Only me or.. does somebody see something strange with his post?
please relese!!!:wub:@up
Yes
BUT there is one problem, it's not SQL-injection safe. I fixed it, but I changed the whole script, so I don't want to release it now. Maybe I'll make a guide later on how to do it..
If you know any php, you should use mysql_real_escape_string()
You're not supposed to remove .htdocs really, that'd cause anyone to be able to inject you. But the IP's in there allow only PayPal to access this script, and the other IP's...
what about nslookup the ip to see from who it is? or post it here and I do a lookup.
I know that you shouldn't delete it but I mean, look at his smiley.. somethings weird. Two of those IPs are his IPs ofcourse
I have already done nslookup at paypal and it's that 66.~ one.
Also here's a little cleanup of his code:
PHP:
<?php
$mysql_host = 'localhost'; //Leave at localhost
$mysql_user = 'root'; //DB User
$mysql_pass = ''; //DB Pass
$mysql_db = ''; //DB Name
$add_points = 12;
$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
$receiver_email = $_REQUEST['receiver_email'];
$payment_status = $_REQUEST['payment_status'];
// connect db
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysql_db, $db);
if ($payment_status == "Completed" && $receiver_email == "[email protected]")
mysql_query("UPDATE accounts SET premium_points += $add_points WHERE accounts.name = '$custom'");
else
echo("Error.");
?>
Last edited:
Zoriath
New Member
- Joined
- Mar 26, 2008
- Messages
- 1,496
- Reaction score
- 4
Colandus.. Colandus.. Colandus..
I'd rather try:
(I added the <?PHP and the '{}' thingy's)
I'd rather try:
PHP:
<?PHP
$mysql_host = 'localhost'; //Leave at localhost
$mysql_user = 'root'; //DB User
$mysql_pass = ''; //DB Pass
$mysql_db = ''; //DB Name
$add_points = 12;
$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
$receiver_email = $_REQUEST['receiver_email'];
$payment_status = $_REQUEST['payment_status'];
// connect db
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysql_db, $db);
if ($payment_status == "Completed" && $receiver_email == "[email protected]")
{
mysql_query("UPDATE accounts SET premium_points += $add_points WHERE accounts.name = '$custom'");
}
else
{
echo("Error.");
}
?>(I added the <?PHP and the '{}' thingy's
)
- Joined
- Aug 19, 2007
- Messages
- 4,941
- Solutions
- 11
- Reaction score
- 352
It looks nice
xD
No, this looks nice pls
PHP:
if ($payment_status == "Completed" && $receiver_email == "[email protected]"):
mysql_query("UPDATE accounts SET premium_points += $add_points WHERE accounts.name = '$custom'");
else:
echo("Error.");
endif;
- Joined
- Dec 30, 2007
- Messages
- 529
- Solutions
- 5
- Reaction score
- 191
Code:
cach@vcielka:~$ whois 216.113.160.0/19
OrgName: eBay, Inc
OrgID: EBAY
Address: 2145 Hamilton Ave
City: San Jose
StateProv: CA
PostalCode: 95008
Country: US
NetRange: 216.113.160.0 - 216.113.191.255
CIDR: 216.113.160.0/19
NetName: EBAY-QA-IT-1
NetHandle: NET-216-113-160-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Assignment
NameServer: SJC-DNS1.EBAYDNS.COM
NameServer: SMF-DNS1.EBAYDNS.COM
NameServer: SJC-DNS2.EBAYDNS.COM
Comment:
RegDate: 2003-05-09
Updated: 2003-10-17
OrgTechHandle: EBAYN-ARIN
OrgTechName: eBay Network
OrgTechPhone: +1-408-376-7400
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2009-03-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.eBay is owner of paypal....
zoubiey
New Member
thx looking for this ;D
looking for this ;DAnd how about this one? 84.47.125.0/19
