Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > uCash & uShop
uCash & uShop old support and thank you thread Details »»
uCash & uShop old support and thank you thread
Version: , by BarHopper BarHopper is offline
Developer Last Online: Aug 2005 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 04-12-2004 Last Update: Never Installs: 0
 
No support by the author.

/me Installs. I'm the first for the most aniticipated hack!!1

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #1772  
Old 09-02-2004, 06:29 AM
rinkrat's Avatar
rinkrat rinkrat is offline
 
Join Date: Jan 2002
Location: Long Beach
Posts: 530
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's in the AdminCP. It is the percentage they get per night.
Reply With Quote
  #1773  
Old 09-02-2004, 04:28 PM
apokphp apokphp is offline
 
Join Date: Nov 2002
Posts: 440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That was the first place I looked...I can't find this option anywhere. Is it the "Action Manager"? If so, then it isn't so obvious as the field would be "Tax" not "Interest", so I don't think that is the correct area...

It's definitely not the UTT Point System Settings or the UTT Store Settings.
Reply With Quote
  #1774  
Old 09-02-2004, 08:35 PM
RJ2 RJ2 is offline
 
Join Date: Aug 2004
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is a major exploit in this hack that will let users donate virtually unlimited amounts of points to themselves or other users and only be charged a minimum amount. It's a simple technique for those who know how to do it, so it's important to fix this or your currency system will be pretty much useless! It does show up in the action transaction logs, so check them for funny entries in the point column.

FIX-

In uttstore/action.donate.php, look for both instances of this line:
$_FIELDS = uttstore_globalize_fields($fields);

ADD THIS LINE AFTER:
$_FIELDS['points'] = uttpoints_number_format($_FIELDS['points']);

It's also a good idea to turn off reputation for donating points since a user can donate all their points to themselves over and over and get unlimited reputation.
Reply With Quote
  #1775  
Old 09-03-2004, 12:26 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by RJ2
There is a major exploit in this hack that will let users donate virtually unlimited amounts of points to themselves or other users and only be charged a minimum amount. It's a simple technique for those who know how to do it, so it's important to fix this or your currency system will be pretty much useless! It does show up in the action transaction logs, so check them for funny entries in the point column.

FIX-

In uttstore/action.donate.php, look for both instances of this line:
$_FIELDS = uttstore_globalize_fields($fields);

ADD THIS LINE AFTER:
$_FIELDS['points'] = uttpoints_number_format($_FIELDS['points']);

It's also a good idea to turn off reputation for donating points since a user can donate all their points to themselves over and over and get unlimited reputation.
Are you 100% positive your running the .95a files?

I am fairlay sure we fixed this problem.
Reply With Quote
  #1776  
Old 09-03-2004, 12:48 AM
kall's Avatar
kall kall is offline
 
Join Date: Apr 2004
Location: New Zealand
Posts: 2,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery
Are you 100% positive your running the .95a files?

I am fairlay sure we fixed this problem.
Looks like you didn't..

I just downloaded the latest release from geekydesigns and can still donate to myself.
Reply With Quote
  #1777  
Old 09-03-2004, 01:00 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kall
Looks like you didn't..

I just downloaded the latest release from geekydesigns and can still donate to myself.
via admin donate or regular donate?
Reply With Quote
  #1778  
Old 09-03-2004, 01:02 AM
kall's Avatar
kall kall is offline
 
Join Date: Apr 2004
Location: New Zealand
Posts: 2,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery
via admin donate or regular donate?
Heh.

Regular donate.

*edit*

*checks*

Yup. Regular donate.
Reply With Quote
  #1779  
Old 09-03-2004, 04:58 AM
RJ2 RJ2 is offline
 
Join Date: Aug 2004
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery
Are you 100% positive your running the .95a files?

I am fairlay sure we fixed this problem.
I am 100% certain this is a problem in .95a. I just re-downloaded it and put it on my site to verify.

The problem is NOT that the user can donate to themselves, but rather can put a very simple string into the "How much would you like to donate?" field and give themselves (or anyone) many more points than it should send.

For obvious reasons I won't post how here, but I will PM Zachary with details. The simple fix I mentioned in my previous post patches this major exploit.
Reply With Quote
  #1780  
Old 09-03-2004, 08:40 AM
venomx's Avatar
venomx venomx is offline
 
Join Date: Apr 2002
Location: Pennsylvania USA
Posts: 441
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Installed! This is great! I had one "for each" error when I first opened the bank page. But a refresh on the page and the error is gone...
Reply With Quote
  #1781  
Old 09-03-2004, 11:07 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by RJ2
I am 100% certain this is a problem in .95a. I just re-downloaded it and put it on my site to verify.

The problem is NOT that the user can donate to themselves, but rather can put a very simple string into the "How much would you like to donate?" field and give themselves (or anyone) many more points than it should send.

For obvious reasons I won't post how here, but I will PM Zachary with details. The simple fix I mentioned in my previous post patches this major exploit.
I will get matt to fix this asap.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:41 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06418 seconds
  • Memory Usage 2,325KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (5)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete