theeliter Posted June 21, 2009 Share Posted June 21, 2009 Hello Guys. Btw my name is Matthy. i come here to ask for tips about my script. Well this is easy. but i am so weak and no knowledge about this. look at this if($rows>0) { $rows=mssql_fetch_assoc($result); extract($rows); $UserPoint = ($UserPoint); $ID = ($Username); $Usernum = ($UserNum); if($UserPoint<$Price) { echo "<font color=red size=2><center>Sorry not enough Credits to Avail this Item.<p>"; $error = 1; delayedrefresh('webshop.php'); } if($Price <= 0) { echo "<font color=red size=2><center>Tampering Detected<p>"; $error = 1; delayedrefresh('webshop.php'); } $result1=mssql_query("SELECT ItemStock FROM Ranshop.dbo.ShopItemMap Where ProductNum = '$ItemNum'"); $rows1=mssql_num_rows($result1); if ($rows1>0) { $rows1=mssql_fetch_assoc($result1); extract($rows1); $ItemStock = ($ItemStock); $ItemMoney = ($ItemMoney); $PurPrice = $_POST['PurPrice']; $ItemMoney = $_POST['ItemMoney']; i have problem about this because someone use Data Tampering to change the value of price. so ive put if($Price <= 0) {. but its still not effective.because when they still change to 1-999. its still can any idea guys what the best way to prevent changing price on Data Tamper to this script thank you Quote Link to comment https://forums.phpfreaks.com/topic/163143-webshop-tampering/ Share on other sites More sharing options...
RussellReal Posted June 21, 2009 Share Posted June 21, 2009 don't send the price in the request.. send the item id number.. then you pull that id from the database, and get the price from teh database, if you've secured your sql theres no way he/she can alter those values, so you can definately rely on them.. Quote Link to comment https://forums.phpfreaks.com/topic/163143-webshop-tampering/#findComment-860727 Share on other sites More sharing options...
theeliter Posted June 21, 2009 Author Share Posted June 21, 2009 ^ ^ Yeah its safe if the price is on DB only.but how about Item ID. If the Item ID is still Changable. they can get expensive item by purchasing cheap item and change the item IDit into expensive item ID. so what would you suggest bro? Heres a Screenie Quote Link to comment https://forums.phpfreaks.com/topic/163143-webshop-tampering/#findComment-860808 Share on other sites More sharing options...
pkedpker Posted June 21, 2009 Share Posted June 21, 2009 all itemId's should be put with price in database.. nothing should be displayed thats not in database.. when someone submits a new item to sell.. they submit the new item ID and price to database. there is no way that you can temper that data. what your doing right now is how paypal donation system works.. where a person can put any amount he wants and it puts that in the database Quote Link to comment https://forums.phpfreaks.com/topic/163143-webshop-tampering/#findComment-860811 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.