Jump to content

Help me stop Cheaters

cdoyle

By cdoyle
in PHP Coding Help

 Share

Recommended Posts

cdoyle Member

cdoyle

Posted
Posted

Hi,

 

I've been learning PHP as I go, and learning a lot in just the past few months.

 

I've been modifying the ezRPG script to give my game some more things to do.

I've created separate cities, and as the users gain levels they gain access to more cities.

 

I have my pages working great, but one thing I didn't think of was those 'cheaters'

 

Here is my bus.php,  more links appear as they gain access to cities.  It all works, but say if a brand new users starts the game.

they only have access to 2 cities.

ID 1 and ID2

 

but if they manually type into the address bar

http://www.caraudiocentral.net/CAC_Mafia_Life/bus.php?act=go&id=100

 

it takes them right there.

 

In my attached page, I think I need to make some sort of IF statement that checks the user level, if the user's level doesn't meet the entered ID, then it stops them.

 

How can I do this?

 

 

 

[attachment deleted by admin]

Link to comment
Share on other sites
GingerRobot Regular Member

GingerRobot

Posted
Posted

In my attached page, I think I need to make some sort of IF statement that checks the user level, if the user's level doesn't meet the entered ID, then it stops them.

 

Yep, thats about the size of it.

 

How can I do this?

 

Well how do you display which cities a user has access to? You basically have to repeat the check.

Link to comment
Share on other sites
cdoyle Member

cdoyle

Posted
  • Author
Posted

I have this for the check in the page

 

$querycity2 = $db->execute("SELECT * FROM Cities Where $player->level >= Minimum_Level");
while ($getcity2 = $querycity2->fetchrow()) {

 

I thought it would be something like redoing this check, but where in my page do I put it?

Link to comment
Share on other sites
.josh Advanced Member

.josh

Posted
Posted

I would also suggest scrapping the whole idea of passing your variables through the url.  Rather, maintain what areas the users have access to in your database.  Have one "display" or "control" page that queries your database based on user's info. Have your query select relevant info and display a single page based on the user's level etc...

 

In short, passing variables through the url should never ever ever be used unless it is completely harmless...like for pagination. 

Link to comment
Share on other sites
cdoyle Member

cdoyle

Posted
  • Author
Posted

Well I think I do have it that way, but maybe I'm not implementing it right.

 

I have only one 'city' page, it's pulled by whatever city they player is in. 

This is pulled from the City_ID field in the players table.

 

The 'bus.php' page I have,  is where the field in the players table is updated.

The links that are displayed on this page, are ones that they can go to based on their level.  When they click on the link, it updates the city_id field for that player.

 

so a link could look like

http://www.caraudiocentral.net/CAC_Mafia_Life/bus.php?act=go&id=2

this would update that players city_ID to 2

 

but if they just manually type in a URL like

http://www.caraudiocentral.net/CAC_Mafia_Life/bus.php?act=go&id=100

 

they would go to city_ID 100 (which doesn't even exist yet!)

 

So when they go back to the city.php page, it will now display whatever options I have for that city.

 

I was looking at other games, and it seems they do things similar to what I have.  They just have something in place to stop you from manually typing in an URL to a city you might not have access too.

 

I'm going to try and work on the If statement today.

 

 

 

 

Link to comment
Share on other sites
cdoyle Member

cdoyle

Posted
  • Author
Posted

well then I suggest alternatively you could pass a token from page to page via sessions and check for the token upon each page load.  So..if user were to manually enter in the address from the url...no token is generated/passed.

 

I'm not familiar with this method, would you have an example or what I need to do?

 

I'm going to have to do this for several parts of the game,  I have shops that are only available depending what city the player is in.  I found that you can just manually enter the item_id for the items in the shops and buy them no matter where you are in the game.

 

 

Link to comment
Share on other sites
jonsjava Member

jonsjava

Posted
Posted

I'm sure you have session_start at the top of every page, so with that in mind:

$date = date("Y-d");
$_SESSION['validator'] = md5($date);

add the above to the form they submit

and add the stuff below to the file they post to:

$date = date("Y-d");
if ($_SESSION['validator'] != md5($date) || !(isset($_SESSION['validator']))){
header("location:get_lost");
}

Link to comment
Share on other sites
cdoyle Member

cdoyle

Posted
  • Author
Posted

Yes the session start is part of a include file (lib.php).

 

The page doesn't have a 'form' per say, it runs a query and displays the links as they meet the requirements.

and when the click on a link it points to the same file, it doesn't point to another file.

 

So I'm not sure where I need to put the code?

 

Here is my bus.php page code.

 

<?php

include("lib.php");
define("PAGENAME", "Wanna Go Somewhere?");
$player = check_user($secret_key, $db);

$cityid = $_GET['id'];
$query = $db->execute("select `City_ID`, `City_Name`, `Cost` from `Cities` where `City_ID`=?", array($_GET['id']));
while ($buscost1 = $query->fetchrow()) 
$buscost2 = $buscost1['Cost'];


if ($_GET['act'] == "go") {
    if ($player->gold < $buscost2) {
        include("templates/private_header.php");
        echo "Hey everyone look, this wanna be gansta thinks this bus is free!<p>";
        echo "<a href=\"home.php\">Home</a>\n";
        include("templates/private_footer.php");
        exit;
    }
    
    //if player already in this city
    
    If ($player->City_ID == $cityid) {
        include("templates/private_header.php");
        echo "Are you high?  You're already here moron<p>";
        echo "<a href=\"home.php\">Home</a>\n";
        include("templates/private_footer.php");
        exit;
    } else {
        //update City
        
   
	$query1 = $db->execute("update `players` set `City_ID`=?, `gold`= `gold` - ? where `id`=?", array($cityid, $buscost2, $player->id));
    }
    
    $player = check_user($secret_key, $db);
    include("templates/private_header.php");
    echo "You have arrived at your destination";
    echo "<p><a href=\"home.php\">Home</a>\n";
    include("templates/private_footer.php");
    exit;
}

include("templates/private_header.php");

echo "Welcome to CAC Bus Lines<br>";
echo "Please purchase your ticket and step onto the bus. <br /> The cost of the ticket from your current location is listed below.<p>";

echo "<table width=\"100%\" border=\"1\">\n";
echo "<th width=\"199\" class=\"cellheader\">Destination</th>";
echo "<th width=\"217\" class=\"cellheader\"> Cost</th>";

$querycity2 = $db->execute("SELECT * FROM Cities Where $player->level >= Minimum_Level");
while ($getcity2 = $querycity2->fetchrow()) {
    
echo "<tr>";
    echo "<td width=\"199\"><a href='bus.php?act=go&id={$getcity2['City_ID']}'>{$getcity2['City_Name']}</a></td>\n";
    echo "<td width=\"217\">";
    echo "$getcity2[Cost]";
    echo "</td>\n";
    echo "</tr>\n";
}
echo "</table>\n";

include("templates/private_footer.php");
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.