vb.org Archive
Page 178 of 232 « First 78128168176177 178 179180188228 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   uCash & uShop (https://vborg.vbsupport.ru/forumdisplay.php?f=100)
-   -   uCash & uShop old support and thank you thread (https://vborg.vbsupport.ru/showthread.php?t=73736)

rinkrat 09-02-2004 06:29 AM
It's in the AdminCP. It is the percentage they get per night.

apokphp 09-02-2004 04:28 PM
That was the first place I looked...I can't find this option anywhere. Is it the "Action Manager"? If so, then it isn't so obvious as the field would be "Tax" not "Interest", so I don't think that is the correct area...

It's definitely not the UTT Point System Settings or the UTT Store Settings.

RJ2 09-02-2004 08:35 PM
There is a major exploit in this hack that will let users donate virtually unlimited amounts of points to themselves or other users and only be charged a minimum amount. It's a simple technique for those who know how to do it, so it's important to fix this or your currency system will be pretty much useless! It does show up in the action transaction logs, so check them for funny entries in the point column.

FIX-

In uttstore/action.donate.php, look for both instances of this line:
$_FIELDS = uttstore_globalize_fields($fields);

ADD THIS LINE AFTER:
$_FIELDS['points'] = uttpoints_number_format($_FIELDS['points']);

It's also a good idea to turn off reputation for donating points since a user can donate all their points to themselves over and over and get unlimited reputation.

Zachery 09-03-2004 12:26 AM
Quote:
Originally Posted by RJ2
There is a major exploit in this hack that will let users donate virtually unlimited amounts of points to themselves or other users and only be charged a minimum amount. It's a simple technique for those who know how to do it, so it's important to fix this or your currency system will be pretty much useless! It does show up in the action transaction logs, so check them for funny entries in the point column.

FIX-

In uttstore/action.donate.php, look for both instances of this line:
$_FIELDS = uttstore_globalize_fields($fields);

ADD THIS LINE AFTER:
$_FIELDS['points'] = uttpoints_number_format($_FIELDS['points']);

It's also a good idea to turn off reputation for donating points since a user can donate all their points to themselves over and over and get unlimited reputation.
Are you 100% positive your running the .95a files?

I am fairlay sure we fixed this problem.

kall 09-03-2004 12:48 AM
Quote:
Originally Posted by Zachery
Are you 100% positive your running the .95a files?

I am fairlay sure we fixed this problem.
Looks like you didn't..

I just downloaded the latest release from geekydesigns and can still donate to myself.

Zachery 09-03-2004 01:00 AM
Quote:
Originally Posted by kall
Looks like you didn't..

I just downloaded the latest release from geekydesigns and can still donate to myself.
via admin donate or regular donate?

kall 09-03-2004 01:02 AM
Quote:
Originally Posted by Zachery
via admin donate or regular donate?
Heh.

Regular donate. :)

*edit*

*checks*

Yup. Regular donate.

RJ2 09-03-2004 04:58 AM
Quote:
Originally Posted by Zachery
Are you 100% positive your running the .95a files?

I am fairlay sure we fixed this problem.
I am 100% certain this is a problem in .95a. I just re-downloaded it and put it on my site to verify.

The problem is NOT that the user can donate to themselves, but rather can put a very simple string into the "How much would you like to donate?" field and give themselves (or anyone) many more points than it should send.

For obvious reasons I won't post how here, but I will PM Zachary with details. The simple fix I mentioned in my previous post patches this major exploit.

venomx 09-03-2004 08:40 AM
Installed! :) This is great! I had one "for each" error when I first opened the bank page. But a refresh on the page and the error is gone...

Zachery 09-03-2004 11:07 AM
Quote:
Originally Posted by RJ2
I am 100% certain this is a problem in .95a. I just re-downloaded it and put it on my site to verify.

The problem is NOT that the user can donate to themselves, but rather can put a very simple string into the "How much would you like to donate?" field and give themselves (or anyone) many more points than it should send.

For obvious reasons I won't post how here, but I will PM Zachary with details. The simple fix I mentioned in my previous post patches this major exploit.
I will get matt to fix this asap.


All times are GMT. The time now is 05:01 PM.
Page 178 of 232 « First 78128168176177 178 179180188228 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03369 seconds
  • Memory Usage 1,747KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (5)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete