|
|
@@ -24,19 +24,27 @@
|
|
|
|
|
|
function exec_ogp_module()
|
|
|
{
|
|
|
- global $db;
|
|
|
+ global $db ,$view;
|
|
|
$settings = $db->getSettings();
|
|
|
-
|
|
|
- require('includes/config.inc.php');
|
|
|
-
|
|
|
- $service_id = $_REQUEST['service_id'];
|
|
|
-
|
|
|
+
|
|
|
+ //The service id should also be cast to an int.
|
|
|
+ $service_id = intval($_REQUEST['service_id']);
|
|
|
+
|
|
|
// Query for Selected service info.
|
|
|
- $qry_service = "SELECT DISTINCT service_id, home_cfg_id, mod_cfg_id, service_name, remote_server_id, slot_max_qty, slot_min_qty, price_hourly, price_monthly, price_year, description, img_url FROM ".$table_prefix."billing_services WHERE service_id=".$service_id;
|
|
|
+ $qry_service = "SELECT DISTINCT service_id, home_cfg_id, mod_cfg_id, service_name, remote_server_id, slot_max_qty, slot_min_qty, price_hourly, price_monthly, price_year, description, img_url FROM OGP_DB_PREFIXbilling_services WHERE service_id=".$service_id;
|
|
|
$result_service = $db->resultQuery($qry_service);
|
|
|
$row_service = $result_service[0];
|
|
|
//Compiling info about invoice to create an invoice order.
|
|
|
|
|
|
+ /*
|
|
|
+ Check if it's numeric before used in the WHERE clause... otherwise an SQL error is possible currently.
|
|
|
+ If it's not an int (or if it's 0 after casting and or not vaild service) redirect to the shop page.
|
|
|
+ */
|
|
|
+ if ($service_id <= 0 || $result_service === false){
|
|
|
+ $view->refresh("home.php?m=simple-billing&p=shop");
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
// remote server value
|
|
|
$remote_server_id = $row_service['remote_server_id'];
|
|
|
|
|
|
@@ -60,8 +68,11 @@ function exec_ogp_module()
|
|
|
{
|
|
|
$price_slot=$row_service['price_year']*12;
|
|
|
}
|
|
|
+ else
|
|
|
+ {
|
|
|
+ $price_slot=$row_service['price_monthly'];
|
|
|
+ }
|
|
|
|
|
|
- $price = $_POST['max_players']*$price_slot*$_POST['qty'];
|
|
|
|
|
|
//Game Server Values
|
|
|
$ip_id = $_POST['ip_id'];
|
|
|
@@ -75,7 +86,29 @@ function exec_ogp_module()
|
|
|
$tax_amount = $settings['tax_amount'];
|
|
|
$currency = $settings['currency'];
|
|
|
|
|
|
- global $view;
|
|
|
+ /*
|
|
|
+ Cast $_REQUEST['service_id'] to an int and then check if its value is higher than 0 before using it in the WHERE clause.
|
|
|
+ Checking if it's higher than 0 because if it's a non-numeric value, after casting it to an int it'll be 0.
|
|
|
+ */
|
|
|
+ if($service_id !== 0) $where_service_id = " WHERE service_id=".$service_id; else $where_service_id = "";
|
|
|
+ $qry_services = "SELECT * FROM OGP_DB_PREFIXbilling_services".$where_service_id;
|
|
|
+ $services = $db->resultQuery($qry_services);
|
|
|
+ foreach ($services as $key => $row) {
|
|
|
+ if($max_players < $row['slot_min_qty'] || $qty < 1){
|
|
|
+ $max_players = $row['slot_min_qty'];
|
|
|
+ $qty = 1;
|
|
|
+ }
|
|
|
+ /*
|
|
|
+ An extra check added for the inverse: check max_players against slot_max_qty.
|
|
|
+ It would be good to do in the event someone is only selling a max of 16 slots per server.
|
|
|
+ */
|
|
|
+ elseif ($max_players > $row['slot_max_qty'])
|
|
|
+ {
|
|
|
+ $max_players = $row['slot_max_qty'];
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ $price = $max_players*$price_slot*$qty;
|
|
|
|
|
|
if( isset( $_POST["add_to_cart"] ) )
|
|
|
{
|
OwN-3m-All