• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

xCMS with SMS function

Oceanic

Oceanic

Php / C++ / MySQL
Joined
May 7, 2008
Messages
241
Reaction score
1
Location
localhost?
This is just a beta, still working on it
This verson will only work in Sweden
The xCMS-SMS.rar contains the files that is needed
Here you will find a video that shows you how to do
Help.rar

SQL Structure
PHP: 
/*
MySQL Data Transfer
Source Host: localhost
Source Database: tibia
Target Host: localhost
Target Database: tibia
Date: 2008-11-12 21:56:58
*/

SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for xcms_auction
-- ----------------------------
DROP TABLE IF EXISTS `xcms_auction`;
CREATE TABLE `xcms_auction` (
  `id` int(11) NOT NULL auto_increment,
  `type` int(11) NOT NULL,
  `name` char(255) NOT NULL,
  `price` char(255) NOT NULL,
  `duration` int(11) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

-- ----------------------------
-- Table structure for xcms_cash
-- ----------------------------
DROP TABLE IF EXISTS `xcms_cash`;
CREATE TABLE `xcms_cash` (
  `account_id` int(11) default NULL,
  `cash` int(11) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

-- ----------------------------
-- Table structure for xcms_number
-- ----------------------------
DROP TABLE IF EXISTS `xcms_number`;
CREATE TABLE `xcms_number` (
  `phone_number` decimal(11,0) NOT NULL,
  `account_id` int(10) NOT NULL,
  PRIMARY KEY  (`phone_number`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

-- ----------------------------
-- Records 
-- ----------------------------
 

Attachments

Last edited:
Good job with the obvious SQL injection vulnerabilities in sms.php...
 
Talaturen said:
Good job with the obvious SQL injection vulnerabilities in sms.php...
Click to expand...

Are you sure about that?
Because the only one to access sms.php is the sms company, and i dont think they send injections?

Edit:
PHP: 
if($_SERVER['REMOTE_ADDR'] != '93.158.65.162') {
    die("Fel!");
}
Do so only the SMS server can access the page :thumbup:
 
You shouldn't trust them so much and it wouldn't hurt to escape the input, really useful when you do a mistake like this (you forgot to uncomment the code).
Code: 
/*
// Kontrollera att det är MO-SMS som anropar (OBS: kommentera bort vid testkörning!)
if($_SERVER['REMOTE_ADDR'] != '93.158.65.162') {
    die("Fel!");
}
*/
 
Talaturen said:
You shouldn't trust them so much and it wouldn't hurt to escape the input, really useful when you do a mistake like this (you forgot to uncomment the code).
Code: 
/*
// Kontrollera att det är MO-SMS som anropar (OBS: kommentera bort vid testkörning!)
if($_SERVER['REMOTE_ADDR'] != '93.158.65.162') {
    die("Fel!");
}
*/
Click to expand...

Saw that a sec ago, so i updated and removed.
My fault when i was test running
 

Similar threads

A
  • Question
House dont saved when purchased
Replies
0
Views
177
Azerty
A
A
  • Question
Bounty Hunter System mysql error
Replies
1
Views
284
Dakos
D
johnsamir
  • Question
how to solve these errors that has appeared in my database
Replies
2
Views
596
johnsamir
johnsamir
Back
Top