Bitcoin Forum
December 14, 2017, 05:01:04 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: bitfreak!'s BTC-SCI  (Read 2377 times)
jopo
Newbie
*
Offline Offline

Activity: 1


View Profile
January 22, 2013, 10:04:25 PM
 #1

Hey guys,

i'm trying to get bitfreak!'s SCI running (actually on my local XAMPP). But when I try to donate something it doesn't show anything else than a white page. When i remove this part from the payment.php it shows the deposit address.

Code:
// check for potential errors before proceeding
if (empty($_GET['u'])) {

  $check_result = bitsci::check_payment($_SESSION['total_price'], $pubAdd, $confirm_num);

  if ($check_result === 'e1') {
    invalid_input('Block Explorer API is offline. Please try again later.');
  } elseif ($check_result === 'e2') {
    invalid_input('The address is corrupt. Please go back and try again.');
  } elseif ($check_result === 'e3') {
    invalid_input('An unknown error occured. Please try again later.');
  } elseif ($check_result === true) {
    confirm_transaction('ipn-control.php?sid='.$sid, $pubAdd, $sec_str);
  }
}

What is wrong in this part? And: It doesn't generate a private key into the CSV-File.

Hope you can help me getting this thing running,

thanks alot,

- jopo
1513227664
Hero Member
*
Offline Offline

Posts: 1513227664

View Profile Personal Message (Offline)

Ignore
1513227664
Reply with quote  #2

1513227664
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
mjc
Hero Member
*****
Offline Offline

Activity: 588


Available on Kindle


View Profile WWW
January 23, 2013, 02:56:30 AM
 #2

This is not an answer to your question, just an observation.

You are checking those parameters right?  Other wise someone could attack your system by injecting commands into your script.

You are concatenating user parameters into your code.  Particularly the sid parameter.  The way is written its ripe for a remote file include.

Not a perfect example but relevane
https://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution

Kindle : Bitcoin Step by Step (2nd Ed) : http://www.amazon.com/Bitcoin-Step-by-ebook/dp/B00A1CUQQU
Kindle : Bitcoin Mining Step by Step : http://www.amazon.com/Bitcoin-Step-by-ebook/dp/B00A1CUQQU
Facebook :  https://www.facebook.com/BitcoinStepByStep     Twitter : @BitcoinSbS
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!