Brazil Boletos hack

SUBMITTED BY: Guest

DATE: July 11, 2014, 2:54 a.m.

FORMAT: Text only

SIZE: 5.7 kB

Raw Download

HITS: 806

Report
  3. <?if (MysteryPT!=1) exit;?>
  4. <?
  5. $connection = odbc_connect( $connection_string, $user, $pass );
  6. if($_POST[acao]!="Alterar")
  7. {
  8. $user = $_GET['user'];
  9. $trans = base64_decode($_GET['data']);
  11. $query = "SELECT * FROM [sPTDB].[dbo].[ShopTransCreditos] WHERE [USER_TRANS] = '$user' AND [DT_TRANS]='$trans'";
  12. $q = odbc_exec($connection, $query);
  13. $dados = odbc_fetch_array($q);
  14. $user_trans=$dados['USER_TRANS'];
  15. $id_trans=$dados['ID_TRANS'];
  16. $ct_trans=$dados['CT_TRANS'];
  17. $st_trans=$dados['ST_TRANS'];
  18. $dt_trans=$dados['DT_TRANS'];
  19. $ip_trans=$dados['IP_TRANS'];
  20. ?>
  21. <form method="post" action="">
  22. <table background="imgs/fundo_textura1.gif" width="600" border="0" align="center" cellpadding="0" cellspacing="0">
  23. <tr>
  24. <td><table width="100%" border="0" align="center" cellpadding="4" cellspacing="2">
  25. <tr>
  26. <td colspan="2" align="center" bgcolor="#003399"><b><font color="#FFFFFF">Alterando Transações de Créditos do Shop</font></b></td>
  27. </tr>
  29. <tr>
  30. <td width="35%" align="right"><strong><font color="#000000"> ID Player:</font></strong></td>
  31. <td width="65%">
  32. <?php echo $user_trans; ?><input name="user_trans" type="hidden" value="<?php echo $user_trans; ?>" />
  33. </td>
  34. </tr>
  36. <tr>
  37. <td align="right"><strong><font color="#000000">ID Trans:</font></strong></td>
  38. <td><input name="id_trans" value="<?php echo $id_trans; ?>" type="text" id="id_trans" size="20" maxlength="60" /></td>
  39. </tr>
  41. <tr>
  42. <td align="right"><strong><font color="#000000">Créditos:</font></strong></td>
  43. <td>
  44. <?php echo $ct_trans; ?><input name="ct_trans" type="hidden" value="<?php echo $ct_trans; ?>" />
  45. </td>
  46. </tr>
  48. <tr>
  49. <td align="right"><strong><font color="#000000">Status:</font></strong></td>
  50. <td>
  51. <select name="st_trans">
  52. <option value="1" <? if($st_trans==1){ echo "selected"; }?>>Em espera</option>
  53. <option value="2" <? if($st_trans==2){ echo "selected"; }?>>Negada</option>
  54. <option value="3" <? if($st_trans==3){ echo "selected"; $block_alt="disabled";} ?>>Aprovada</option>
  55. </select>
  56. </td>
  57. </tr>
  59. <tr>
  60. <td align="right"><strong><font color="#000000">Data:</font></strong></td>
  61. <td>
  62. <?php echo $dt_trans; ?><input name="dt_trans" type="hidden" value="<?php echo $dt_trans; ?>" />
  63. </td>
  64. </tr>
  66. <tr>
  67. <td align="right"><strong><font color="#000000">IP:</font></strong></td>
  68. <td>
  69. <?php echo $ip_trans; ?><input name="ip_trans" type="hidden" value="<?php echo $ip_trans; ?>" />
  70. </td>
  71. </tr>
  73. <tr>
  74. <td colspan="2" align="center"><input name="acao" type="submit" class="button" id="acao" value="Alterar" <?=$block_alt?>></td>
  75. </tr>
  76. </table></td>
  77. </tr>
  78. </table>
  79. </form>
  81. <?
  82. }
  84. if($_POST[acao]=="Alterar") {
  85. $user_trans=$_POST['user_trans'];
  86. $id_trans=trim($_POST['id_trans']);
  87. $ct_trans=$_POST['ct_trans'];
  88. $st_trans=$_POST['st_trans'];
  89. $dt_trans=$_POST['dt_trans'];
  90. $ip_trans=$_POST['ip_trans'];
  92. if(!$user_trans OR !$id_trans OR !$ct_trans OR !$st_trans OR !$dt_trans OR !$ip_trans){
  93. echo"<script>alert ('Preencha e informe todos os campos!')</script>";
  94. echo"<script>history.go(-1);</script>";
  95. } else {
  97. if($user_trans==$id_trans){
  98. echo"<script>alert ('Não é possível transferir créditos para uma mesma conta!')</script>";
  99. echo"<script>history.go(-1);</script>";
  100. }else{
  104. $query_verids = "SELECT * FROM [accountdb].[dbo].[ALLPersonalMember] WHERE [userid]='$user_trans'";
  105. $q_verids = odbc_exec($connection, $query_verids);
  106. $dadosplayer = odbc_fetch_array($q_verids);
  108. $creditos_user = $dadosplayer['Coins'];
  111. if($creditos_user<$ct_trans && $st_trans==3){
  112. echo"<script>alert ('O player não tem créditos suficientes para fazer esta transferência!')</script>";
  113. echo"<script>history.go(-1);</script>";
  114. } else {
  115. $newcoin = $creditos_user-$ct_trans;
  116. $atualizar = odbc_exec("UPDATE [accountdb].[dbo].[ALLPersonalMember] SET [Coins]='{$newcoin}' WHERE [UserID]='$user_trans'");
  117. /*
  118. $trans_dir=$creditos."$id_trans.arc"; //nova id para transferencia "techno"
  119. $new_ct_user=$creditos_user-$ct_trans; //somando creditos para nova id 'techno'
  120. $new_ct_trans=file_get_contents($trans_dir)+$ct_trans; //pegando creditos
  123. if($st_trans==3){
  124. file_put_contents($creditos."$user_trans.arc",$new_ct_user);
  125. file_put_contents($trans_dir,$new_ct_trans);
  127. */
  132. }
  134. if(odbc_do($connection,"UPDATE [sPTDB].[dbo].[ShopTransCreditos] SET [ST_TRANS]='$st_trans' WHERE [USER_TRANS]='$user_trans' AND [DT_TRANS]='$dt_trans'")){
  135. echo"<script>alert ('Transferência alterada com sucesso!')</script>";
  136. echo"<script>history.go(-1);</script>";
  137. }}}}
  138. ?>
comments powered by Disqus