Inicio Explorar Ayuda
Iniciar sesión
yosoyhendrix
/
Module-Simple-billing
espejo de https://github.com/OpenGamePanel/Module-Simple-billing
1
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

Updated.

Obada Diab hace 9 años
padre
431ab2b656
commit
620f80bc4b
Se han modificado 1 ficheros con 24 adiciones y 2 borrados
Dividir vista Mostrar estadísticas de diff
  1. 24 2
      modules/simple-billing/add_to_cart.php

+ 24 - 2
modules/simple-billing/add_to_cart.php
Ver fichero 

@@ -27,9 +27,19 @@ function exec_ogp_module()
 
 	global $db;
 
 	$settings = $db->getSettings();
 
 	
+	//This must be add to re-connection with database.
 
 	require('includes/config.inc.php');
 
 	
-	$service_id = $_REQUEST['service_id'];
 
+	/*
 
+	The service id should also be cast to an int, 
+	or checked if it's numeric before used in the WHERE clause... otherwise an SQL error is possible currently.
 
+	If it's not an int (or if it's 0 after casting) redirect to the shop page.
 
+	*/	
+	$service_id = intval($_REQUEST['service_id']);
 
+	if ($service_id <= 0){
 
+		$view->refresh("home.php?m=simple-billing&p=buy");
 
+		return;
 
+	}
 
 	
 	// Query for Selected service info.
 
 	$qry_service = "SELECT DISTINCT service_id, home_cfg_id, mod_cfg_id, service_name, remote_server_id, slot_max_qty, slot_min_qty, price_hourly, price_monthly, price_year, description, img_url FROM ".$table_prefix."billing_services WHERE service_id=".$service_id;
 
@@ -78,7 +88,11 @@ function exec_ogp_module()
 
 	$tax_amount = $settings['tax_amount'];
 
 	$currency = $settings['currency'];
 
 	
-	if(isset($_REQUEST['service_id'])) $where_service_id = " WHERE service_id=".$_REQUEST['service_id']; else $where_service_id = "";
 
+	/*
 
+	Cast $_REQUEST['service_id'] to an int and then check if its value is higher than 0 before using it in the WHERE clause.
 
+	Checking if it's higher than 0 because if it's a non-numeric value, after casting it to an int it'll be 0.
 
+	*/	
+	if(isset($service_id)) $where_service_id = " WHERE service_id=".$service_id; else $where_service_id = "";
 
 	$qry_services = "SELECT * FROM OGP_DB_PREFIXbilling_services".$where_service_id;
 
 	$services = $db->resultQuery($qry_services);			
 	foreach ($services as $key => $row) {	
@@ -86,6 +100,14 @@ function exec_ogp_module()
 
 		$max_players = $row['slot_min_qty'];
 
 		$qty = 1;
 
 		}
 
+	/*
 
+	An extra check added for the inverse: check max_players against slot_max_qty. 
+	It would be good to do in the event someone is only selling a max of 16 slots per server.
 
+	*/
 
+	elseif ($max_players > $row['slot_max_qty'])
 
+		{
 
+		$max_players = $row['slot_max_qty'];	
+		}
 
 	}
 
 	
 	$price = $max_players*$price_slot*$qty;