• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!
  • 2026 staff recruitment is open! Check it out and consider applying!

Script pagseguro

Lais Prad

Lais Prad

Disgusting Scammer
Joined
Apr 12, 2017
Messages
153
Solutions
6
Reaction score
15
Someone can edit this for double points (2x) if value < 40 and >= 40 triple points (3x) ?

gesior acc

PHP: 
<?php

### DONT TOUCH IN THIS CODE ###
### WORKING FINE 19/08/2006 ###
###       IVENSPONTES       ###
### github.com/ivenspontes/ ###

header("access-control-allow-origin: https://pagseguro.uol.com.br");
require_once 'custom_scripts/PagSeguroLibrary/PagSeguroLibrary.php';
require 'config/config.php';

$method = $_SERVER['REQUEST_METHOD'];

if('POST' == $method){

    $type = $_POST['notificationType'];

    $notificationCode = $_POST['notificationCode'];

    if ($type === 'transaction'){

        try {
            $credentials = PagSeguroConfig::getAccountCredentials();
            $transaction = PagSeguroNotificationService::checkTransaction($credentials, $notificationCode);

            $arrayPDO['transaction_code'] = $transaction->getCode();
            $arrayPDO['name'] = $transaction->getReference();
            $arrayPDO['payment_method'] = $transaction->getPaymentMethod()->getType()->getTypeFromValue();
            $arrayPDO['status'] = $transaction->getStatus()->getTypeFromValue();
            $item = $transaction->getItems();
            $arrayPDO['item_count'] = $item[0]->getQuantity();
            $date_now = date('Y-m-d H:i:s');
            $arrayPDO['data'] = $date_now;

            try {
                $conn = new PDO('mysql:host='.$config['pagSeguro']['host'].';dbname='.$config['pagSeguro']['database'].'', $config['pagSeguro']['databaseUser'], $config['pagSeguro']['databasePass']);
                $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                $stmt = $conn->prepare('INSERT into pagseguro_transactions SET transaction_code = :transaction_code, name = :name, payment_method = :payment_method, status = :status, item_count = :item_count, data = :data');
                $stmt->execute($arrayPDO);

                if ($arrayPDO['status'] == 'PAID') {
                    if ($config['pagSeguro']['doublePoints']) {
                        $arrayPDO['item_count'] = $arrayPDO['item_count']*2;
                    }
                    $stmt = $conn->prepare('UPDATE accounts SET premium_points = premium_points + :item_count WHERE name = :name');
                    $stmt->execute(array('item_count' => $arrayPDO['item_count'], 'name' => $arrayPDO['name']));

                    $stmt = $conn->prepare("UPDATE pagseguro_transactions SET status = 'DELIVERED' WHERE transaction_code = :transaction_code AND status = 'PAID'");
                    $stmt->execute(array('transaction_code' => $arrayPDO['transaction_code']));
                }

            } catch(PDOException $e) {
                echo 'ERROR: ' . $e->getMessage();
            }

        } catch(PagSeguroServiceException $e) {
            die($e->getMessage());
        }


    }
}
 
Solution
Lais Prad
WibbenZ said:
That code is from 2006??
Gesior2012/contenidopago_report.php at TFS-1.0 · gesior/Gesior2012 · GitHub

This should work;
PHP: 
<?php
if(!defined('INITIALIZED'))
    exit;
require_once('custom_scripts/contenidopago/config.php');
if(!$contenidopago_active)
    die('Automatic points disabled!');
  
if(isset($_POST['formcodigo']))
{
    $code = $_POST['code'];
/*
PART OF contenidopago.com DISABLED, BECAUSE OF TOO MANY HACKS REPORTS. IT SHOULD STILL WORK FINE WITHOUT THAT PART!
    if($logged)
    {
        $QueryString= "LinkUrl=" . urlencode($report_url) . "&codigo=" . urlencode($code) . "&idservicio=" . $idOfService;
        $result = '';
        if(intval(get_cfg_var('allow_url_fopen')) && function_exists('file_get_contents'))...
Click to expand...
Sort by date Sort by votes
That code is from 2006??
Gesior2012/contenidopago_report.php at TFS-1.0 · gesior/Gesior2012 · GitHub

This should work;
PHP: 
<?php
if(!defined('INITIALIZED'))
    exit;
require_once('custom_scripts/contenidopago/config.php');
if(!$contenidopago_active)
    die('Automatic points disabled!');
   
if(isset($_POST['formcodigo']))
{
    $code = $_POST['code'];
/*
PART OF contenidopago.com DISABLED, BECAUSE OF TOO MANY HACKS REPORTS. IT SHOULD STILL WORK FINE WITHOUT THAT PART!
    if($logged)
    {
        $QueryString= "LinkUrl=" . urlencode($report_url) . "&codigo=" . urlencode($code) . "&idservicio=" . $idOfService;
        $result = '';
        if(intval(get_cfg_var('allow_url_fopen')) && function_exists('file_get_contents'))
        {
            $result=@file_get_contents("http://contenidopago.com/codigoval.php?".$QueryString); 
        }
        elseif(intval(get_cfg_var('allow_url_fopen')) && function_exists('file'))
        {
            if($content = @file("http://contenidopago.com/codigoval.php?".$QueryString))
                $result=@join('', $content);
        }
        else
        {
            $main_content .= "It appears that your web host has disabled all functions for handling remote pages and as a result the BackLinks software will not function on your web page. Please contact your web host for more information.";
        }
        if($result=='ok')
        {
            $account_logged->setPremiumPoints($account_logged->getPremiumPoints() + $points);
            $account_logged->save();
            $main_content .= 'You received ' . $points . ' premium points.';
        }
        elseif($result=='no')
        {
            $main_content .= 'This code is already used.';
        }
        else
        {
            $main_content .= 'Wrong code.';
        }
    }
    else
    {
        $main_content .= '<h3>You have to login to buy points!<br /><a href="?subtopic=accountmanagement" />LOGIN HERE</a></h3>';
    }
*/
}
else
{
    // now automatic codes part
    $name = $_GET['name'];
    $points = $_GET['puntos'];
    $hf = fopen('http://www.contenidopago.com/validate.php',r);
    $line = fgets($hf);
    $listOfIPs = explode('|',$line);
    $ip = $_SERVER['REMOTE_ADDR'];
    if(!in_array($ip, $listOfIPs))
        die("You are not able to use this system!");
    if($_GET['check'] == 1)
    {
        if(!empty($name))
        {
            $account = new Account($name, Account::LOADTYPE_NAME);
            if(!$account->isLoaded())
            {
                die("Account with name " . htmlspecialchars($name) . " does not exist.");
            }
            else 
            {
                die('ok');   
            }
        }
        else
            die("You did not set the user!");
    }
    if($_GET['paypal'] == 1)
    {
        if(!(empty($name)))
        {
            $account = new Account($name, Account::LOADTYPE_NAME);
            if(!$account->isLoaded())
            {
                die('This username does not exist: ' . htmlspecialchars($name));
            }
            else 
            {
                if ($points >= 40) {
                    $points = $points * 2;
                }
                $account->setPremiumPoints($account->getPremiumPoints() + $points);
                $account->save();
            }
        }
        else
            die('You did not set the user!');
        die ('ok');
    }
    if(!(empty($name)))
    {
        $account = new Account($name, Account::LOADTYPE_NAME);
        if(!$account->isLoaded())
        {
            die('This username does not exist: ' . htmlspecialchars($name));
        }
        else 
        {
            if ($points >= 40) {
                $points = $points * 2;
            }
            $account->setPremiumPoints($account->getPremiumPoints() + $points);
            $account->save();
        }
    }
    else
        die('You did not set the user!');
    die ('ok');
}

PHP: 
            if ($points >= 40) {
                $points = $points * 2;
            }
            $account->setPremiumPoints($account->getPremiumPoints() + $points);
            $account->save();
 
Upvote 0 Downvote
WibbenZ said:
That code is from 2006??
Gesior2012/contenidopago_report.php at TFS-1.0 · gesior/Gesior2012 · GitHub

This should work;
PHP: 
<?php
if(!defined('INITIALIZED'))
    exit;
require_once('custom_scripts/contenidopago/config.php');
if(!$contenidopago_active)
    die('Automatic points disabled!');
  
if(isset($_POST['formcodigo']))
{
    $code = $_POST['code'];
/*
PART OF contenidopago.com DISABLED, BECAUSE OF TOO MANY HACKS REPORTS. IT SHOULD STILL WORK FINE WITHOUT THAT PART!
    if($logged)
    {
        $QueryString= "LinkUrl=" . urlencode($report_url) . "&codigo=" . urlencode($code) . "&idservicio=" . $idOfService;
        $result = '';
        if(intval(get_cfg_var('allow_url_fopen')) && function_exists('file_get_contents'))
        {
            $result=@file_get_contents("http://contenidopago.com/codigoval.php?".$QueryString);
        }
        elseif(intval(get_cfg_var('allow_url_fopen')) && function_exists('file'))
        {
            if($content = @file("http://contenidopago.com/codigoval.php?".$QueryString))
                $result=@join('', $content);
        }
        else
        {
            $main_content .= "It appears that your web host has disabled all functions for handling remote pages and as a result the BackLinks software will not function on your web page. Please contact your web host for more information.";
        }
        if($result=='ok')
        {
            $account_logged->setPremiumPoints($account_logged->getPremiumPoints() + $points);
            $account_logged->save();
            $main_content .= 'You received ' . $points . ' premium points.';
        }
        elseif($result=='no')
        {
            $main_content .= 'This code is already used.';
        }
        else
        {
            $main_content .= 'Wrong code.';
        }
    }
    else
    {
        $main_content .= '<h3>You have to login to buy points!<br /><a href="?subtopic=accountmanagement" />LOGIN HERE</a></h3>';
    }
*/
}
else
{
    // now automatic codes part
    $name = $_GET['name'];
    $points = $_GET['puntos'];
    $hf = fopen('http://www.contenidopago.com/validate.php',r);
    $line = fgets($hf);
    $listOfIPs = explode('|',$line);
    $ip = $_SERVER['REMOTE_ADDR'];
    if(!in_array($ip, $listOfIPs))
        die("You are not able to use this system!");
    if($_GET['check'] == 1)
    {
        if(!empty($name))
        {
            $account = new Account($name, Account::LOADTYPE_NAME);
            if(!$account->isLoaded())
            {
                die("Account with name " . htmlspecialchars($name) . " does not exist.");
            }
            else
            {
                die('ok');  
            }
        }
        else
            die("You did not set the user!");
    }
    if($_GET['paypal'] == 1)
    {
        if(!(empty($name)))
        {
            $account = new Account($name, Account::LOADTYPE_NAME);
            if(!$account->isLoaded())
            {
                die('This username does not exist: ' . htmlspecialchars($name));
            }
            else
            {
                if ($points >= 40) {
                    $points = $points * 2;
                }
                $account->setPremiumPoints($account->getPremiumPoints() + $points);
                $account->save();
            }
        }
        else
            die('You did not set the user!');
        die ('ok');
    }
    if(!(empty($name)))
    {
        $account = new Account($name, Account::LOADTYPE_NAME);
        if(!$account->isLoaded())
        {
            die('This username does not exist: ' . htmlspecialchars($name));
        }
        else
        {
            if ($points >= 40) {
                $points = $points * 2;
            }
            $account->setPremiumPoints($account->getPremiumPoints() + $points);
            $account->save();
        }
    }
    else
        die('You did not set the user!');
    die ('ok');
}

PHP: 
            if ($points >= 40) {
                $points = $points * 2;
            }
            $account->setPremiumPoints($account->getPremiumPoints() + $points);
            $account->save();
Click to expand...

thanks, but I dont understand, this script is 95% diff than mine.
 
Upvote 0 Downvote
Solution
Try
PHP: 
if ($arrayPDO['status'] == 'PAID') {
    if ($arrayPDO['item_count'] >= 40) {
     $arrayPDO['item_count'] = $arrayPDO['item_count']*3;
   else
    ($config['pagSeguro']['doublePoints']) {
     $arrayPDO['item_count'] = $arrayPDO['item_count']*2;
       }
 
Last edited:
Upvote 0 Downvote
Lais Prad said:
thanks, but I dont understand, this script is 95% diff than mine.
Click to expand...

Yes thats the script Gesior made for Gesior 2012
There has been alot of security issues with pagseguro thats why the Gesior script was rewritten and I bet your script from 2006 still has that bug.
 
Upvote 0 Downvote
WibbenZ said:
Yes thats the script Gesior made for Gesior 2012
There has been alot of security issues with pagseguro thats why the Gesior script was rewritten and I bet your script from 2006 still has that bug.
Click to expand...

what bug... ?

_M4G0_ said:
Try
PHP: 
if ($arrayPDO['status'] == 'PAID') {
    if ($arrayPDO['item_count'] >= 40) {
     $arrayPDO['item_count'] = $arrayPDO['item_count']*3;
   else
    ($config['pagSeguro']['doublePoints']) {
     $arrayPDO['item_count'] = $arrayPDO['item_count']*2;
       }
Click to expand...

I'll try thanks, I'll feedback soon

Edit: I think left some symbols }

The script above dont work, tested here

@_M4G0_
 
Last edited by a moderator:
Upvote 0 Downvote
Lais Prad said:
My scripts work, I just need edit for work if value < 40 then x2 and > then x3...
I dont see the bug for security there, can you tell us what bug is? thanks
Click to expand...

I have no ide, but it's been known that users should avoid using those systems becuase of either injections or free points can't remember.
And using a code from 2006 will IMO not really help, use the latest insted.

If you wanna use your script just look at what I posted with the if statment and also note the way the points are sent, don't use a query.
 
Upvote 0 Downvote
Back
Top