SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Thread: PHP Help

  1. #1
    SitePoint Guru TacMaf's Avatar
    Join Date
    Dec 2005
    Location
    Manchester, United Kingdom
    Posts
    663
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy PHP Help

    Hi, I own a game, http://www.tacticalmafia.com/, and basically I need help stopping the hackers.

    What I think they are doing is putting and automatic URL redirect in their profile to their site and somehow updating their game cash in the database.

    Any ideas of how I can stop this?

    Thanks

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,250
    Mentioned
    196 Post(s)
    Tagged
    2 Thread(s)

    profile

    It would be a big help if you post the code that handles user input, the profile in particular if you think that's where the problem is. Alsl the portion that updates the game cache. If this is not your own code, what app and version is it?

  3. #3
    SitePoint Guru TacMaf's Avatar
    Join Date
    Dec 2005
    Location
    Manchester, United Kingdom
    Posts
    663
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeh, its just basic php really.
    For example, to connect to the db its include "db_connect.php" and I think they are redirecting to their site and connecting to the db, then using something like:
    mysql_query("UPDATE users SET money='100000000' WHERE username='hacker'");

    Hope this helps.

  4. #4
    SitePoint Guru TacMaf's Avatar
    Join Date
    Dec 2005
    Location
    Manchester, United Kingdom
    Posts
    663
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there a way to stop external sites from running queries for example?

  5. #5
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    External sites can't run queries on your database... they'd need the username and password to open a connection.

  6. #6
    SitePoint Guru TacMaf's Avatar
    Join Date
    Dec 2005
    Location
    Manchester, United Kingdom
    Posts
    663
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Right, then I have no idea how they are doing it.

  7. #7
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    It's probably something simpler, like directly accessing some URL in your game that would allow someone to add money without gaining it through the game properly.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •