Jump to content

Huge php problem

Alienware

By Alienware
in PHP Coding Help

 Share

Recommended Posts

Alienware Member

Alienware

Posted
Posted

Ok i am sooooooooooooo confused right now!

 

An admin on my game mmorpg website coded a scipt for the website, but he has used a simelar code that is already being used on the site for a template, but he hasnt taken the old code away from the  script either, im not sure if this would be a problem... the code makes absolutely no sense.

 

The page is supposed to let players buy cars with points in the game.

 

What is happening is any user can click on a car to buy and buy it even if they have no points to spend!

 

It isnt taking the points from the player and it is just giving them the car anyway.

 

I have no idea how to fix this code.

 

If anyone has the time to help me with this problem i would hugely appreciate it!

 

<?php
require("connections/db.php");
require("connections/require.php");



$que = mysql_query("SELECT * FROM `players` WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());
$arr = mysql_fetch_array($que);



$points = $arr['points'];
$money = $arr['money'];
$bullets = $arr['bullets'];
$rankpoints = $arr['rankpoints'];
$flytime = $arr['flytime'];
$bartime = $arr['bartime'];
$location = $arr['location'];

$submit = strip_tags($_POST['submit']);
$buy = strip_tags($_POST['buy']);
$crime = strip_tags($_POST['crime']);

if ($submit){

if ($buy == "2"){

if ($points < 5){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 5){

$newpoints = $points - 5;
$newcash = $money + 15000;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `money` = '$newcash' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added $15,000 cash to your account for 5 points.";
upd($upd);

}}elseif ($buy == "3"){

if ($points < 15){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 15){

$newpoints = $points - 15;
$newcash = $money + 50000;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `money` = '$newcash' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added $50,000 cash to your account for 15 points.";
upd($upd);

}}elseif ($buy == "4"){

if ($points < 30){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 30){

$newpoints = $points - 30;
$newcash = $money + 85000;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `money` = '$newcash' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added $85,000 cash to your account for 30 points.";
upd($upd);

}}elseif ($buy == "flytime"){

if ($points < 60){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 60){

$newpoints = $points - 60;


mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=red><b>2007 Ford Mustang</b></font>' , '0' , '$location' , '$location' , '0' , '560000' )")or die(mysql_error());

$upd = "You successfuly added bought a 2007 Ford Mustang for 60 points.";
upd($upd);

}}elseif ($buy == "bartime"){

if ($points < 50){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 50){

$newpoints = $points - 50;
$now = time();

mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=green><b>2008 Hummer H3</b></font>' , '0' , '$location' , '$location' , '0' , '530000' )")or die(mysql_error());

$upd = "You successfuly added bought a 2008 Hummer H3 for 50 points.";
upd($upd);

}}elseif ($buy == "rankpoints"){

if ($points < 15){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 15){

$newpoints = $points - 15;
$newpts = $rankpoints + 100;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `rankpoints` = '$newpts' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added 100 rankpoints to your account for 15 points.";
upd($upd);


}}elseif ($buy == "rankpoints2"){

if ($points < 30){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 30){

$newpoints = $points - 30;
$newpts = $rankpoints + 300;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `rankpoints` = '$newpts' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added 300 rankpoints to your account for 30 points.";
upd($upd);


}}elseif ($buy == "rankpoints3"){

if ($points < 75){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 75){

$newpoints = $points - 75;
$newpts = $rankpoints + 1000;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `rankpoints` = '$newpts' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added 1,000 rankpoints to your account for 75 points.";
upd($upd);

}}elseif ($buy == "timers"){

if ($points < 40){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 40){

$newpoints = $points - 40;


mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=red><b>2008 Dodge Ram Turbo Diesel</b></font>' , '0' , '$location' , '$location' , '0' , '420000' )")or die(mysql_error());

$upd = "You successfuly added bought a 2008 Dodge Ram Turbo Diesel for 40 points.";
upd($upd);


}}elseif ($buy == "bullets"){

if ($points < 30){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 30){

$newpoints = $points - 30;


mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=yellow><b>1955 Ford Thunderbird</b></font>' , '0' , '$location' , '$location' , '0' , '329990' )")or die(mysql_error());

$upd = "You successfuly added bought a 1955 Ford Thunderbird for 30 points.";
upd($upd);

}}elseif ($buy == "bullets"){

if ($points < 5){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 5){

$newpoints = $points - 5;
$newbullets = $bullets + 1000;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `bullets` = '$newbullets' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added 1000 bullets to your account for 5 points.";
upd($upd);

}}elseif ($buy == "bullets2"){

if ($points < 20){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 20){

$newpoints = $points - 20;
$newbullets = $bullets + 5000;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `bullets` = '$newbullets' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added 5000 bullets to your account for 20 points.";
upd($upd);

}}elseif ($buy == "bullets3"){

if ($points < 35){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 35){

$newpoints = $points - 35;
$newbullets = $bullets + 10000;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `bullets` = '$newbullets' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly added 10000 bullets to your account for 35 points.";
upd($upd);
}}elseif ($buy == "wep"){

if ($points < 50){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 50){

$newpoints = $points - 50;
$weapon = 4;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `weapon` = '$weapon' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly bought a 527 Varmint Kevlar for 50 points.";
upd($upd);

}}elseif ($buy == "wep2"){

if ($points < 100){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 100){

$newpoints = $points - 100;
$weapon = 5;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `weapon` = '$weapon' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly bought a M77 MkII VLE for 100 points.";
upd($upd);


}}elseif ($buy == "wep3"){

if ($points < 200){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 200){

$newpoints = $points - 200;
$weapon = 6;

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `weapon` = '$weapon' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly bought a 1965 Chevrolet Chevelle for 200 points.";
upd($upd);
}}elseif ($buy == "pro"){

if ($points < 70){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 70){

$newpoints = $points - 70;


mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=yellow><b>1965 Chevrolet Chevelle</b></font>' , '0' , '$location' , '$location' , '0' , '659950' )")or die(mysql_error());

$upd = "You successfuly added bought a 1965 Chevrolet Chevelle for 70 points.";
upd($upd);


}}elseif ($buy == "pro2"){

if ($points < 30){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 30){

$newpoints = $points - 30;


mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=yellow><b>1967 El Camino</b></font>' , '0' , '$location' , '$location' , '0' , '290000' )")or die(mysql_error());

$upd = "You successfuly added bought a 1967 El Camino for 30 points.";
upd($upd);

}}elseif ($buy == "pro3"){

if ($points < 50){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 200){

$newpoints = $points - 200;


mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=yellow><b>1969 Pontiac GTO</b></font>' , '0' , '$location' , '$location' , '0' , '525999' )")or die(mysql_error());

$upd = "You successfuly added bought a 1969 Pontiac GTO for 50 points.";
upd($upd);

}}elseif ($buy == "plane"){

if ($points < 50){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 50){

$newpoints = $points - 50;
$plane = "Harrier";

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `plane` = '$plane' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly bought a harrier for 50 points.";
upd($upd);


}}elseif ($buy == "plane2"){

if ($points < 100){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 100){

$newpoints = $points - 100;
$plane = "F-14A Tomcat";

mysql_query("UPDATE `players` SET `points` = '$newpoints' , `plane` = '$plane' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

$upd = "You successfuly bought a F-14A Tomcat for 100 points.";
upd($upd);

}}elseif ($buy == "plane3"){

if ($points < 70){
$error = "You dont have enough points for that item.";
error($error);
}elseif ($points >= 70){

$newpoints = $points - 70;


mysql_query("INSERT INTO `garage` ( `id` , `owner` , `car` , `damage` , `origin` , `location` , `status` , `value` )
VALUES
( '' , '$player' , '<font color=yellow><b>1972 Dodge Challenger</b></font>' , '0' , '$location' , '$location' , '0' , '725000' )")or die(mysql_error());

$upd = "You successfuly added bought a 1972 Dodge Challenger for 60 points.";
upd($upd);

}}

}

$send = strip_tags($_POST['send']);
$play = strip_tags($_POST['player']);
$amount = strip_tags(intval($_POST['amount']));

if ($send){

if (!$play){
$error = "Please state the player you wish to send points to.";
error($error);
}elseif ($play){

if (!$amount){
$error = "Please state the amount of points you wish to send to ".$play.".";
error($error);
}elseif ($amount){

if (ereg("[^A-Za-z0-9]", $play)){
$error = "Playername can only contain alpha-numeric characters.";
error($error);
}elseif (!ereg("[^A-Za-z0-9]", $play)){

if (ereg("[^[:digit:]]", $amount)){
$error = "Point amount can only contain integers.";
error($error);
}elseif (!ereg("[^[:digit:]]", $amount)){

if ($amount > $points){
$error = "You don't have that many points.";
error($error);
}elseif ($amount <= $points){

$lll = mysql_query("SELECT * FROM `players` WHERE `playername` = '$play' LIMIT 1")or die(mysql_error());
$nnn = mysql_numrows($lll);

if ($nnn == 0){
$error = "That player doesn't exist.";
error($error);
}elseif ($nnn == 1){

if (strtolower($play) == strtolower($player)){
$error = "You can't send points to yourself.";
error($error);
}else{

$dbinfo = mysql_fetch_assoc($lll);

$ostat = $dbinfo['status'];
$opoints = $dbinfo['points'];

if ($ostat != "Alive"){
$error = "That player is ".$ostat.".";
error($error);
}elseif ($ostat == "Alive"){

$rlname = $dbinfo['playername'];
$points = $points - $amount;
$opoints = $opoints + $amount;

mysql_query("UPDATE `players` SET `points` = '$points' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());
mysql_query("UPDATE`players` SET `points` = '$opoints' WHERE `playername` = '$rlname' LIMIT 1")or die(mysql_error());

mysql_query("INSERT INTO `point_send` ( `id` , `sender` , `reciever` , `amount` , `senderamountleft` , `recieveramountleft` , `date` )
VALUES
( '' , '$player' , '$rlname' , '$amount' , '$points' , '$opoints' , '$date' )")or die(mysql_error());

$title = "Game Information";
$msg = $player." has sent you ".number_format($amount)." points, you now have ".number_format($opoints).".";

mysql_query("INSERT INTO `inbox` ( `id` , `playername` , `from` , `title` , `message` , `read` , `date` , `protected` )
VALUES
( '' , '$rlname' , '$rlname' , '$title' , '$msg' , '0' , '$date' , '0' )")or die(mysql_error());

$upd = "You have successfully sent ".number_format($amount)." points to <a href=\"profile.php?player=".$rlname."\">".$rlname."</a>";
upd($upd);

}}}}}}}}}

$retrieve = strip_tags(addslashes($_POST['retrieve']));
$who = strip_tags(addslashes($_POST['who']));
$pass = strip_tags($_POST['pass']);

if ($retrieve){

if (!$who){
$error = "Please enter the playername of the account you wish to get points from.";
error($error);
}elseif ($who){

if (!$pass){
$error = "Please enter the password of the account you wish to get points from.";
error($error);
}elseif ($pass){

if (strlen($who) < 3 || strlen($who) > 20){
$error = "Playername can only contain between 3 and 20 characters.";
error($error);
}elseif (strlen($who) >= 3 && strlen($who) <= 20){

if (strlen($pass) < 3 || strlen($pass) > 20){
$error = "Password can only contain between 3 and 20 characters.";
error($error);
}elseif (strlen($pass) >= 3 && strlen($pass) <= 20){

if (ereg("[^A-Za-z0-9]", $who)){
$error = "Playername can only contain alpha-numeric characters.";
error($error);
}elseif (!ereg("[^A-Za-z0-9]", $who)){

$whochk = mysql_query("SELECT * FROM `players` WHERE `playername` = '$who' LIMIT 1")or die(mysql_error());
$whonum = mysql_numrows($whochk);

if ($whonum == 0){
$error = "That player doesn't exist.";
error($error);
}elseif ($whonum == 1){

$whoarr = mysql_fetch_array($whochk);
$whoname = $whoarr['playername'];
$whopass = $whoarr['password'];
$whopts = $whoarr['points'];

if (strtolower($pass) != strtolower($whopass)){
$error = "Incorrect password.";
error($error);
}elseif (strtolower($pass) == strtolower($whopass)){

if ($whopts == 0){
$error = $whoname." doesn't have any points.";
error($error);
}elseif ($whopts > 0){

$newpoints = $points + $whopts;
$newwhopts = 0;

mysql_query("UPDATE `players` SET `points` = '$newpoints' WHERE `playername` = '$player' LIMIT 1")or die(mysql_error());

mysql_query("UPDATE `players` SET `points` = '$newwhopts' WHERE `playername` = '$whoname' LIMIT 1")or die(mysql_error());

$upd = "You successfully retrieved ".number_format($whopts)." points from ".$whoname.".";
upd($upd);
}}}}}}}}}

?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="connections/style.css" />
</head>


<form action="" method="post">
<table width="58%" align="center" class="tbl">
<tr><td align="center" class="hdr" colspan="4">.::Buy Cars With Points::.</td></tr>
<tr>
<td align="center" class="sub" width="10%"> </td>
<td align="center" class="sub" width="25%">Item</td>
<td align="center" class="sub" width="15%">Cost</td>
<td align="center" class="sub" width="50%">Explanation</td>
</tr>
<tr><td align="center" class="hdr" colspan="4">1930s</td></tr>
<tr>
<td colspan="4"><center><b>There is currently no 1930s cars!</b></center></td>
</tr>

<tr><td align="center" class="hdr" colspan="4">1940s</td></tr>
<tr>
<td colspan="4"> <center><b>There is currently no 1940s cars!</b></center></td>
</tr>


<tr><td align="center" class="hdr" colspan="4">1950s</td></tr>
<tr>
<td align="center" class="tbl"><? radio(buy,bullets,6); ?></td>
<td align="center" class="tbl"><label for="6">1955 Ford Thunderbird</label></td>
<td align="center" class="tbl"><label for="6">30 points</label></td>
<td align="center" class="tbl"><label for="6">Adds a 1955 Ford Thunderbird to your garage.</label></td>

</tr>

</tr>
<tr><td align="center" class="hdr" colspan="4">1960s</td></tr>
<tr>
<td align="center" class="tbl"><? radio(buy,pro,; ?></td>
<td align="center" class="tbl"><label for="8">1965 Chevrolet Chevelle</label></td>
<td align="center" class="tbl"><label for="8">70 points</label></td>
<td align="center" class="tbl"><label for="8">Adds a 1965 Chevrolet Chevelle to your garage.</label></td>
</tr>
<tr>
<td align="center" class="tbl"><input type="radio" name="buy" value="pro2" id="4" class="submit"></td>
<td align="center" class="tbl"><label for="8">1967 Chevy El Camino</label></td>
<td align="center" class="tbl"><label for="8">30 points</label></td>
<td align="center" class="tbl"><label for="8">Adds a 1967 Chevy El Camino to your garage.</label></td>
</tr>
<tr>
<td align="center" class="tbl"><input type="radio" name="buy" value="pro3" id="4" class="submit"> </td>
<td align="center" class="tbl"><label for="8">1969 Pontiac GTO</label></td>
<td align="center" class="tbl"><label for="8">50 points</label></td>
<td align="center" class="tbl"><label for="8">Adds a 1969 Pontiac GTO to your garage.</label></td>
</tr>
<tr><td align="center" class="hdr" colspan="4">1970s</td></tr>

<tr>
<td align="center" class="tbl"><input type="radio" name="buy" value="plane3" id="4" class="submit" </td>
<td align="center" class="tbl"><label for="9">1972 Dodge Challenger</label></td>
<td align="center" class="tbl"><label for="9">70 points</label></td>
<td align="center" class="tbl"><label for="9">Adds a 1972 Dodge Challenger to your garage.</label></td>
</tr>
<tr><td align="center" class="hdr" colspan="4">Modern Cars</td></tr>
<tr>
<td align="center" class="tbl"><? radio(buy,flytime,2); ?></td>
<td align="center" class="tbl"><label for="2">2007 Ford Mustang</label></td>
<td align="center" class="tbl"><label for="2">60 points</label></td>
<td align="center" class="tbl"><label for="2">Adds a 2007 Ford Mustang to your garage.</label></td>
</tr>

<tr>
<td align="center" class="tbl"><? radio(buy,bartime,3); ?></td>
<td align="center" class="tbl"><label for="3">2008 Hummer H3</label></td>
<td align="center" class="tbl"><label for="3">50 points</label></td>
<td align="center" class="tbl"><label for="3">Adds a 2008 Hummer H3 to your garage.</label></td>
</tr>
<tr>
<td align="center" class="tbl"><? radio(buy,timers,5); ?></td>
<td align="center" class="tbl"><label for="5">2008 Dodge Ram Turbo Diesel</label></td>
<td align="center" class="tbl"><label for="5">40 points</label></td>
<td align="center" class="tbl"><label for="5">Adds a 2008 Dodge Ram Turbo Diesel to your garage.</label></td>
</tr>
<tr><td align="center" class="tbl" colspan="4">
<? sub(submit,Purchase); ?>
</td></tr>
</table>


</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/139249-huge-php-problem/
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.