Jump to content

cherri8

Members
  • Posts

    43
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

cherri8's Achievements

Newbie

Newbie (1/7)

3

Reputation

  1. i dont have members for it as yet but i did postback test on those offerwall sites. i did change code to match my site. it seems that the server will only allow changes to the database if someone is present on the page and if it's my own site.
  2. hi when i get postbacks from the outside like mediumpath which is an offerwall, my database doesnt update or select member's info. i didnt use the exact postback below but it's the same idea. it's an example from that site. if(!empty($_POST)){ define('EvolutionScript', 1); define('ROOTPATH',dirname(__FILE__).'/'); define('INCLUDES',ROOTPATH.'includes/'); require(INCLUDES.'core.php'); require_once INCLUDES.'global.php'; $user_id = isset($_POST['user_id']) ? $_POST['user_id'] : null; $transId = isset($_POST['transId']) ? $_POST['transId'] : null; $reward = isset($_POST['reward']) ? $_POST['reward'] : null; $currency = isset($_POST['currency']) ? $_POST['currency'] : null; $signature = isset($_POST['signature']) ? $_POST['signature'] : null; $status = isset($_POST['status']) ? $_POST['status'] : null; $userIp = isset($_POST['userIp']) ? $_POST['userIp'] : null; $campaign_id = isset($_POST['campaign_id']) ? $_POST['campaign_id'] : null; $country = isset($_POST['country']) ? $_POST['country'] : null; $secret = "[YOUR_WEBSITE/APP_SECRET_KEY]"; // check your app info at www.mediumpath.com $user_id = isset($_POST['user_id']) ? $_POST['user_id'] : null; $transId = isset($_POST['transId']) ? $_POST['transId'] : null; $reward = isset($_POST['reward']) ? $_POST['reward'] : null; $signature = isset($_POST['signature']) ? $_POST['signature'] : null; if(md5($user_id.$transId.$reward.$secret) != $signature){ print_r($_POST); exit; }else{ $insert = array( 'user_id' => $user_id, 'transId' => $transId, 'reward' => $reward, 'currency' => $currency, 'signature' => $signature, 'status' => $status, 'userIp' => $userIp, 'campaign_id' => $campaign_id, 'country' => $country, ); $insertdb = $db->insert("mediumpathipn", $insert); $orderid = $db->lastInsertId(); $user_info = $db->fetchRow("SELECT * FROM members WHERE id={$user_id}"); if(!empty($user_info)){ $set = array( 'money' => $user_info['money']+$reward, ); $upd = $db->update("members", $set, "id = {$user_id}"); } } }else{ echo "ERROR: No key founds"; exit; }
  3. hi i have a little issue. Host server doesn't want to change database when there is incoming info from postbacks. Is there a code to stop this in htaccess or something?. I had a gpt site that had no issues but i didnt create the script and the script was encrypted.
  4. HI During my third comment I understood what you meant by that.I should have been more clear.Both you and Don E answer all my questions perfectly.You all help me allot.Thanks
  5. Ok.Thanks It is alright if I don't receive your help anymore .Im fine if others will do the same.For my last comment I wasnt saying that people who use wth or wtf are being rude or offensive but It only depends on how those statements are used and in what situation. If I explain further I might confuse you.I usually get made fun of about the way I write on the net.Good bye and thanks allot for your help. Sorry if you think I offended you.
  6. I already know what wth means but i didnt know if you were trying to be rude to me.Wth or wtf is suppose to be offensive statements but i guess everyone doesn't know so nevermind.
  7. Thanks but I don't know why the bold part was even necessary since I get that.you don't understand anything I wrote.It is hard to tell if you are trying to offend me?........
  8. hi, I have a question about the code below which has always been on my mind.Is there a limit to how many times I use the elseif(condition) ?.the site only mentions that several blocks of code can be executed but i don't know the amount of code that can't be used.first i'll use the if statement to check if user inputs are empty and in the else statement it would contain more condition statements: in the if(condition) and elseif(condition) i will validate(for these conditions it would show true that there has been an error like for example: the users didn't use a proper email address) user inputs and in the else im plan to put user input in database( since the other conditions aren't true it would be safe to enter user data in database).thanks if (condition){code to be executed if condition is true;}elseif (condition){code to be executed if condition is true;}else{code to be executed if condition is false;}
  9. I will look at the codes on the net to understand session handler better
  10. Thanks you all. Thanks Birbal :I wanted to make my own codes for session_set_save_handler() when I use it to understand it more instead of using the ones that are already made on the net. I notice that most people only use mysql_real_escape_string in handler which wouldn't be enough to filter stuff. It would be more work for me to think of which filters to use for every session data which is one of the reasons why I wanted to use session_set_save_handler() later because im in a rush to finish site for important reasons lol. I already know that I have to use this to filter session id: if ((preg_match('/[^a-zA-Z0-9-,]/i', $sessid ))!==TRUE). If I don't use the handler I did plan to make a mysql query at the login page to put the session id+user agent in database.After i will get ip from database that was put there during signup than put session id+user agent+ip in session at login page.yah it sounds like allot of work my way and confusing too lol.It seems that with session_set_save_handler() I don't have to do a mysql query every time to put session data in database.
  11. Thanks i'll check user agent string with ip. I dont know how to decode after hashing stuff so i hope that i dont need to decode user agent string.ill put hash user agent string in database.
  12. Thanks.So far i already have $_SESSION['ipcheck'] = true;(when ip is already found in database) and $_SESSION['logincheck'] = true;(when password and username is found in database).I'll use this code below that i found on wiki that has user agent.ill change up some stuff in code.The user agent stuff is new to me s i had to google it.if (strpos($_SERVER['HTTP_REFERER'], 'https://DiD/') !== 0 || isset($_GET['LOGOUT']) || $_SERVER['REMOTE_ADDR'] !== $_SESSION['PREV_REMOTEADDR'] || $_SERVER['HTTP_USER_AGENT'] !== $_SESSION['PREV_USERAGENT']) session_destroy(); session_regenerate_id(); // generate a new session identifier $_SESSION['PREV_USERAGENT'] = $_SERVER['HTTP_USER_AGENT'];$_SESSION['PREV_REMOTEADDR'] = $_SERVER['REMOTE_ADDR'];
  13. Thanks for help :Happy: . I thought that the session set safe handler was also use to prevent people's session ID from being stolen. I'll only use the session regenerate Id and not the session set safe handler. I'll just use the defaults. If I put error in files ,I'll store them in the private directory on server that is above the public directorys.
  14. Hi, Session set safe handing is abit confusing for me to use now even though i can get the codes on the net.I will not be able to store sessions in database without the session set safe handler.if I always change session id when users login than i shouldnt have to use session set safe handler? is this code alone good enough to use to change id? .i got the code from wikipedia : //accept only SIDs generated on my serverif (!isset($_SESSION['SERVER_GENERATED_SID'])) { session_destroy(); // destroy all data in session}session_regenerate_id(); // new sid$_SESSION['SERVER_GENERATED_SID'] = true; Are errors safe in the error log on server? and is this code that i got at php.net good enough to use for error logging? my purpose is to not display errors to people. /* 00.00.00.00 is replace with the site owner ip address.*/// Report all PHP errorserror_reporting(-1);if($_SERVER['REMOTE_ADDR']=="00.00.00.00"){ini_set('display_errors','On');}else{ini_set('display_errors','Off');}
×
×
  • Create New...