Thread: Major Additions - vbBux / vbPlaza v1.5.8 (Points + Store System)
View Single Post
  #1447  
Old 02-14-2006, 10:00 AM
Geser Geser is offline
 
Join Date: May 2005
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by caimakale
It looks like a bug, and in checking it out, I found another bug.

So concerning your problem, unless you have enough money to purchase the item again, you can't return it. Even if it is going to give you a refund.

So when I was testing it. I returned the glowing username and it put the points back into my account. I then hit the back button in my browser and it took me right back to the previous page where I had the option to remove it or change the color. I entered in a color and selected change and it changed it just fine without charging me any money. So not only did I get a refund for the item, but I still ended up with my glowing username. This could be exploited and somebody could earn a ton of points doing it.

***EDIT***
So I just checked something else. It turns out you don't even have to hit the back button. Once it's been purchased you always own it if the "Change Always Items" is active. One of two things needs to happen. Refunds need to be turned off when "Change Always Items" is active on an item, or when an item is removed and a refund issued, the itemid# for the "Change Always Items" needs to be deleted from the database. I know for the time being, I am turning off refunds so people can't rob the bank.
Ok, thanks for your work. Now i know it's bug and not problem of my installation.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01162 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete