to the casual observer, yes it appears pretty insecure. once you try to hack it, then you see the genius of the design.
There is nothing genius about the code, and nothing genius about you.
other than the queries, i'd say its pretty secure.
Your opinion means nothing and is apparently given out without any thought. That code is some of the worst I've seen in years. WTF makes total amateurs think they can launch an exchange that's responsible for handling people's money? Based on that code you're about 5 years of programming experience away from being able to, possibly, code securely enough. Don't even think about relaunching with anything but a play site.
lets have an example there bud.
Oh I don't know, the
topic of this thread you fucking idiot comes to mind. Also whatever double cancel bug you had that allowed people to gives themselves coins.
And then of course there's always this one:
https://openex.pw/index.php?page=trade&market='';alert('You%20are%20an%20idiot.');I'm sure you have no idea why that's a problem though. I don't understand why anyone in this thread is cutting you slack at all. What you did is the equivalent of opening a bank, taking people's deposits, and then leaving the doors unlocked and the vault wide open. Your code is the quality of what I made in middle school, and your attitude fits that age range as well. I'm done with this thread, but a warning for anyone reading it:
Do not, do not, DO NOT use any site built by r3wt that puts any of your property at risk! His understanding of web security is nonexistent, his code is crap, and his attitude is reckless and irresponsible.When his next site gets hacked, don't say I didn't tell you so.
I'm glad it isn't just me who thought its iffy. This guys already demonstrated XSS. I cba to look at the php again but it does look really open to SQL Injection.