vb.org Archive
Page 168 of 232 « First 68118158166167 168 169170178218 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   uCash & uShop (https://vborg.vbsupport.ru/forumdisplay.php?f=100)
-   -   uCash & uShop old support and thank you thread (https://vborg.vbsupport.ru/showthread.php?t=73736)

Link14716 08-18-2004 09:49 PM
Quote:
Originally Posted by Blam Forumz
What was the exploit?
Using donate, someone can give a user a whole lot of points while only being charged something small, like 1.

A pretty bad exploit if you ask me.

Link14716 08-18-2004 09:51 PM
Quote:
Originally Posted by Deimos
Well that's what I thought, but i've been through the postbit legacy and the showthread files and it's all in there
I'm running IE 6

Here's a screeny of my postbit_legacy template

http://homepage.ntlworld.com/adam.dresch/postbit.PNG
Move
Code:
<if condition="$post['uttstore_glow']"><div id="postmenu_$post[postid]" style="width:100%; filter:Glow(color=$post[uttstore_glow], strength=5);"><else /><div id="postmenu_$post[postid]"></if>
to right before the <a> tag.

Deimos 08-18-2004 09:55 PM
wait that worked
lol
Kick ass, thanks link!

Limpkinw 08-18-2004 10:02 PM
I have modified my Uttstore files is there a way u can tell the changed made on the files or is tehre too many to list?

thanks!

Zelda-King 08-18-2004 10:59 PM
Quote:
Originally Posted by Deimos
Aye, I did that and it stayed the same.
Hmm, would any of the other template or file hacks affect it?
I don't understand why it's not working, when I origiinally had ushop installed it worked aok
After upgrading your forums you need to reinstall the templates via the install script. Assuming you've done that, ensure you've reverted any customised store templates, such as UTTSTORE.

saint_seiya 08-18-2004 11:39 PM
um, glowing username doesn't work, is there any reason why?

Link14716 08-18-2004 11:46 PM
Quote:
Originally Posted by Limpkinw
I have modified my Uttstore files is there a way u can tell the changed made on the files or is tehre too many to list?

thanks!
I believe these edits are correct.

action.admindonate.php (this one is not important, but I fixed it here as well):

Find:
PHP Code:
global $DB_site$bbuserinfo$points$action
Replace with:
PHP Code:
global $DB_site$bbuserinfo$points$action$_FIELDS
Find:
PHP Code:
    return $data
Add Above:
PHP Code:
    $nonoarray = array(" ""'""\""",""+""=""a""b""c""d""e""f""g""h""i""j""k""l""m""n""o""p""q""r""s""t""u""v""w""x""y""z");
    $_FIELDS['points'] = str_replace($nonoarray""$_FIELDS['points']); 
action.bank.php:

Find:
PHP Code:
function uttstore_deposit_sanity($amount) {
    global $points
Replace with:
PHP Code:
function uttstore_deposit_sanity($amount) {
    global $points$_FIELDS
Find:
PHP Code:
    if ($points $amount) {
        $message "You cannot deposit more than you have!";
        uttstore_print_end_message($message);
    } 
Replace with:
PHP Code:
    $nonoarray = array(" ""'""\""",""+""-""=""a""b""c""d""e""f""g""h""i""j""k""l""m""n""o""p""q""r""s""t""u""v""w""x""y""z");
    $_FIELDS['points'] = str_replace($nonoarray""$_FIELDS['points']);
    
    if ($points $_FIELDS['points']) {
        $message "You cannot deposit more than you have!";
        uttstore_print_end_message($message);
    } 
Find:
PHP Code:
function uttstore_withdraw_sanity($bankdata,$mode=2,$amount=0) {
    global $vbphrase
Replace with:
PHP Code:
function uttstore_withdraw_sanity($bankdata,$mode=2,$amount=0) {
    global $vbphrase$_FIELDS
Find:
PHP Code:
        if ($amount <= "0") {
            $message "You may not withdraw a non-positive amount!";
            uttstore_print_end_message($message);
        }
        if ($bankdata['amount'] < $amount) {
            $message "You cannot withdraw more than you have!";
            uttstore_print_end_message($message);
        } 
Replace with:
PHP Code:
        $nonoarray = array(" ""'""\""",""+""-""=""a""b""c""d""e""f""g""h""i""j""k""l""m""n""o""p""q""r""s""t""u""v""w""x""y""z");
        $_FIELDS['points'] = str_replace($nonoarray""$_FIELDS['points']);
        
        if ($_FIELDS['points'] <= "0") {
            $message "You may not withdraw a non-positive amount!";
            uttstore_print_end_message($message);
        }
        if ($bankdata['amount'] < $_FIELDS['points']) {
            $message "You cannot withdraw more than you have!";
            uttstore_print_end_message($message);
        } 
action.donate.php:

Find:
PHP Code:
    global $DB_site$bbuserinfo$points$action$vbphrase
Replace with:
PHP Code:
    global $DB_site$bbuserinfo$points$action$vbphrase$_FIELDS
Find:
PHP Code:
    if ($amount <= "0") {
        $message "You may not donate a non-positive amount!";
        uttstore_print_end_message($message);
    } 
Replace with:
PHP Code:
    $nonoarray = array(" ""'""\""",""+""-""=""a""b""c""d""e""f""g""h""i""j""k""l""m""n""o""p""q""r""s""t""u""v""w""x""y""z");
    $_FIELDS['points'] = str_replace($nonoarray""$_FIELDS['points']);
    if ($_FIELDS['points'] <= "0") {
        $message "You may not donate a non-positive amount!";
        uttstore_print_end_message($message);
    } 
action.thief.php:

Find:
PHP Code:
    $totalcost calculate_taxed_price($_FIELDS['points'], $action['tax']);
    $totalcost uttpoints_number_format($totalcost); 
Add above:
PHP Code:
    $nonoarray = array(" ""'""\""",""+""-""=""a""b""c""d""e""f""g""h""i""j""k""l""m""n""o""p""q""r""s""t""u""v""w""x""y""z");
    $_FIELDS['points'] = str_replace($nonoarray""$_FIELDS['points']); 

Link14716 08-18-2004 11:46 PM
Quote:
Originally Posted by saint_seiya
um, glowing username doesn't work, is there any reason why?
Yes it does. Follow the directions.

Dorign 08-19-2004 07:35 AM
Whatever the new "update" did, it's stopped me from taking points away from members who are being buttheads. :P I used to donate them a negative amount of points, that doesn't work now. Could an "Admin Remove" function be made, as opposed to "Admin Donate"? Thanks!

Zachery 08-19-2004 07:40 AM
Quote:
Originally Posted by Dorign
Whatever the new "update" did, it's stopped me from taking points away from members who are being buttheads. :P I used to donate them a negative amount of points, that doesn't work now. Could an "Admin Remove" function be made, as opposed to "Admin Donate"? Thanks!
You can edit their points directly from the ACP. Ill poke matt about getting a radio button to select wich type it is (+/-) for admin donate :)


All times are GMT. The time now is 04:00 AM.
Page 168 of 232 « First 68118158166167 168 169170178218 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03754 seconds
  • Memory Usage 1,821KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (18)bbcode_php_printable
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (5)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete