Jump to content

Session issues.

marcus

By marcus
in PHP Coding Help

 Share

Recommended Posts

marcus Regular Member

marcus

Posted
Posted

Ok, I am trying to prevent users from refreshing to continue to buy an item. I haven't run into this problem before but now it's giving me messages that shouldn't pop up.

 

<?php
session_start();
$need_log = 1;
$page = "Town Square";
include "/home/********/public_html/global.php";

$act = $_GET['act'];

layout('header');


if (!$act) {
    $sql = "SELECT * FROM `shops` WHERE `location`='1' ORDER BY `name`";
    $res = mysql_query($sql) or die(mysql_error());


    echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"forum\">\n";
    echo "<tr><td colspan=\"4\" align=\"center\" class=\"forum_title\">Town Square</td></tr>\n";
    echo "<tr>\n";

    $x = 1;
    while ($row = mysql_fetch_assoc($res)) {
        echo "<td align=\"center\" valign=\"top\"><a href=\"/town/index.php?act=shop&id={$row['id']}\" style=\"text-decoration:none;\"><img border=\"0\" src=\"/images/shops/lolshop.jpg\" alt=\"" .
            strip3($row['desc']) . "\"><br>" . strip3($row['name']) . "</a></td>\n";

        if ($x == 4) {
            echo "</tr><tr>\n";
            $x = 0;
        }
        $x++;
    }
    echo "</tr>\n";
    echo "</table>\n";
} else {

    if ($act == 'shop') {
        $id = protect($_GET['id']);

        if ($id) {
            $sql = "SELECT * FROM `shops` WHERE `id`='{$id}'";
            $res = mysql_query($sql) or die(mysql_error());
            if (mysql_num_rows($res) == 0) {
                echo "Invalid shop!\n";
            } else {
                $row = mysql_fetch_assoc($res);
                $sql2 = "SELECT * FROM `shop_stock` WHERE `shop_id`='{$id}' AND `quantity` > 0";
                $res2 = mysql_query($sql2) or die(mysql_error());
                echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"forum\">\n";
                echo "<tr><td colspan=\"4\" align=\"center\" class=\"forum_title\">" . strip3($row['name']) .
                    "</td></tr>\n";
                echo "<tr><td colspan=\"4\" align=\"center\"><em>" . strip3($row['desc']) .
                    "</em></td></tr>\n";
                $count = mysql_num_rows($res2);
                if (mysql_num_rows($res2) == 0) {
                    echo "<tr><td align=\"center\">Sorry, we're fresh out! Come back in a few minutes.</td></tr>\n";
                } else {
                    echo "<tr>\n";
                    $x = 1;
                    $sizzle = 4 / $count;
                    while ($row2 = mysql_fetch_assoc($res2)) {
                        echo "<td align=\"center\" valign=\"top\"><a href=\"/town/index.php?act=buy&id={$row2['id']}&key={$row2['key']}&t=" .
                            time() . "\">" . shopItem($row2['item_id'], $row2['price'], $row2['quantity']) .
                            "</td>\n";

                        if ($x == 4) {
                            echo "</tr><tr>\n";
                            $x = 0;
                        }
                        $x++;
                    }
                    echo "</tr>\n";
                }
                echo "</table>\n";
            }
        } else {
            echo "No shop supplied!\n";
        }
    }

    if ($act == 'buy') {
        $id = protect($_GET['id']);
        $key = protect($_GET['key']);
        $time = $_GET['t'];

        if ($id && $key) {

            if (!$_POST['submit']) {
            	$_SESSION['buy'] == 'yes'; // set session here
                $sql = "SELECT * FROM `shop_stock` WHERE `id`='{$id}' AND `key`='{$key}' AND `quantity` > 0";
                $res = mysql_query($sql) or die(mysql_error());
            	
                if (mysql_num_rows($res) == 0) {
                    echo "Item does not exist!\n";
                } else {
                    $row = mysql_fetch_assoc($res);
                    echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"forum\">\n";
                    echo "<form method=\"post\" action=\"/town/index.php?act=buy&id={$id}&key={$key}&t={$time}\">\n";
                    echo "<tr><td colspan=\"2\" align=\"center\" class=\"forum_title\">Buying an Item</td></tr>\n";
                    if ($_GET['err']) {

                        if ($_GET['err'] == '1') {
                            echo "<tr><td colspan=\"2\" align=\"center\" valign=\"middle\"><font color=\"red\">You cannot afford this item</font></td></tr>\n";
                        }

                        if ($_GET['err'] == '2') {
                            echo "<tr><td colspan=\"2\" align=\"center\" valign=\"middle\"><font color=\"red\">Your haggle is too low</font></td></tr>\n";
                        }

                        if ($_GET['err'] == '3') {
                            echo "<tr><td colspan=\"2\" align=\"center\" valign=\"middle\"><font color=\"red\">Your haggle is too high</font></td></tr>\n";
                        }

                        if ($_GET['err'] == '4') {
                            echo "<tr><td colspan=\"2\" align=\"center\" valign=\"middle\"><font color=\"red\">You have 50 or more items in your inventory!</font></td></tr>\n";
                        }
                    }
                    echo "<tr><td align=\"center\" valign=\"middle\">" . iNn($row['item_id']) .
                        "</td>\n";
                    echo "<td align=\"left\" valign=\"middle\">\n";
                    echo "		<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
                    echo "		<tr><td>Cost</td><td>" . number_format($row['price']) . " cP</td></tr>\n";
                    echo "		<tr><td>Haggle</td><td><input type=\"text\" name=\"haggle\" class=\"forum_submit\"></td></tr>\n";
                    echo "		<tr><td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Haggle and Buy\" class=\"forum_submit\"></td></tr>\n";
                    echo "		</table>\n";
                    echo "</td></tr>\n";
                    echo "</form></table>\n";
                    
                }
            } else {
                if (!$_SESSION['buy']) { // checks if session exists or not
                    echo "You cannot refresh to buy an item!";
                } else {
                    $sql = "SELECT * FROM `shop_stock` WHERE `id`='{$id}' AND `key`='{$key}' AND `quantity` > 0";
                    $res = mysql_query($sql) or die(mysql_error());
                    if (mysql_num_rows($res) == 0) {
                        echo "Item does not exist!\n"; 
                    } else {
                        $haggle = floor($_POST['haggle']);
                        $row = mysql_fetch_assoc($res);
                        $price = $row['price'];
                        $quantity = $row['quantity'];
                        $min_price = $price * .90;
                        $max_price = $price + ($price * .1);
                        $rarity = itemInfo($row['item_id'], "rarity");
                        $shop = $row['shop_id'];
                        $item_id = $row['item_id'];
                        $num = mysql_num_rows(mysql_query("SELECT * FROM `user_items` WHERE `place`='inventory' AND `uid`='{$_COOKIE['uid']}'"));
                        $row2 = mysql_fetch_assoc(mysql_query("SELECT points FROM `users` WHERE `id`='{$_COOKIE['uid']}'"));
                        if ($haggle > $row2['points']) {
                            header("Location: /town/index.php?act=buy&id=$id&key=$key&t=$time&err=1");
                        } else {

                            if ($haggle < $min_price) {
                                header("Location: /town/index.php?act=buy&id=$id&key=$key&t=$time&err=2");
                            } else {

                                if ($haggle > $max_price) {
                                    header("Location: /town/index.php?act=buy&id=$id&key=$key&t=$time&err=3");
                                } else {
                                    if ($num >= 50) {
                                        header("Location: /town/index.php?act=buy&id=$id&key=$key&t=$time&err=4");
                                    } else {
                                        give_points($_COOKIE['uid'], -$haggle);
                                        if ($quantity - 1 <= 0) {
                                            $sql2 = "DELETE FROM `shop_stock` WHERE `id`='{$id}' AND `key`='{$key}'";
                                        } else {
                                            $sql2 = "UPDATE `shop_stock` SET `quantity`=`quantity`-1 WHERE `id`='{$id}' AND `key`='{$key}'";
                                        }
                                        if ($rarity >= 100) {
                                            $seconds = time() - $row['time'];
                                            $sql3 = "INSERT INTO `rare_item_log` (`uid`,`item_id`,`seconds`) VALUES('{$_COOKIE['uid']}','{$row['item_id']}','$seconds');";
                                            $res3 = mysql_query($sql3) or die(mysql_error());
                                        }
                                        $res2 = mysql_query($sql2) or die(mysql_error());
                                        $sql4 = "INSERT INTO `user_items` (`uid`,`item_id`,`place`,`price`,`time`) VALUES('{$_COOKIE['uid']}','{$row['item_id']}','inventory','0','" .
                                            time() . "');";
                                        $res4 = mysql_query($sql4) or die(mysql_error());
                                        if ($row['item_id'] == '46') {
                                            __avatar($_COOKIE['uid'], '5');
                                        }
                                        echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"forum\">\n";
                                        echo "<tr><td align=\"center\" class=\"forum_title\">Successful</td></tr>\n";
                                        echo "<tr><td align=\"center\">" . iNn($item_id) . "</td></tr>\n";
                                        echo "<tr><td align=\"center\">You have successfully bought this item for <b>" .
                                            number_format($haggle) . "</b> cP! <a href=\"/town/index.php?act=shop&id={$shop}\">Click here</a> to return the shop.</td></tr>\n";
                                        echo "</table>\n";
                                        session_destroy(); // session is destroyed
                                    }
                                }
                            }
                        }
                    }
                }
            }
        } else {
            echo "Invalid item!\n";
        }
    }
}

layout('footer');
?>

 

I commented the lines that start and create the problem.

 

It seems the session is not passing when the form is submitted.

Link to comment
Share on other sites
btherl Member

btherl

Posted
Posted

Ok, I am trying to prevent users from refreshing to continue to buy an item. I haven't run into this problem before but now it's giving me messages that shouldn't pop up.

 

Can you explain in more detail?  Please say exactly what you do, and exactly what messages pop up.

Link to comment
Share on other sites
marcus Regular Member

marcus

Posted
  • Author
Posted

Ok, when the user views the haggling window that shows the item, the price and an input box to input their haggled price it sets the session "buy" to the value "yes." When the user submits their haggle it goes to the next part and all the security stuff, do they have enough points, is the haggle high or low enough, etc... If they pass all that they get the item and the session is destroyed. Before all the security stuff (when the form is submitted) it checks if the session exists, if it does, they can continue, but if it doesn't they tried to refresh and buy the item again. My problem is, the session is destroyed even before the user is able to buy the item.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.