Most visitors online was 17251 , on 24 May 2024
Vote Reward System
- Thread starter Millenial
- Start date
- Joined
- Oct 14, 2008
- Messages
- 1,277
- Reaction score
- 249
Fatal error: Call to a member function RecordCount() on a non-object in C:\Xampp\htdocs\backend\vote_do.php on line 43
- Joined
- Apr 12, 2007
- Messages
- 426
- Reaction score
- 251
well... working fine but the echo messages doesnt shows up anymore... i mean with the new files... wierd
---------- Post added at 11:44 AM ---------- Previous post was at 11:33 AM ----------
and
change to:
and
*Only change if you use my modified files
**For me works but the echos doesnt shows up...
---------- Post added at 11:44 AM ---------- Previous post was at 11:33 AM ----------
If you use The new vote_do.php with my modified files then open vote_do.php and change these:
PHP:
include ('../config.php');
PHP:
include ('../includes/adodb5/adodb.inc.php');
PHP:
include ('config.php');
PHP:
include ('includes/adodb5/adodb.inc.php');**For me works but the echos doesnt shows up...
- Joined
- Oct 14, 2008
- Messages
- 1,277
- Reaction score
- 249
Not working...
Still got same error.
Still got same error.
The problem is not with the script. Problem is with something else. That is why I want to solve the problem with MSN.
- Joined
- Apr 12, 2007
- Messages
- 426
- Reaction score
- 251
I mean that the messages doesnt shows up...
For ex.: You already voted..., Your reward has been added..., etc...
- Joined
- Oct 14, 2008
- Messages
- 1,277
- Reaction score
- 249
If you can add the IP CHECK,it will be awesome, and oh , this script is hackable,you can find the password of mssql.
- Joined
- Jul 29, 2010
- Messages
- 312
- Reaction score
- 57
Don't try to give information which you haven't prove. where's your proof that this is script is hackable?
- Joined
- Oct 14, 2008
- Messages
- 1,277
- Reaction score
- 249
My server was hacked when i have used this script 
And when i have removed the script , the server was not hacked anymore.
EDIT:AND I CAN'T GIVE THE PROOF BECAUSE THE "HACKERS" WILL SEE HOW TO HACK THAT SCRIPT.
I apologize for what i said a little earlier, i did and now i realize that it was because i had Cabal Toolz 4.0, who was stealing from me because i have someone i had met my scripts here on ragezone , so they can make a skin for my website, but he vanished and after a little while i saw the release of the ct 4.0 on ragezone with my all template(TRANSILVANIAGAMES) .
So i keep saying that this script runs perfect on Cabal Toolz 3.0 and 3.1 platform.
Good Job With That.
But if you add the ip restriction on this script , that will be the best vote reward sawed ever.
And when i have removed the script , the server was not hacked anymore.
EDIT:AND I CAN'T GIVE THE PROOF BECAUSE THE "HACKERS" WILL SEE HOW TO HACK THAT SCRIPT.
I apologize for what i said a little earlier, i did and now i realize that it was because i had Cabal Toolz 4.0, who was stealing from me because i have someone i had met my scripts here on ragezone , so they can make a skin for my website, but he vanished and after a little while i saw the release of the ct 4.0 on ragezone with my all template(TRANSILVANIAGAMES) .
So i keep saying that this script runs perfect on Cabal Toolz 3.0 and 3.1 platform.
Good Job With That.
But if you add the ip restriction on this script , that will be the best vote reward sawed ever.
Last edited by a moderator:
Newbie Spellweaver
- Joined
- Jan 10, 2011
- Messages
- 55
- Reaction score
- 24
You mean the one that vanished and hacked the script and released it in here is the one who hack your CabalToolz 4.0?????
- Joined
- Oct 14, 2008
- Messages
- 1,277
- Reaction score
- 249
I don't know who did that,but who released here cabal toolz 4.0 it was a big lier,because when i give my cabal toolz 4.0 script to him , i give that only to create a skin for me,but they just released the CT 4.0 on RZ.
Anyway,lets stop the off topic.
For much request on it, I did a version which has an IP check.
To use this version, you must run this query on your CabalCash database:
You can download the version from attachments.
To use this version, you must run this query on your CabalCash database:
Code:
ALTER TABLE VoteReward
ADD UserIP VARCHAR(20)You can download the version from attachments.
- Joined
- Jun 27, 2010
- Messages
- 409
- Reaction score
- 240
Well I can imagine how this script is hackable, SQLi, anyone?
Sanitize it. For example using regex:
And why are you using ADOdb for such a trivial task?
PHP:
$u=$_GET["u"];
/*...*/
$q2=mssql_query('SELECT * FROM CashAccount WHERE UserID="' . $u . '"');Sanitize it. For example using regex:
PHP:
/*ATTN: This is untested code, hacked together in notepad*/
if (ereg('[^A-Za-z0-9]', $u)) {
die "; DROP DATABASE my butt!";
}
else {
$q2=mssql_query('SELECT * FROM CashAccount WHERE UserID="' . $u . '"');
}And why are you using ADOdb for such a trivial task?
Last edited:
- Joined
- Oct 14, 2008
- Messages
- 1,277
- Reaction score
- 249
I haved use that , but they shows me alway the vote reward is closed.
Please add only this ip check to my script :
Code:
<?php
include ('includes/adodb5/adodb.inc.php');
$server="xxxx";
$user="xxxx";
$pass="xxxx";
$db1=ADONewConnection('mssql');
$db1->Connect($server, $user, $pass, 'CabalCash') or die("Unable to connect cash!");
$db2=ADONewConnection('mssql');
$db2->Connect($server, $user, $pass, 'ACCOUNT') or die("Unable to connect account!");
$u=$_GET["u"];
$p=$_GET["p"];
$q1=$db2->Execute('SELECT * FROM cabal_auth_table WHERE ID=?', array($u));
$rc1=$q1->RecordCount();
$r1=$q1->FetchRow();
if ($rc1>=1)
{
$pwd=md5($p);
if ($r1[2]==$pwd)
{
$con=mssql_connect($server, $user, $pass);
mssql_select_db('CabalCash', $con);
$q2=mssql_query('SELECT * FROM CashAccount WHERE UserID="' . $u . '"');
$rc2=mssql_num_rows($q2);
$r2=mssql_fetch_array($q2);
if (mssql_num_rows($q2)>=1)
{
if (isset($_COOKIE['voted']))
{
$q3=$db1->Execute('SELECT * FROM VoteReward WHERE UserID=?', array($u));
$rc3=$q3->RecordCount();
$r3=$q3->FetchRow();
if ($rc3>=1)
{
$verify=$r3[1]+60*60*12;
$time=time();
if ($time>=$verify)
{
$db1->Execute('UPDATE VoteReward SET VoteDate=? WHERE UserID=?', array($time, $u));
$newcash=$r2[4]+1;
$newcashbon=$r2[3]+1;
mssql_query('UPDATE CashAccount SET Cash="'.$newcash.'" WHERE UserID="'.$u.'"');
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>Your reward has been added successfully. Click here to go back!</a>";
}
else
{
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>You already voted! Please wait 12 hours to vote again! Click here to go back!</a>";
}
}
else
{
$time=time();;
$db1->Execute('INSERT INTO VoteReward (UserID, VoteDate) VALUES (?,?)', array($u, $time)) or die(mssql_error());
$newcash=$r2[4]+1;
$newcashbon=$r2[3]+1;
mssql_query('UPDATE CashAccount SET Cash="'.$newcash.'" WHERE UserID="'.$u.'"');
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>Your reward has been added successfully. Click here to go back!</a>";
}
}
else
{
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>You did not vote in the last 12 hours! Click here to go back!</a>";
}
}
else
{
if (isset($_COOKIE['voted']))
{
$time=time();
mssql_query('INSERT INTO CashAccount (UserID, Cash, CashBonus) VALUES ("'.$u.'",1,0)');
$db1->Execute('INSERT INTO VoteReward (UserID, VoteDate) VALUES (?,?)', array($u, $time));
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>Your reward has been added successfully. Click here to go back!</a>";
}
else
{
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>You did not vote in the last 12 hours! Click here to go back!</a>";
}
}
}
else
{
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>You have entered a wrong Password! Click here to go back!</a>";
}
}
else
{
echo "<a href='http://cabal.transilvaniagames.ro/votereward.html'>You have entered a wrong ID! Click here to go back!</a>";
}
?>- Joined
- Oct 14, 2008
- Messages
- 1,277
- Reaction score
- 249
I already did that , but still not working,please help me,add to my script only the ip check,thank you again.
RaGEZONE Sponsor
Partners
