Shop Webpage [Socket/MySQL] -
oMa37 - 30.07.2017
Introduction:
Simple shop page which works with Socket and MySQL, basically, when you click on the 'Buy' button, you will get the item immediately in-game and decrease your money for the price of the item you bought, you don't have to re-login.
Features:
- Simple, clean design.
- Login page using MySQL.
- You can register directly from the webpage.
- You will be logged out if you're inactive for 15 minutes.
- Shows how much money you have currently.
- All forms are made using .ajax function (No need to refresh the page).
Screenshots:
Login Page:
Register Page:
Vehicles Page:
Skins Page:
Requirements:
MySQL - BlueG/maddinat0r
Socket - BlueG
SSCANF2 - Y_Less/maddinat0r/Emmet_
Command Processor - SickAttack
Download:
ClickHere! - GitHub - This one doesn't include the vehicles/skins pictures.
ClickHere! - Solidfiles - Recommended.
Special Thanks:
jlalt - Helped me with some socket stuff, much thanks.
Re: Shop Webpage [Socket/MySQL] -
blackgangs - 30.07.2017
Great work!
Re: Shop Webpage [Socket/MySQL] -
darkhunter332 - 30.07.2017
Nice work buddy, you are awesome!
Re: Shop Webpage [Socket/MySQL] -
oMa37 - 30.07.2017
Thanks.
Re: Shop Webpage [Socket/MySQL] - justice96 - 30.07.2017
I wonder who is tellin' about Ajax thing. anyway, good job!
Re: Shop Webpage [Socket/MySQL] -
Younes44 - 30.07.2017
Wow
Nic one oMa :3
why dont you complet your work with UCP/ACP XD
Re: Shop Webpage [Socket/MySQL] -
oMa37 - 31.07.2017
Quote:
Originally Posted by Younes44
why dont you complet your work with UCP/ACP XD
|
I will.
Respuesta: Shop Webpage [Socket/MySQL] -
SlowARG - 31.07.2017
Hi there.
First, nice Webshop, i like this idea.
Second, i've seen that this shop is vulnerable to Web Parameter Tampering, we can tamper POST data (such as price of skins/vehicles) and we can get them for free. Another way is executing the JavaScript code directly.
So, the original request originates here:
Code:
<p><button type='button' class='btn btn-info' onClick='BuySkin(".$skins[$i][1].", ".$skins[$i][0].")'>Buy</button></p>
We can execute JavaScript directly:
Regards,
Nobody.
Re: Respuesta: Shop Webpage [Socket/MySQL] -
oMa37 - 01.08.2017
Quote:
Originally Posted by SlowARG
Hi there.
First, nice Webshop, i like this idea.
Second, i've seen that this shop is vulnerable to Web Parameter Tampering, we can tamper POST data (such as price of skins/vehicles) and we can get them for free. Another way is executing the JavaScript code directly.
So, the original request originates here:
Code:
<p><button type='button' class='btn btn-info' onClick='BuySkin(".$skins[$i][1].", ".$skins[$i][0].")'>Buy</button></p>
We can execute JavaScript directly:
Regards,
Nobody.
|
Thanks for pointing that out for me, I will work on that.
Re: Shop Webpage [Socket/MySQL] -
Anadolu - 01.08.2017
Awesome bro great works
Re: Shop Webpage [Socket/MySQL] -
TheMaskedGamer - 07.08.2017
This was made for explosive freeroam isnt it? Back when you were creating the ucp
Re: Shop Webpage [Socket/MySQL] -
Barnwell - 07.08.2017
Pretty good!
Re: Shop Webpage [Socket/MySQL] -
oMa37 - 13.08.2017
Quote:
Originally Posted by TheMaskedGamer
This was made for explosive freeroam isnt it? Back when you were creating the ucp
|
Not really, I made it before few weeks.
Re: Shop Webpage [Socket/MySQL] -
azzerking - 22.08.2017
Holy Crap,
Your script is completely open to MySQL Injection.
Code:
$query = "SELECT Username, Password FROM `Users` WHERE `Username` = '".$_POST["playerName"]."'";
$result = mysqli_query($conn, $query);
Please use prepared statements.
Code:
$stmt = $mysqli->prepare("SELECT Username, Password FROM `Users` WHERE `Username` = :username ");
$stmt->execute( array( ":username", $_POST[ 'playerName' ] ) );
PHP Prepared Statements
Re: Shop Webpage [Socket/MySQL] -
Roozevelt - 22.08.2017
Good work.
Re: Shop Webpage [Socket/MySQL] -
Omirrow - 22.08.2017
Well, me and one of my friends were planning to do something like that, seems like someone else thought this before us!
Good one.