[RELEASE][On Request] Donation Script

01/28/2010 04:18 janvier123#1

Some one asked for a donation script, but i totally forgot who
a donation script for Dekaron
here it is ...

[Only registered and activated users can see links. Click Here To Register...]

Just edit all files to your needs
its a basic page, no css, no layout, clean and simple
(like zombe script's :D )

added recaptcha (Bye bye spammers :handsdown: )

Asks:
Firstname
Lastname
Account Name
Email

-> Post to paypal
<- Return with a "paid" YES or NO

Written for MYSQL not mssql
On request can be written for mssql

01/28/2010 05:43 Decima#2

a question about this script, couldnt someone just go to [Only registered and activated users can see links. Click Here To Register...] and get a free item for donation if they cancel at paypal???

i looked thru this script about 5 times and i dont see a check to make sure they actually donated and the donation went thru.

im sure i may be missing something, maybe if you could break it down how this script works it would better my understanding of its security.

01/28/2010 07:06 janvier123#3

Quote:

Originally Posted by Decima

a question about this script, couldnt someone just go to [Only registered and activated users can see links. Click Here To Register...] and get a free item for donation if they cancel at paypal???

i looked thru this script about 5 times and i dont see a check to make sure they actually donated and the donation went thru.

im sure i may be missing something, maybe if you could break it down how this script works it would better my understanding of its security.

Easy
but i forgot to add it i think

donate.php
Find line 122, Add below

PHP Code:


			
<input type="hidden" name="custom" VALUE="'.$_POST['acc_name'].'">

thanks.php
Find line 9, change

PHP Code:


			
$query = mysql_query("UPDATE `$mysqldb`.`donate` SET paid = 'yes' WHERE user_name = '$custom'");

PHP Code:


			
$query = mysql_query("UPDATE `$mysqldb`.`donate` SET paid = 'yes' WHERE acc_name = '$custom'");

Does it make sens now Decima ?
ill update the script

01/28/2010 08:27 Decima#4

ugh, id rather do this thru PM, but u dont answer thos lol

i could make a page on my server that has a form with a field where i put my acc name:

Code:

<form method="post" action="http://www.yoursite.com/thanks.php">
<input type="text" name="custom">
<input type="submit" value="Get My Free Item">
</form>

then i go to donate, when i get to the paypal payment page, i switch over to my page, put in my acc name, hit the "Get My Free Item" button, and boom, i didnt have to pay and got the item for free, so like i said, i see security issues, but maybe i am overlooking something that would not make this possible.

01/28/2010 09:16 Scotticus#5

I'm getting this error..

Code:

Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in xampp\htdocs\donate.php on line 18

Line 18 Code: <form method='post' action='"$_SERVER['PHP_SELF']"?step=2'>

01/28/2010 09:27 Nosferatu.#6

Quote:
Originally Posted by Scotticus
I'm getting this error..
Code:
Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in xampp\htdocs\donate.php on line 18
Line 18 Code: <form method='post' action='"$_SERVER['PHP_SELF']"?step=2'>

PHP Code:


			
<form method='post' action='".$_SERVER['PHP_SELF']."?step=2'>

01/28/2010 09:55 Scotticus#7

Quote:

Originally Posted by darnus84

PHP Code:

<form method='post' action='".$_SERVER['PHP_SELF']."?step=2'>

Thanks

01/28/2010 10:29 janvier123#8

the "." i hate them

01/28/2010 11:23 Zombe#9

Go to your paypal account, see who donated, use the DEV char to get the item and give it to the guy, or add coins. Simple as that. Takes 1 minute. I can't believe people are too lazy to do even that.