can i activate shop logs?

fixed, ty anyway.

DemonuMu · Jan 1, 2018

the original creator KlubZoneMu 97d99i Exp: 100x Drop: 25% had problems with hackers

who hacked it the webshop bypass the security and use admin panel and he did what he wanted with your credits etc

This is the screen with your webshop+admin panel connect and have no security

this is the code /index.php?page=OnlineSELECT%20*%20FROM%20Character

http://demonumu.sytes.net/webshop/index.php?page=OnlineSELECT * FROM Character

Now you secure the admin panel and use this code again no work

djagripnos · Jan 1, 2018

DemonuMu said:
the original creator KlubZoneMu 97d99i Exp: 100x Drop: 25% had problems with hackers

who hacked it the webshop bypass the security and use admin panel and he did what he wanted with your credits etc

This is the screen with your webshop+admin panel connect and have no security

this is the code /index.php?page=OnlineSELECT%20*%20FROM%20Character

http://demonumu.sytes.net/webshop/index.php?page=OnlineSELECT * FROM Character

Now you secure the admin panel and use this code again no work

i am testings this is not hack lol is from problem xampp

DemonuMu · Jan 1, 2018

djagripnos said:
i am testings this is not hack lol is from problem xampp

the xampp have no problems once you delete the install and PhpMyAdmin the webshop is the problems because once this creator add this new security the hackers stop hack the webshop+admin panel

djagripnos · Jan 1, 2018

DemonuMu said:
the xampp have no problems once you delete the install and PhpMyAdmin the webshop is the problems because once this creator add this new security the hackers stop hack the webshop+admin panel

you work install 1.7.1 is not have good protection go install last version!

DemonuMu · Jan 1, 2018

djagripnos said:
you work install 1.7.1 is not have good protection go install last version!

maybe for you xampp 1.7.1 have no security but if you have like me then you have no problems (devil)

[Release] WebShop For 97d+99i Update 4

Well-Known Member

Team Member

Banned

Well-Known Member

Well-Known Member

Banned

Well-Known Member

Banned

Administrator

Member

Well-Known Member

Well-Known Member

Well-Known Member

Member

Dorin

Well-Known Member

Banned

Well-Known Member

Banned

Well-Known Member

Similar threads