MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Support > mysubscriptions, users able to edit prices.
Full Version: mysubscriptions, users able to edit prices.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

cronhound

2013-09-25, 01:49 AM
Hi, I'm looking for a paid VIP membership system for my forum. I've recently tried MySubscriptions, which works great apart from the fact that the price is stored in a hidden field which users can change using chrome's inspect element. So they can essentially get VIP for free.

Does anybody have either a solution to this or a better paid VIP system?

.m.

2013-09-25, 01:53 AM
Quote:the price is stored in a hidden field which users can change using chrome's inspect element
are you sure about it ? it is stored in the database and users can not change it

Arbaz

2013-09-25, 01:55 AM
If they change the price using Chrome inspect element feature; it wouldn't be a big issue because those changes aren't saved. Unless they edit the post parameters - If I'm correct.

Anyways, if you still want a different plugin, do you want an automatic subscription plugin or a plugin where you have to promote them manually?

cronhound

2013-09-25, 01:57 AM
(2013-09-25, 01:53 AM).m. Wrote: [ -> ]
Quote:the price is stored in a hidden field which users can change using chrome's inspect element
are you sure about it ? it is stored in the database and users can not change it


They can just change the value of the hidden field.
<input type="hidden" id="a3" name="a3" value="15">

Arbaz

2013-09-25, 01:59 AM
(2013-09-25, 01:57 AM)cronhound Wrote: [ -> ]
(2013-09-25, 01:53 AM).m. Wrote: [ -> ]
Quote:the price is stored in a hidden field which users can change using chrome's inspect element
are you sure about it ? it is stored in the database and users can not change it


They can just change the value of the hidden field.
<input type="hidden" id="a3" name="a3" value="15">

Once again, editing through inspect element, firebug or any similar add-on will not save the changes thus the edits won't work.

cronhound

2013-09-25, 02:04 AM
(2013-09-25, 01:59 AM)Arbaz Wrote: [ -> ]
(2013-09-25, 01:57 AM)cronhound Wrote: [ -> ]
(2013-09-25, 01:53 AM).m. Wrote: [ -> ]
Quote:the price is stored in a hidden field which users can change using chrome's inspect element
are you sure about it ? it is stored in the database and users can not change it


They can just change the value of the hidden field.
<input type="hidden" id="a3" name="a3" value="15">

Once again, editing through inspect element, firebug or any similar add-on will not save the changes thus the edits won't work.

They only need to change it on their end, it still sends that information to PayPal.
This is me editing the value, changing it to 1337.
[attachment=30214]

This is what happens when I click the subscribe button.
[attachment=30215]
So it doesn't need to be stored anywhere.
I've tried paying and it doesn't add the subscription. So I guess if people do try it, I'll get free money.

pavemen

2013-09-25, 03:18 AM
It should not matter since the plugin checks the subscription price against what Paypal is returning to the plugin from the IPN call. If they do not match, then there is nothing done.
MyBB Community Forums > Extensions > Plugins > Plugin Support > mysubscriptions, users able to edit prices.