Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-30 03:09:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent re-purchase of item if page is reloaded after POST

Browse Source
This commit is contained in:
Pwntus 2016-05-27 00:25:52 +02:00
parent e65762a96c
commit a16cbf72b1
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
shop.php
View File

@ -10,7 +10,7 @@ if (isset($_GET['callback']) && $_GET['callback'] === 'processing') {
$shop = $config['shop']; $shop = $config['shop'];
$shop_list = $config['shop_offers']; $shop_list = $config['shop_offers'];
if (!empty($_POST['buy'])) { if (!empty($_POST['buy']) && $_SESSION['shop_session'] == $_POST['session']) {
$time = time(); $time = time();
$player_points = (int)$user_znote_data['points']; $player_points = (int)$user_znote_data['points'];
$cid = (int)$user_data['id']; $cid = (int)$user_data['id'];
@ -73,7 +73,7 @@ if ($shop['enabled']) {
<h1>Shop Offers</h1> <h1>Shop Offers</h1>
<?php <?php
if (!empty($_POST['buy'])) { if (!empty($_POST['buy']) && $_SESSION['shop_session'] == $_POST['session']) {
if ($user_znote_data['points'] >= $buy['points']) { if ($user_znote_data['points'] >= $buy['points']) {
?><td>You have <?php echo (int)($user_znote_data['points'] - $buy['points']); ?> points. (<a href="buypoints.php">Buy points</a>).</td><?php ?><td>You have <?php echo (int)($user_znote_data['points'] - $buy['points']); ?> points. (<a href="buypoints.php">Buy points</a>).</td><?php
} else { } else {
@ -109,6 +109,7 @@ if ($config['shop_auction']['characterAuction']) {
?> ?>
<form action="" method="POST"> <form action="" method="POST">
<input type="hidden" name="buy" value="<?php echo (int)$key; ?>"> <input type="hidden" name="buy" value="<?php echo (int)$key; ?>">
<input type="hidden" name="session" value="<?php echo time(); ?>">
<input type="submit" value=" PURCHASE " class="needconfirmation" data-item-name="<?php echo $offers['description']; ?>" data-item-cost="<?php echo $offers['points']; ?>"> <input type="submit" value=" PURCHASE " class="needconfirmation" data-item-name="<?php echo $offers['description']; ?>" data-item-cost="<?php echo $offers['points']; ?>">
</form> </form>
<?php <?php
@ -135,6 +136,10 @@ if ($config['shop_auction']['characterAuction']) {
}); });
</script> </script>
<?php } <?php }
// Store current timestamp to prevent page-reload from processing old purchase
$_SESSION['shop_session'] = time();
} else echo '<h1>Buy Points system disabled.</h1><p>Sorry, this functionality is disabled.</p>'; } else echo '<h1>Buy Points system disabled.</h1><p>Sorry, this functionality is disabled.</p>';
include 'layout/overall/footer.php'; ?> include 'layout/overall/footer.php'; ?>