Item sent to the bank FAIL.

**Mourplus** · 31-05-13

Hello, I have a good problem to buy items on my website normal purchase the coins down, but of an error and the item does not go to the bank, could someone help me?

_functions.php

PHP Code:


<?
@session_start();
function makepoststring($string) {
    if (strlen($string) > 17){
        return ucfirst(substr($string,0,17) . "...");
    }else{
        return ucfirst($string);
    }
}

function clean($value)
{
        $check = $value;

        $search = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
        'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
        'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
        'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
        'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
        'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
        'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
        'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
        'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
        'insert%20into', 'select%20', 'fopen', 'fwrite', '%20like', 'like%20',
        '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20',
        'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
        'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
        '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
        'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', 'lsof%20',
        '/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
        'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
        'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
        'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history',
        'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
        'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
        '<script', 'UPDATE', 'SELECT', 'DROP', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
        'select from', 'drop%20', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=');

        $value = str_replace($search, '', $value);
        $value = preg_replace(sql_regcase("/(from|select|insert|delete|update|set|shutdown|where|drop table|show tables|#|\*|--|\\\\)/"),"",$value);
        $value = trim($value);
        $value = strip_tags($value);
        $value = addslashes($value);
        $value = str_replace("'", "''", $value);

        if( $check != $value )
        {
            $logf = fopen("logs/Hacklogs.txt", "a+");
            fprintf($logf, "Date: %s IP: %s Code: %s, Fixed: %s\r\n", date("d-m-Y h:i:s A"), $_SERVER['REMOTE_ADDR'], $check, $value );
            fclose($logf);
alertbox("SQL Injection Detectado !!","index.php");
        }

        return( $value );
}

function mssql_query_logged($query)
{

    //$f = fopen("logs/Querylogs.txt", "a+");
    //fprintf($f, "%s (mod_%s.php) - [AID=%s] %s [%s] - %s\r\n", $_SERVER[PHP_SELF],$_GET['do'], $_SESSION['AID'],  date("d-m-y - H:i:S"), $_SERVER['REMOTE_ADDR'], $query);
    //fclose($f);

    return mssql_query($query);
}

function getUrl() {
    return $_SERVER['HTTP_HOST'];
}

function enviarmail($para, $tema, $mensaje)
{
    
    $mail = new PHPMailer ();
//    msgbox($_SESSION['correo']." ".$passcorreo,"index.php");
    $mail -> From = $_SESSION['correo'];
    $mail -> FromName = $_SESSION['nombregunz'];
    $mail -> AddAddress ($para);
    $mail -> Subject = $tema;
    $mail -> Body = $mensaje;
    $mail -> IsHTML (true);

    $mail->IsSMTP();
    $mail->Host = 'ssl://smtp.live.com';
    $mail->Port = 25;
    $mail->SMTPAuth = true;
    $mail->Username = $_SESSION['correo'];
    $mail->Password = $_SESSION['passcorreo'];

    if(!$mail->Send()) {
            return 1;
    }else{
           return 0;;
    }

}

function Sex($tipo)
{
    if($tipo == 0)
    {
        return "Masculino";
    }elseif($tipo == 1)
    {
        return "Feminino";
    }else{
        return "Gay";
    }
}

function random1($tama) {
    $length = $tama;
    $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
    $string = "";    

    for ($p = 0; $p < $length; $p++) {
        $string .= $characters[mt_rand(0, strlen($characters))];
    }

    return $string;
} 

function logz($text)
{
    $logf = fopen("./logs/wtf.txt", "a+");
            fprintf($logf, $text."\r\n");
            fclose($logf);
}

function getclan($clid)
{
    $q = mssql_query("SELECT * FROM Clan WHERE CLID='".$clid."'");
    $r = mssql_fetch_object($q);
    return $r->Name;
}

function getclancid($clid)
{
    $q = mssql_query("SELECT * FROM Clan WHERE CLID='".$clid."'");
    $r = mssql_fetch_object($q);
    return $r->MasterCID;
}
function getcha($cid)
{
    $q = mssql_query("SELECT * FROM Character WHERE CID='".$cid."'");
    $r = mssql_fetch_object($q);
    return $r->Name;
}
function getlvl($cid)
{
    $q = mssql_query("SELECT * FROM Character WHERE CID='".$cid."'");
    $r = mssql_fetch_object($q);
    return $r->Level;
}
function activo($cid)
{
    $cid = clean($cid);
    $q = mssql_query("SELECT * FROM CLan WHERE MasterCID='".$cid."'");
    $r = mssql_fetch_object($q);
    return $r->Peticion;
}
function master($cid)
{
//    $cid = clean($cid);
    $q = mssql_query("SELECT * FROM Character WHERE CID='".$cid."'");
    $r = mssql_fetch_object($q);
    return $r->Name;
}
function gettipo($tipo)
{
    $tipo = clean($tipo);
    switch($tipo)
    {
        case 0:
            return "Armadura";
        case 1:
            return "Arma";
        case 2:
            return "Espada";
        case 3:
            return "Item";
        default:
            return "Nada";
    }
}
function getsex($sex)
{
    $sex = clean($sex);
    switch($sex)
    {
        case 0:
            return "Hombre";
            
        case 1:
            return "Mujer";
            
        case 2:
            return "Ambos";
        
        default:
            return "Nada";
        
    }
}

function ChangeTitle($title) {
    echo "<script language='JavaScript'>
document.title='".$title."';
</script>";
}

function mTrim($cadena){
    return str_replace(" ","",$cadena);
   }

function ErrorBox($data) {
    return "                               <tr>
                                            <td width='434' colspan='2'>
                                            <div align='center'>
                                                <table border='1' width='90%' height='90%' style='border-collapse: collapse' bordercolor='#FF0000' bgcolor='#FF9191' class='errorbox'>
                                                    <tr>
                                                        <td>
                                                        <table border='0' width='100%' height='100%' style='border-collapse: collapse'>
                                                            <tr>
                                                                <td valign='bottom' width='434' colspan='2'>
                                                        <img border='0' src='images/icon_error.gif' width='16' height='17'>
                                                        <font size='1'><b>An error occurred!</b></font></td>
                                                            </tr>
                                                            <tr>
                                                                <td width='19'>&nbsp;</td>
                                                                <td width='434' valign='top'><b>$data</b></td>
                                                            </tr>
                                                        </table>
                                                        </td>
                                                    </tr>
                                                </table>
                                            </div>
                                            </td>
                                            <td width='8'>&nbsp;</td>
                                        </tr>
                                        <tr>
                                            <td width='145'>
                                            &nbsp;</td>
                                            <td width='289'>
                                            &nbsp;</td>
                                            <td width='8'>&nbsp;</td>
                                        </tr>";
}

function msgbox($text, $url){
echo "<body  bgcolor='#000000'><script>alert('$text');document.location = '$url'</script></body>"; 
}



function re_dir($url){
echo "<body  bgcolor='#000000'><script>document.location = '$url'</script></body>";

}

function MakePercent($Value, $Total)
{
    return ($Value * $Total) / 100;
}

function GetKDRatio($kills, $deaths)
{
    $total = $kills + $deaths;

    $percent = @round((100 * $kills) / $total, 2);

    if($kills == 0 && $deaths == 0)
    {
        return "0/0 (100%)";
    }else{
        return sprintf("%d/%d (%d%%)", $kills, $deaths, $percent);
    }
}

function GetCharNameByCID($cid)
{
    $ncid = clean($cid);
    $a = mssql_fetch_assoc(mssql_query("SELECT Name FROM Character(nolock) WHERE CID = '$ncid'"));
    return $a[Name];
}
function checarname($aid, $name)
{
    if(empty($aid))
    {
        $q = mssql_query("SELECT * FROM Account WHERE UserID='".$name."'");
        $r = mssql_fetch_object($q);
        $aid = $r->AID;
        //alertbox($aid,"index.php");
    }
    $q = mssql_query("SELECT * FROM Account WHERE AID='".$aid."'");
    $r = mssql_fetch_object($q);
    $t = $r->UGradeID;
    switch($t)
    {
        case 0:
            return "<font color='#FFFFFF'>$name</font>";
        case 2:
            return "<font color='#FFFFFF'>$name</font>";
        case 255:
            return "<font color='#FF0000'>$name</font>";
        case 254:
            return "<font color='#00FF00'>$name</font>";
        case 252:
            return "<font color='#FFFFFF'>$name</font>";
        case 253:
            return "<font color='#666666'>$name</font>";
        default:
            return "<font color='#00FFFF'>$name</font>";
    }
}
function ratiopj($Wins, $Losses)
{
$total = $kills + $deaths;

    $percent = @round((100 * $kills) / $total, 2);

    if($kills == 0 && $deaths == 0)
    {
        return "0/0 (100%)";
    }else{
        return sprintf("%d/%d (%d%%)", $kills, $deaths, $percent);
    }
}

function FormatCharName($cid)
{
    $ncid = clean($cid);
    $res = mssql_fetch_row(mssql_query("SELECT ac.UGradeID, ch.Name From Character(nolock) ch INNER JOIN Account ac ON ac.AID = ch.AID WHERE ch.CID = '$ncid'"));

    $name = $res[1];

    switch($res[0])
    {
        case 255:
            return "<font color='00FFFF'>$name</font>";
        break;
        case 254:
            return "<font color='#FF6633'>$name</font>";
        break;
        case 252:
            return "<font color='#00FF00'>$name</font>";
        break;
        case 253:
            return "<font color='#666666'>$name</font>";
        break;
        case 6:
            return "<font color='FF0000'>$name</font>";
        break;
        case 2:
            return "<font color='#FFFF00'>$name</font>";
        break;
        case 3:
            return "<font color='FF0000'>$name</font>";
        break;
        case 4:
            return "<font color='FF0000'>$name</font>";
        break;
        case 5:
            return "<font color='FF0000'>$name</font>";
        break;
        case 6:
            return "<font color='FF0000'>$name</font>";
        break;
        case 7:
            return "<font color='FF0000'>$name</font>";
        break;
        case 8:
            return "<font color='FF0000'>$name</font>";
        break;
        case 9:
            return "<font color='FF0000'>$name</font>";
        break;
        case 0:
            return "$name";
        break;
        default:
            return $name;
        break;
    }
}

function GetClanPercent($Wins, $Losses)
{
    $total = $Wins + $Losses;

    return ($total == 0) ? "0%" : round((100 * $Wins) / $total, 2) . "%";
}

?>

**MentaL**

**Chrisss** · 31-05-13

Seriously dude. Read the error before you post. Invalid column name ShopItemID. Add that column then its done. Simple, no need for a thread.

**Forean** · 31-05-13

function.php has nothing to do with it, the error above tells you everything, there is no Column "ShopItemId" in your database in the account DBO

Edit : Sensor, you posted did not even refresh the page :P so atleast he has 2 answers.

**Mourplus** · 31-05-13

dude I spent the columns of the database login account and 1.5 for 08, to run my website in gunz 1.5, finally in my 2008 database where I used this website has no "COLUMN CALL ShopItemID", that strange to ...

**Chrisss** · 31-05-13

Mate, its now hard to open up dbo.Account and add a column named ShopItemID.

**Mourplus** · 31-05-13

finally discover where was ShopItemID and added in my database 1.5 "dbo.AccountItem" is no longer giving error but still the same error the item will not go to the bank ...

**Mourplus** · 01-06-13

please help me because when I buy items on the site they do not go to the bank? : \

**Mourplus** · 01-06-13

I did not understand.
._.'

drug error: \ switched store and got this error the item does not go to the bank when I bought it at the store's website: @

**Zujirawa** · 01-06-13

Wtf I dont get it. @_@ But finally I got some Idea.

**Anju** · 01-06-13

Mind posting your .php script that is doing the mssql query?

**Mourplus** · 01-06-13

I think you are talking about _functions.php, all web gunz Brazil has.

**Anju** · 02-06-13

I know what I am talking about. The _functions.php that he posted is just functions not the query execution script. For example, when registering an account, the mssql query script like this:

Code:

mssql_query("INSERT INTO Account ([UserID],...) VALUES ('$userid',...);

What I am basically looking for is the mssql query that inserts values into AccountItem database table.

**Forean** · 02-06-13

It's most likley in a file named donate.php, or atleast take a screenshot of your folder with all the includes so we can pretty much have you pull the right file.

do you have the itemshop.dbo or donarshop.dbo or something like that?

**Mourplus** · 03-06-13

everyone is talking about thinking you know by posting the fix, and no one posted right tense.
What is certain is this: 1 Open your ScriptPHP the shop and add it in the part of the Insert Item: [Cnt]) values, and the value 1
Normally the script item shop if you already have it change 0 to 1, so when you purchase an item in shop he goes to the bank properly. in the case would look like:
mssql_query_logged ("INSERT INTO AccountItem ([ShopItemID], [IDA], [ItemID], [RentDate], [Cnt]) VALUES ('$ itemid', '$ aid', '$ zitemid', GETDATE (), 1) ");

Item sent to the bank FAIL.

Thread Tools

Search Thread

Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Re: Item sent to the bank FAIL.

Advertisement