Permalink
Browse files

Security update

  • Loading branch information...
whotooktwarden committed Sep 11, 2015
1 parent 9aec887 commit 89201ce038ed9e92fe497d288f9120e7b23b7641
Showing with 191 additions and 18 deletions.
  1. +19 −2 deposit.php
  2. +39 −3 withdraw.php
  3. +28 −7 xd.php
  4. +38 −1 xw.php
  5. +28 −3 yd.php
  6. +39 −2 yw.php
@@ -57,17 +57,34 @@ function died($error) {
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';
$ripple_exp = '/^r[rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz]{27,35}$/';
//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
$string_exp = "/^[A-Za-z .'-]+$/";
//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}
if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}
if(is_numeric($XXXamount) == false) {
@@ -56,16 +56,52 @@ function died($error) {
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
//Clean the name fields of any symbols, whitespace, or digits or error out
$name_exp = '/\W{1,}/';
if(preg_match($name_exp,$first_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}
if(preg_match($name_exp,$last_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';
//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}
if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(is_numeric($XXXamount) == false) {
$error_message .= 'The amount you entered does not appear to be valid.<br />';
35 xd.php
@@ -51,11 +51,7 @@ function died($error) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$email_from = $_POST['email']; // required
$XXXamount = $_POST['XXXamount'];
@@ -64,7 +60,33 @@ function died($error) {
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';
//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}
if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}
$ripple_exp = '/^r[rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz]{27,35}$/';
@@ -74,7 +96,6 @@ function died($error) {
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(is_numeric($XXXamount) == false) {
39 xw.php
@@ -54,8 +54,45 @@ function died($error) {
$FName = $_POST['FName']; // required
$error_message = "";
//Clean the name fields of any symbols, whitespace, or digits or error out
$name_exp = '/\W{1,}/';
if(preg_match($name_exp,$first_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}
if(preg_match($name_exp,$last_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';
//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}
if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}
if(!preg_match($email_exp,$email_from)) {
31 yd.php
@@ -64,7 +64,34 @@ function died($error) {
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';
//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}
if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}
$ripple_exp = '/^r[rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz]{27,35}$/';
@@ -74,8 +101,6 @@ function died($error) {
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(is_numeric($XXXamount) == false) {
$error_message .= 'The amount you entered does not appear to be valid.<br />';
41 yw.php
@@ -55,15 +55,52 @@ function died($error) {
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
//Clean the name fields of any symbols, whitespace, or digits or error out
$name_exp = '/\W{1,}/';
if(preg_match($name_exp,$first_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}
if(preg_match($name_exp,$last_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';
//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}
if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
$string_exp = "/^[A-Za-z .'-]+$/";
if(is_numeric($XXXamount) == false) {

0 comments on commit 89201ce

Please sign in to comment.