Guest KemazI Posted April 20, 2016 at 04:53 PM Share Posted April 20, 2016 at 04:53 PM Olá ! Alguém sabe como posso proteger o ficheiro itemshop.php para prevenir o login bug no servidor? Por exemplo, o meu servidor tem sido atacado recentemente e quem ataca faz o ataque para a itemshop.php e eu queria saber se tem alguma solução para isto pois faz com que o servidor fique com login bug :/ Ficheiro itemshop: $is = new Itemshop(); if(isset($_GET["cat"]) AND $is->categoryExists($_GET["cat"]) == false) { Core::redirect(Links::getUrl("itemshop"), 0); die(); } $cat = isset($_GET["cat"]) ? $_GET["cat"] : $is->getFirstCategory(); ?> if(isset($_GET["buy"]) AND $is->itemExists($_GET["buy"]) AND User::isLogged()) { //echo ' '; $itemInfo = $is->getItemInfo($_GET["buy"]); if($is->discountEnabled()) { $discount_price = ($itemInfo["price"] / 100) * (100 - $is->getDiscountPercent()); $price = round($discount_price); } else { $price = $itemInfo["price"]; } if($is->isPremium($itemInfo["id"])) { $type = $itemInfo["socket1"]; // 1 = silver_expire ; 2 = gold_expire ; 3 = money_drop_rate_expire $days = $itemInfo["socket0"]; // how long premium ? (in days) if (User::getCoins($_SESSION["username"]) < $price) { echo Core::result(Language::getTranslation("isNotEnoughCoins"), 2); } elseif($type == 1 AND User::getSilverPremium($_SESSION["username"], true) > date('Y-m-d H:i:s')) { echo Core::result(Language::getTranslation("isSilverActive").Core::makeNiceDate(User::getSilverPremium($_SESSION["username"], true)), 2); } elseif($type == 2 AND User::getGoldPremium($_SESSION["username"], true) > date('Y-m-d H:i:s')) { echo Core::result(Language::getTranslation("isGoldActive").Core::makeNiceDate(User::getGoldPremium($_SESSION["username"], true)), 2); } elseif($type == 3 AND User::getYangPremium($_SESSION["username"], true) > date('Y-m-d H:i:s')) { echo Core::result(Language::getTranslation("isYangActive").Core::makeNiceDate(User::getYangPremium($_SESSION["username"], true)), 2); } elseif($type == 123 AND ( User::getYangPremium($_SESSION["username"], true) > date('Y-m-d H:i:s') OR User::getSilverPremium($_SESSION["username"], true) > date('Y-m-d H:i:s') OR User::getGoldPremium($_SESSION["username"], true) > date('Y-m-d H:i:s') )) { echo Core::result(Language::getTranslation("isActive"), 2); } else { if($type == 1) { $is->log($_SESSION["username"], $itemInfo["name"], $type, $days, $price); User::updateSilverPremium($_SESSION["username"], $days); User::removeCoins($_SESSION["username"], $price); echo Core::result(Language::getTranslation("isSilverSuccess"), 1); } elseif($type == 2) { $is->log($_SESSION["username"], $itemInfo["name"], $type, $days, $price); User::updateGoldPremium($_SESSION["username"], $days); User::removeCoins($_SESSION["username"], $price); echo Core::result(Language::getTranslation("isGoldSuccess"), 1); } elseif($type == 3) { $is->log($_SESSION["username"], $itemInfo["name"], $type, $days, $price); User::updateYangPremium($_SESSION["username"], $days); User::removeCoins($_SESSION["username"], $price); echo Core::result(Language::getTranslation("isYangSuccess"), 1); } elseif($type == 123) { $is->log($_SESSION["username"], $itemInfo["name"], $type, $days, $price); User::updateSilverPremium($_SESSION["username"], $days); User::updateGoldPremium($_SESSION["username"], $days); User::updateYangPremium($_SESSION["username"], $days); User::removeCoins($_SESSION["username"], $price); echo Core::result(Language::getTranslation("isPremiumSuccess"), 1); } } } else { if (User::getCoins($_SESSION["username"]) < $price) { echo Core::result(Language::getTranslation("isNotEnoughCoins"), 2); } elseif (User::hasEmptyItemShopMall($_SESSION["username"]) == false) { echo Core::result(Language::getTranslation("isNotEmptyItemshopMall"), 2); } else { if ($itemInfo["can_change_amount"] == 1 AND $itemInfo["max_amount"] > 0) { if (isset($_POST["buy"])) { $quantity = $_POST["quantity"]; if (!ctype_digit($quantity)) { $result = Core::result(Language::getTranslation("isNotValidQuantity"), 2); } elseif (!$is->validQuantity($_GET["buy"], $quantity)) { $result = Core::result(Language::getTranslation("isNotValidRange") . $itemInfo["max_amount"], 2); } elseif (User::getCoins($_SESSION["username"]) < $price * $quantity) { $result = Core::result(Language::getTranslation("isNotEnoughCoins"), 2); } else { if ($itemInfo['addon_type'] == 0) { $attrtype0 = 0; $attrtype1 = 0; $attrvalue0 = 0; $attrvalue1 = 0; } else { $attrtype0 = 72; $attrtype1 = 71; $skoda = mt_rand(8, 30); $poskozeni = mt_rand(-18, -1); $attrvalue0 = $skoda; $attrvalue1 = $poskozeni; } if ($itemInfo["time_limit"] > 0) { $socket0 = strtotime("+ " . $itemInfo['time_limit'] . " seconds"); } else { $socket0 = $itemInfo["socket0"]; } $socket1 = $itemInfo["socket1"]; $socket2 = $itemInfo["socket2"]; User::removeCoins($_SESSION["username"], $price * $quantity); $is->generateItem($_SESSION["username"], $quantity, $itemInfo["item_id"], $attrtype0, $attrvalue0, $attrtype1, $attrvalue1, $socket0, $socket1, $socket2); if (Core::itemshopLogEnabled()) { $is->log($_SESSION["username"], $itemInfo["name"], $itemInfo["item_id"], $quantity, $price * $quantity); } $result = Core::result(Language::getTranslation("isBuySuccess"), 1); Core::redirect(Links::getUrl("itemshop"), 2); } } if (isset($result)) { echo $result; } ?> "> class="btn btn-primary login-btn"> } else { if ($itemInfo['addon_type'] == 0) { $attrtype0 = 0; $attrtype1 = 0; $attrvalue0 = 0; $attrvalue1 = 0; } else { $attrtype0 = 72; $attrtype1 = 71; $skoda = mt_rand(8, 30); $poskozeni = mt_rand(-18, -1); $attrvalue0 = $skoda; $attrvalue1 = $poskozeni; } if ($itemInfo["time_limit"] > 0) { $socket0 = strtotime("+ " . $itemInfo['time_limit'] . " seconds"); } else { $socket0 = $itemInfo["socket0"]; } $socket1 = $itemInfo["socket1"]; $socket2 = $itemInfo["socket2"]; User::removeCoins($_SESSION["username"], $price); $is->generateItem($_SESSION["username"], $itemInfo["count"], $itemInfo["item_id"], $attrtype0, $attrvalue0, $attrtype1, $attrvalue1, $socket0, $socket1, $socket2); if (Core::itemshopLogEnabled()) { $is->log($_SESSION["username"], $itemInfo["name"], $itemInfo["item_id"], $itemInfo["count"], $price); } echo Core::result(Language::getTranslation("isBuySuccess"), 1); Core::redirect(Links::getUrl("itemshop"), 2); } } } } ?> if($is->numberOfCategories() > 0) { foreach ($is->categories() as $row) { if(isset($cat) AND $cat == $row["id"]) { echo ' class="btn btn-primary btn-lg" style="margin-bottom:5px;">' . $row["name"] . ''; } else { echo ' class="btn btn-inverse btn-lg" style="margin-bottom:5px;">' . $row["name"] . ''; } } } else { echo Core::result(Language::getTranslation("isZeroCategories"),4); } ?> if(User::isLogged()) { echo ' ' . Language::getTranslation("isYourCoins") . ' ' . User::getCoins($_SESSION["username"]) . ' ' . Language::getTranslation("isBuyCoins") . ' '; } ?> if($is->discountEnabled()) { ?> Discount getDiscountPercent() ?> % on all items: getDiscountUntil() ?> } ?> if($is->numberOfItems($cat) > 0) { // Paginator $page = isset($_GET["pagination"]) ? (int)$_GET["pagination"] : 1; $totalCount = $is->numberOfItems($cat); $perPage = $is->itemsPerPage(); $paginator = new Paginator($page, $totalCount, $perPage); // Paginator // Validate page if (isset($_GET["pagination"]) AND (!ctype_digit($_GET["pagination"]) OR $_GET["pagination"] > ceil($totalCount / $perPage) OR $_GET["pagination"] < 1)) { Core::redirect(Links::getUrl("itemshop"), 0); die(); } // Validate page // Print all news and pagination links global $dbname; $is->printItems("SELECT * FROM " . $dbname . ".itemshop_items WHERE category_id = ? LIMIT ? OFFSET ?", array($cat, $perPage, $paginator->offset())); $paginator->printLinks("itemshop/cat/".$cat."/page/", "pagination"); // Print all news and pagination links } else { echo Core::result(Language::getTranslation("isZeroItems"), 4); } ?> Obrigado desde já Link to comment Share on other sites More sharing options...
[Admin] tierrilopes Posted May 25, 2016 at 01:37 AM Share Posted May 25, 2016 at 01:37 AM Só me lembrei agora :| Podes colocar no inicio de tudo uma verificação, se existe sessão ativa (ou seja se o membro tem o login feito ou não), caso não haja sessão ele já não chama o resto do código, ou seja não apresenta a itemshop Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now