Scouse Posted February 3, 2009 Share Posted February 3, 2009 Hey guys, my friends have just recently created an online mafia game, I have come aross a few exploits, I can deposit cash into my "game bank" and also into my "swiss game bank" at the same time, I think this may have something do to with not using transaction within their scripts, They need some help.. Anyone have any ideas? Quote Link to comment Share on other sites More sharing options...
trq Posted February 3, 2009 Share Posted February 3, 2009 We need to see relevent code. Quote Link to comment Share on other sites More sharing options...
Scouse Posted February 3, 2009 Author Share Posted February 3, 2009 if (isset($_POST['swissdeposit'])) { if(!$swissdeposit){echo'<font color=white size=1 face=verdana><b>You did not enter an amount to deposit.</b></font>';} elseif($userswiss != '0'){echo'<font color=white size=1 face=verdana>You can only insert money into your swiss when it is empty.</font>';} elseif($swissdeposit > $usermoney){echo"<font color=white size=1 face=verdana>You don't have enough money.</font>";} elseif($swissdeposit > '99999999999'){echo'<font color=white size=1 face=verdana><b>You cannot have more than $<b>99,999,999,999</b> in your swiss bank.</font>';} elseif($entertainer != '0'){echo'<font color=white face=verdana size=1>As entertainer you cannot use this feature</font>';} else{ mysql_query("UPDATE users SET swiss = '$swissdeposit', money = money - '$swissdeposit' WHERE username = '$username'"); echo"<font color=white size=1 face=verdana>You deposited $<b>$swissdeposittwo</b> into your swiss bank account.</font>";} } elseif($swissdeposit > $usermoney){echo"<font color=white size=1 face=verdana>You don't have enough money.</font>";} Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted February 3, 2009 Share Posted February 3, 2009 Please use code tags And that code doesn't help without more information or/and code. Quote Link to comment Share on other sites More sharing options...
Scouse Posted February 3, 2009 Author Share Posted February 3, 2009 if (isset($_POST['swissdeposit'])) { if(!$swissdeposit){echo'<font color=white size=1 face=verdana><b>You did not enter an amount to deposit.</b></font>';} elseif($userswiss != '0'){echo'<font color=white size=1 face=verdana>You can only insert money into your swiss when it is empty.</font>';} elseif($swissdeposit > $usermoney){echo"<font color=white size=1 face=verdana>You don't have enough money.</font>";} elseif($swissdeposit > '99999999999'){echo'<font color=white size=1 face=verdana><b>You cannot have more than $<b>99,999,999,999</b> in your swiss bank.</font>';} elseif($entertainer != '0'){echo'<font color=white face=verdana size=1>As entertainer you cannot use this feature</font>';} else{ mysql_query("UPDATE users SET swiss = '$swissdeposit', money = money - '$swissdeposit' WHERE username = '$username'"); echo"<font color=white size=1 face=verdana>You deposited $<b>$swissdeposittwo</b> into your swiss bank account.</font>";} } Right, $usermoney represents how much money the user has, lets say the user has £5. If the user tries to put £5 into his bank it will remove £5 from his money and add it to his bank account., then if the user tries to do the same thing again, he will get the error elseif($swissdeposit > $usermoney){echo"<font color=white size=1 face=verdana>You don't have enough money.</font>";} ................ BUT if you open 2 windows, and try and put £5 into your bank at the EXACT same time, it bypasses "You don't have enough money." error, and adds £10 into the bank account Quote Link to comment Share on other sites More sharing options...
trq Posted February 3, 2009 Share Posted February 3, 2009 In that case (as you yourself pointed out), transactions would help. Quote Link to comment Share on other sites More sharing options...
Scouse Posted February 3, 2009 Author Share Posted February 3, 2009 i dont understand what they are thats the only problem. Quote Link to comment Share on other sites More sharing options...
trq Posted February 3, 2009 Share Posted February 3, 2009 They are covered/explained in the mysql manual. They don't really have anything to do with php. Once you've read up, if you have any issues post your questions in the mysql board. Quote Link to comment Share on other sites More sharing options...
Scouse Posted February 3, 2009 Author Share Posted February 3, 2009 What syntax would i have to use for my case? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.