Skip to content
Permalink
Browse files

bugfixes

  • Loading branch information...
NB-Core committed Apr 17, 2014
1 parent 1352e75 commit 60fcd95db5c58ad5aaf4ae7c7870dbb04fbb3233
Showing with 14 additions and 13 deletions.
  1. +5 −5 create.php
  2. +1 −0 creatures.php
  3. +2 −2 list.php
  4. +1 −1 logdnet.php
  5. +5 −5 payment.php
@@ -31,7 +31,7 @@
if ($op=="forgotval"){
$id = httpget('id');
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress,emailvalidation FROM ". db_prefix("accounts") . " WHERE forgottenpassword='$id' AND forgottenpassword!=''";
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress,emailvalidation FROM ". db_prefix("accounts") . " WHERE forgottenpassword='".mysql_real_escape_string($id)."' AND forgottenpassword!=''";
$result = db_query($sql);
if (db_num_rows($result)>0) {
$row = db_fetch_assoc($result);
@@ -67,7 +67,7 @@
}
} elseif ($op=="val"){
$id = httpget('id');
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress FROM ". db_prefix("accounts") . " WHERE emailvalidation='$id' AND emailvalidation!=''";
$sql = "SELECT acctid,login,superuser,password,name,replaceemail,emailaddress FROM ". db_prefix("accounts") . " WHERE emailvalidation='".mysql_real_escape_string($id)."' AND emailvalidation!=''";
$result = db_query($sql);
if (db_num_rows($result)>0) {
$row = db_fetch_assoc($result);
@@ -131,7 +131,7 @@
if ($op=="forgot"){
$charname = httppost('charname');
if ($charname!=""){
$sql = "SELECT acctid,login,emailaddress,forgottenpassword,password FROM " . db_prefix("accounts") . " WHERE login='$charname'";
$sql = "SELECT acctid,login,emailaddress,forgottenpassword,password FROM " . db_prefix("accounts") . " WHERE login='".mysql_real_escape_string($charname)."'";
$result = db_query($sql);
if (db_num_rows($result)>0){
$row = db_fetch_assoc($result);
@@ -197,7 +197,7 @@
$pass1= httppost('pass1');
$pass2= httppost('pass2');
if (getsetting("blockdupeemail",0)==1 && getsetting("requireemail",0)==1){
$sql = "SELECT login FROM " . db_prefix("accounts") . " WHERE emailaddress='$email'";
$sql = "SELECT login FROM " . db_prefix("accounts") . " WHERE emailaddress='".mysql_real_escape_string($email)."'";
$result = db_query($sql);
if (db_num_rows($result)>0){
$blockaccount=true;
@@ -264,7 +264,7 @@
}
$refer = httpget('r');
if ($refer>""){
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='$refer'";
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='".mysql_real_escape_string($refer)."'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
@@ -126,6 +126,7 @@
db_query($sql);
if (db_affected_rows()>0){
output("Creature deleted`n`n");
module_delete_objprefs('creatures',$id);
}else{
output("Creature not deleted: %s", db_error(LINK));
}
@@ -43,7 +43,7 @@
if ($op=="search"){
$search="%";
$n = httppost('name');
$n = mysql_real_escape_string(httppost('name'));
for ($x=0;$x<strlen($n);$x++){
$search .= substr($n,$x,1)."%";
}
@@ -168,4 +168,4 @@
rawoutput("</table>");
output_notl("`c");
page_footer();
?>
?>
@@ -84,7 +84,7 @@ function lotgdsort($a, $b)
$admin = "unknown";
// See if we know this server.
$sql = "SELECT lastupdate,serverid,lastping,recentips FROM " . db_prefix("logdnet") . " WHERE address='$addy'";
$sql = "SELECT lastupdate,serverid,lastping,recentips FROM " . db_prefix("logdnet") . " WHERE address='".mysql_real_escape_string($addy)."'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
@@ -27,14 +27,14 @@
// Set up the acknowledgement request headers
$header = "POST /cgi-bin/webscr HTTP/1.1\r\n"; // HTTP POST request
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n";
$header .="Host: www.paypal.com\r\n";
$header .="Connection: close\r\n\r\n";
// Open a socket for the acknowledgement request
//$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
//$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
//$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
// assign posted variables to local variables
@@ -58,7 +58,7 @@
$res = fgets ($fp, 1024);
$response .= $res;
if (strcmp ($res, "VERIFIED") == 0) {
if (strcmp (trim($res), "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
@@ -89,7 +89,7 @@
payment_error(E_ERROR,"Payment Status isn't 'Completed' it's '$payment_status'",__FILE__,__LINE__);
}
}
else if (strcmp ($res, "INVALID") == 0) {
else if (strcmp (trim($res), "INVALID") == 0) {
// log for manual investigation
payment_error(E_ERROR,"Payment Status is 'INVALID'!\n\nPOST data:`n".serialize($_POST),__FILE__,__LINE__);
}

0 comments on commit 60fcd95

Please sign in to comment.
You can’t perform that action at this time.