IsleHorse/HorseIsleWeb
1
0
Fork 0
mirror of https://silica.codes/islehorse/HorseIsleWeb.git synced 2025-04-06 05:05:47 +12:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix money duplication

Browse source
This commit is contained in:
Bluzume 2021-11-07 21:35:32 -05:00
parent 007bccccbc
commit 66bbfd7913
2 changed files with 22 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
game-site/config.php
View file

@ -13,7 +13,7 @@ $pp_uri = '/web/ppemu.php'; # location of paypal emulator on game-servers
# original is https://www.paypal.com/cgi-bin/webscr which obviously wont do # original is https://www.paypal.com/cgi-bin/webscr which obviously wont do
# Dont set it to that though, as the paypalgateway.php is not implemented. # Dont set it to that though, as the paypalgateway.php is not implemented.
$EXHANGE_RATE = 100000; # How much 1 USD is worth as HI Money $EXHANGE_RATE = 125000; # How much 1 USD is worth as HI Money
# == hmac_secret == # == hmac_secret ==
# Used for master-site to communicate with game-sites, # Used for master-site to communicate with game-sites,

34
game-site/web/ppemu.php
View file

@ -17,7 +17,9 @@ $money = getUserMoney($dbname, $_SESSION['PLAYER_ID']);
if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_GET['sign'])) if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_GET['sign']))
{ {
$targetUser = $_GET['to']; $targetUser = intval($_GET['to']);
$buyerId = intval($_SESSION['PLAYER_ID']);
$subbed = getUserSubbed($dbname, $targetUser); $subbed = getUserSubbed($dbname, $targetUser);
$subbedUntil = getUserSubTimeRemaining($dbname, $targetUser); $subbedUntil = getUserSubTimeRemaining($dbname, $targetUser);
$moneyTarget = getUserMoney($dbname, $targetUser); $moneyTarget = getUserMoney($dbname, $targetUser);
@ -31,7 +33,7 @@ if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_G
$msg = $_GET['itm'].$_GET["qnt"].$_GET["to"].$_GET["ret"].$_SESSION['USERNAME'].$_SESSION['PLAYER_ID']; $msg = $_GET['itm'].$_GET["qnt"].$_GET["to"].$_GET["ret"].$_SESSION['USERNAME'].$_SESSION['PLAYER_ID'];
$expectedSignature = GenHmacMessage($msg, "PPEMU"); $expectedSignature = GenHmacMessage($msg, "PPEMU");
$gotHmacSignature = $_GET['sign']; $gotHmacSignature = $_GET['sign'];
$quantity = 1;
if(!hash_equals($gotHmacSignature,$expectedSignature)){ if(!hash_equals($gotHmacSignature,$expectedSignature)){
include("header.php"); include("header.php");
echo("Invalid Signature. Are you trying to scam people?"); echo("Invalid Signature. Are you trying to scam people?");
@ -42,7 +44,7 @@ if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_G
$itm = $_GET["itm"]; $itm = $_GET["itm"];
if(strpos($itm, "One Month Horse Isle Membership") === 0){ if(strpos($itm, "One Month Horse Isle Membership") === 0){
$amount = 5; // NO CHEATING! $amount = 5; // NO CHEATING!
$cost = $amount*$EXHANGE_RATE; $cost = ($amount*$quantity)*$EXHANGE_RATE;
if($money >= $cost) if($money >= $cost)
{ {
setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost); setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
@ -62,7 +64,7 @@ if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_G
} }
else if(strpos($itm, "Full Year Horse Isle Membership") === 0){ else if(strpos($itm, "Full Year Horse Isle Membership") === 0){
$amount = 40; // NO CHEATING! $amount = 40; // NO CHEATING!
$cost = $amount*$EXHANGE_RATE; $cost = ($amount*$quantity)*$EXHANGE_RATE;
if($money >= $cost) if($money >= $cost)
{ {
setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost); setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
@ -85,7 +87,7 @@ if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_G
else if(strpos($itm, "100k Horse Isle Money") === 0){ // Why thou? else if(strpos($itm, "100k Horse Isle Money") === 0){ // Why thou?
$amount = 1; // NO CHEATING! $amount = 1; // NO CHEATING!
$quantity = intval($_GET["qnt"]); $quantity = intval($_GET["qnt"]);
$cost = ($amount*$EXHANGE_RATE)*$quantity; $cost = ($amount*$quantity)*$EXHANGE_RATE;
if($money >= $cost) if($money >= $cost)
{ {
$amountGained = (100000 * $quantity); $amountGained = (100000 * $quantity);
@ -105,8 +107,11 @@ if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_G
$amountGained = 31250000; $amountGained = 31250000;
setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost); setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
$money-=$cost; $money -= $cost;
setUserMoney($dbname, $targetUser, $moneyTarget+=$amountGained); if($targetUser == $buyerId)
$moneyTarget -= $cost;
setUserMoney($dbname, $targetUser, $moneyTarget+=$amountGained);
header("Location: ".$_GET["ret"]); header("Location: ".$_GET["ret"]);
} }
@ -122,7 +127,7 @@ if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_G
} }
else if(strpos($itm, "Pawneer Order") === 0){ else if(strpos($itm, "Pawneer Order") === 0){
$amount = 8; // NO CHEATING! $amount = 8; // NO CHEATING!
$cost = $amount*$EXHANGE_RATE; $cost = ($amount*$quantity)*$EXHANGE_RATE;
if($money >= $cost) if($money >= $cost)
{ {
setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost); setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
@ -143,7 +148,7 @@ if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_G
} }
else if(strpos($itm, "Five Pawneer Order") === 0){ else if(strpos($itm, "Five Pawneer Order") === 0){
$amount = 30; // NO CHEATING! $amount = 30; // NO CHEATING!
$cost = $amount*$EXHANGE_RATE; $cost = ($amount*$quantity)*$EXHANGE_RATE;
if($money >= $cost) if($money >= $cost)
{ {
setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost); setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
@ -216,19 +221,22 @@ include("header.php");
<td><?php echo(htmlspecialchars((string)$quantity)); ?></td> <td><?php echo(htmlspecialchars((string)$quantity)); ?></td>
<td><?php echo(htmlspecialchars($_POST['item_number'])) ?></td> <td><?php echo(htmlspecialchars($_POST['item_number'])) ?></td>
<td><?php <td><?php
$amount = $_POST['amount'];
$priceUSD = ($amount*$quantity);
if($hasIntl) if($hasIntl)
$cost = numfmt_format($fmt, intval(htmlspecialchars($_POST['amount']*$quantity))); $cost = numfmt_format($fmt, intval(htmlspecialchars($priceUSD)));
else else
$cost = $_POST['amount']*$quantity; $cost = htmlspecialchars($priceUSD);
echo('$'.$cost); echo('$'.$cost);
?></td> ?></td>
<td><?php <td><?php
$priceHI = ($amount*$quantity) * $EXHANGE_RATE;
if($hasIntl) if($hasIntl)
$cost = numfmt_format($fmt, intval(htmlspecialchars((($_POST['amount']) * $EXHANGE_RATE)*$quantity))); $cost = numfmt_format($fmt, intval(htmlspecialchars($priceHI)));
else else
$cost = (($_POST['amount']) * $EXHANGE_RATE)*$quantity; $cost = htmlspecialchars($priceHI);
echo('$'.$cost); echo('$'.$cost);