forked from breakthenet/HackMe-SQL-Injection-Challenges
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcrystaltemple.php
More file actions
executable file
·113 lines (111 loc) · 3.79 KB
/
crystaltemple.php
File metadata and controls
executable file
·113 lines (111 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
session_start();
require "global_func.php";
if ($_SESSION['loggedin'] == 0)
{
header("Location: login.php");
exit;
}
$userid = $_SESSION['userid'];
require "header.php";
$h = new headers;
$h->startheaders();
include "mysql.php";
global $c;
$is =
mysql_query(
"SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",
$c) or die(mysql_error());
$ir = mysql_fetch_array($is);
check_level();
$fm = money_formatter($ir['money']);
$cm = money_formatter($ir['crystals'], '');
$lv = date('F j, Y, g:i a', $ir['laston']);
$h->userdata($ir, $lv, $fm, $cm);
$h->menuarea();
if (!$_GET['spend'])
{
print
"Welcome to the crystal temple!<br />
You have <b>{$ir['crystals']}</b> crystals.<br />
What would you like to spend your crystals on?<br />
<br />
<a href='crystaltemple.php?spend=refill'>Energy Refill - 12 Crystals</a><br />
<a href='crystaltemple.php?spend=IQ'>IQ - 5 IQ per crystal</a><br />
<a href='crystaltemple.php?spend=money'>Money - \$200 per crystal</a><br />";
}
else
{
if ($_GET['spend'] == 'refill')
{
if ($ir['crystals'] < 12)
{
print "You don't have enough crystals!";
}
else if ($ir['energy'] == $ir['maxenergy'])
{
print "You already have full energy.";
}
else
{
mysql_query(
"UPDATE users SET energy=maxenergy,crystals=crystals-12 WHERE userid=$userid",
$c);
print "You have paid 12 crystals to refill your energy bar.";
}
}
else if ($_GET['spend'] == 'IQ')
{
print
"Type in the amount of crystals you want to swap for IQ.<br />
You have <b>{$ir['crystals']}</b> crystals.<br />
One crystal = 5 IQ.<form action='crystaltemple.php?spend=IQ2' method='post'><input type='text' name='crystals' /><br /><input type='submit' value='Swap' /></form>";
}
else if ($_GET['spend'] == 'IQ2')
{
$_POST['crystals'] = (int) $_POST['crystals'];
if ($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals'])
{
print
"Error, you either do not have enough crystals or did not fill out the form.<br />
<a href='crystaltemple.php?spend=IQ'>Back</a>";
}
else
{
$iqgain = $_POST['crystals'] * 5;
mysql_query(
"UPDATE users SET crystals=crystals-{$_POST['crystals']} WHERE userid=$userid",
$c);
mysql_query(
"UPDATE userstats SET IQ=IQ+$iqgain WHERE userid=$userid",
$c);
print "You traded {$_POST['crystals']} crystals for $iqgain IQ.";
}
}
else if ($_GET['spend'] == 'money')
{
print
"Type in the amount of crystals you want to swap for \$\$\$.<br />
You have <b>{$ir['crystals']}</b> crystals.<br />
One crystal = \$200.<form action='crystaltemple.php?spend=money2' method='post'><input type='text' name='crystals' /><br /><input type='submit' value='Swap' /></form>";
}
else if ($_GET['spend'] == 'money2')
{
$_POST['crystals'] = (int) $_POST['crystals'];
if ($_POST['crystals'] <= 0 || $_POST['crystals'] > $ir['crystals'])
{
print
"Error, you either do not have enough crystals or did not fill out the form.<br />
<a href='crystaltemple.php?spend=money'>Back</a>";
}
else
{
$iqgain = $_POST['crystals'] * 200;
mysql_query(
"UPDATE users SET crystals=crystals-{$_POST['crystals']},money=money+$iqgain WHERE userid=$userid",
$c);
print "You traded {$_POST['crystals']} crystals for \$$iqgain.";
}
}
}
$h->endpage();