heh, first version of my script.
Enjoy it and don't remove .htaccess. ^^
please relese!!!:wub:@up
Yes
BUT there is one problem, it's not SQL-injection safe. I fixed it, but I changed the whole script, so I don't want to release it now. Maybe I'll make a guide later on how to do it..
If you know any php, you should use mysql_real_escape_string()
Only me or.. does somebody see something strange with his post?
You're not supposed to remove .htdocs really, that'd cause anyone to be able to inject you. But the IP's in there allow only PayPal to access this script, and the other IP's...
You're not supposed to remove .htdocs really, that'd cause anyone to be able to inject you. But the IP's in there allow only PayPal to access this script, and the other IP's...
what about nslookup the ip to see from who it is? or post it here and I do a lookup.
<?php
$mysql_host = 'localhost'; //Leave at localhost
$mysql_user = 'root'; //DB User
$mysql_pass = ''; //DB Pass
$mysql_db = ''; //DB Name
$add_points = 12;
$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
$receiver_email = $_REQUEST['receiver_email'];
$payment_status = $_REQUEST['payment_status'];
// connect db
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysql_db, $db);
if ($payment_status == "Completed" && $receiver_email == "[email protected]")
mysql_query("UPDATE accounts SET premium_points += $add_points WHERE accounts.name = '$custom'");
else
echo("Error.");
?>
<?PHP
$mysql_host = 'localhost'; //Leave at localhost
$mysql_user = 'root'; //DB User
$mysql_pass = ''; //DB Pass
$mysql_db = ''; //DB Name
$add_points = 12;
$custom = stripslashes(ucwords(strtolower(trim($_REQUEST['custom']))));
$receiver_email = $_REQUEST['receiver_email'];
$payment_status = $_REQUEST['payment_status'];
// connect db
$db = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysql_db, $db);
if ($payment_status == "Completed" && $receiver_email == "[email protected]")
{
mysql_query("UPDATE accounts SET premium_points += $add_points WHERE accounts.name = '$custom'");
}
else
{
echo("Error.");
}
?>
It looks nice
xD
if ($payment_status == "Completed" && $receiver_email == "[email protected]"):
mysql_query("UPDATE accounts SET premium_points += $add_points WHERE accounts.name = '$custom'");
else:
echo("Error.");
endif;
Here's better version of my script:
http://vcielka.gunz.eu.org/~cach/tibia/paypal.tar.gz
Enjoy it and it's 99% SAFE!!!
cach@vcielka:~$ whois 216.113.160.0/19
OrgName: eBay, Inc
OrgID: EBAY
Address: 2145 Hamilton Ave
City: San Jose
StateProv: CA
PostalCode: 95008
Country: US
NetRange: 216.113.160.0 - 216.113.191.255
CIDR: 216.113.160.0/19
NetName: EBAY-QA-IT-1
NetHandle: NET-216-113-160-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Assignment
NameServer: SJC-DNS1.EBAYDNS.COM
NameServer: SMF-DNS1.EBAYDNS.COM
NameServer: SJC-DNS2.EBAYDNS.COM
Comment:
RegDate: 2003-05-09
Updated: 2003-10-17
OrgTechHandle: EBAYN-ARIN
OrgTechName: eBay Network
OrgTechPhone: +1-408-376-7400
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2009-03-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
This is the other ip range. ^^Code:cach@vcielka:~$ whois 216.113.160.0/19 OrgName: eBay, Inc OrgID: EBAY Address: 2145 Hamilton Ave City: San Jose StateProv: CA PostalCode: 95008 Country: US NetRange: 216.113.160.0 - 216.113.191.255 CIDR: 216.113.160.0/19 NetName: EBAY-QA-IT-1 NetHandle: NET-216-113-160-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Assignment NameServer: SJC-DNS1.EBAYDNS.COM NameServer: SMF-DNS1.EBAYDNS.COM NameServer: SJC-DNS2.EBAYDNS.COM Comment: RegDate: 2003-05-09 Updated: 2003-10-17 OrgTechHandle: EBAYN-ARIN OrgTechName: eBay Network OrgTechPhone: +1-408-376-7400 OrgTechEmail: [email protected] # ARIN WHOIS database, last updated 2009-03-01 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database.
eBay is owner of paypal....