Hello, I'm new here and I'd like some help to modify some values in an online application...
I think I know how the procedure works, but I'm still having trouble to get to the source of it to be able to modify the things I want...
The website is tetrisfriends.com
It's a little flash application, that rewards the users with gifts, after you spin it... However the flash app itself only is being used to show the user what he won, and show your prices... The stuff you have won is being defined earlier in the process I found out...
First it triggers this link: /users/ajax/daily_spin_popup.php?action_token=ab75e41f11dbb00f 612a403cfa58a2c0 (the token being a random value), I think the token also doesn't have to do with the prize you will earn... It's just to verify your session I guess.
Then it generates a page like this (I intercept them with my webdebug proxy, Charles...)
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Tetris - Daily Spin</title>
<link rel='stylesheet' href='http://tetrisow-a.akamaihd.net/data4_0_0_1/stylesheets/combined.min.css' type='text/css' media='screen' /> <script type='text/javascript' src='http://tetrisow-a.akamaihd.net/data4_0_0_1/javascripts/combined.min.js' charset='utf-8'></script> </head>
<body class='popup_body'>
<div id='daily_spin_container'>
<a id='daily_spin_close_btn' class='button button_small_grey button_small_grey_close user_stats_close_btn floatright' href='javascript:void(0)' onclick='closeDailySpinPopup()'></a>
<div id="daily_spin_content"></div>
</div>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var swf = "/data/images/OWDailySweepstakes.swf?prize1=token:15&prize2=toke n:15&dayOfWeek=6&numOfDays=1&inTFActionToken=cdec8 58480c6553124bbc2edde21f968";
var vPage = "/daily_spin_popup";
var spinCount = 2;
var prizeTags = "token:15&token:15";
$(document).ready(function() {
swfobject.embedSWF(swf, "daily_spin_content", 640, 500, "9.0.0", {}, {}, {wmode: "transparent"}, {allowscriptaccess: "always"}, {id:"dailySpinSwf", name:"dailySpinSwf"});
try {
pageTracker = _gat._getTracker("UA-886022-5");
pageTracker._trackPageview(vPage);
} catch(err) {}
toggleAd(false);
});
function toggleAd(showAd) {
try {
if (showAd) {
$(window.top.document.getElementById("home_custom_ ad_content")).css({ 'left': 0, 'position': 'relative' });
$(window.top.document.getElementById("home_adverti sement")).css('left', 0);
} else {
$(window.top.document.getElementById("home_custom_ ad_content")).css({ 'left': -9999, 'position': 'relative' });
$(window.top.document.getElementById("home_adverti sement")).css('left', -9999);
}
} catch(err) {}
}
function closeDailySpinPopup() {
try {
pageTracker = _gat._getTracker("UA-886022-5");
pageTracker._trackPageview(vPage + '/close');
} catch(err) {}
setTimeout("window.top.Shadowbox.close()", 250);
toggleAd(true);
}
</script>
</body>
</html>
You can see where it shows and defines the price tags etc in this page... So it seemed easy to edit, however if I'm changing the prizes to what I want, which perfectly works, the flash spinner starts, gives me those prizes, but when I leave, it doesn't reward me those gifts... Instead it gives me the ones that were originally meant to be given to me...
So I suppose what you will earn with the daily spinner on that site, is defined before this page is created or the flash application starts...I would have to access that information to change the stuff I want But so the problem is I cannot find where that info is stored, like that you will receive 10 tokens and 10 armor with the daily spinner, for example... in my webdebugging proxy I'm not finding any config files, or links to, where it says what you will get there... I'm not an expert with javascript, maybe someone can see some more in these functions... There is a file "combined.js" which contains the function of the dailyspinner... and of the link it gets than to reward the gifts.... :
function popUpDailySpin(a){popUpBoxByUrl("/users/ajax/daily_spin_popup.php?action_token="+a,640,510,"",f unction(){setTimeout("refreshMiniProfile()",0)})}f unction refreshMiniProfile(){addLoadingAnimation("#home_mi ni_profile_container");$("#home_mini_profile_conta iner").load("/users/_inc/mini_profile.php",function(){removeLoadingAnimatio n("#home_mini_profile_container")})}
And
function activateRewards(b){if(!activateSent){activateSent= true;try{if(typeof(spinCount)==undefined||typeof(s pinCount)=="undefined"){spinCount=1}var e=prizeTags.split("&");pageTracker=_gat._getTracke r("UA-886022-5");pageTracker._trackPageview("/daily_spin_popup/spin"+spinCount);for(var a=0;a<e.length;a++){var d=e[a].split(":");pageTracker._trackEvent("DailySpin",d[0],d[1])}}catch(c){}$.get("/users/ajax/activate_promo_item.php?rewardSpin=1",function(f){ })}}function toggleTroubleElements(b){var a=["select","object","embed","canvas"];for(var d=0;d<a.length;d++){var e=document.getElementsByTagName(a[d]);for(var c=0;c<e.length;c++){if(b){$(e[c]).css("visibility","visible")}else{$(e[c]).css("visibility","hidden")}}}}Those are the javascript codes taht are being used on the site and I also see them in my proxy so these are being used to run the spinner... I've been looking into this a lot, so I would be really happy if someone could help me with this... So it basically gives you the rewards that were originally picked for you, when you finish the spin... even if you let the spinner give you something else... So I'd have to access the source where the original gifts are defined, or what links to it...
Thanks
