forked from breakthenet/HackMe-SQL-Injection-Challenges
-
Notifications
You must be signed in to change notification settings - Fork 0
/
votetwg.php
executable file
·45 lines (44 loc) · 1.21 KB
/
votetwg.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php
session_start();
require "global_func.php";
if ($_SESSION['loggedin'] == 0)
{
header("Location: login.php");
exit;
}
$userid = $_SESSION['userid'];
require "header.php";
$h = new headers;
//$h->startheaders();
include "mysql.php";
global $c;
$is =
mysql_query(
"SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",
$c) or die(mysql_error());
$ir = mysql_fetch_array($is);
check_level();
$fm = money_formatter($ir['money']);
$cm = money_formatter($ir['crystals'], '');
$lv = date('F j, Y, g:i a', $ir['laston']);
$q =
mysql_query(
"SELECT * FROM votes WHERE userid=$userid AND list='twg'", $c);
if (mysql_num_rows($q))
{
$h->startheaders();
$h->userdata($ir, $lv, $fm, $cm);
$h->menuarea();
print "You have already voted at TWG today!";
$h->endpage();
}
else
{
mysql_query("INSERT INTO votes values ($userid,'twg')", $c);
mysql_query(
"UPDATE users SET energy=energy+maxenergy/5 WHERE userid=$userid",
$c);
mysql_query("UPDATE users SET energy=maxenergy WHERE energy>maxenergy", $c);
header("Location:http://www.topwebgames.com/in.asp?id=3341");
exit;
}