Jump to content
MakeWebGames

Joshua

Members
 View Profile  See their activity

  • Posts

    1,271

  • Joined

  • Last visited

 Content Type 

Everything posted by Joshua

  1. Joshua
    Hm, Didn't think enough into the length which should have been obvious. Though of course the amount of employees could be limited. Hm, Now i must take this into consideration.
  2. Joshua
    I'm not 100% on that particular route, I may give it a shot, but i've been playing with code for the past 4 hours and finally got it to work the way I want. Granted it's just a "start" but it's doing what I want it to do. Ignore the SELECT *s in the queries as they will be better defined later on, it's just for ease of use right now   <?php require_once('globals.php'); switch($_GET['action']) { case "bankindex":bankindex();break; case 'openbank': openbank(); break; case 'remove': remove(); break; default:bankindex();break; } function bankindex() { global $ir, $db, $userid, $h; $banks = $db->query("SELECT * FROM `userbanks` ORDER BY `Bid` ASC"); if(!$db->num_rows($banks)) { echo 'There are currently no banks available from which to choose'; $h->endpage(); exit; } echo '[b]Welcome to the central banking station.[/b] Here you can find a large selection of banks with various options to fit your specific needs. Please feel free to browse around and be sure and select the bank that best suits you. If you are seeking employment with a bank you can find the application section On that banks homepage as well as whether or not they are currently hiring. '; // This will have a paginated index of all User Owned Banks. echo '<table width=70% class=table><tr><th>Banking Name</th> <th>Bank Owner</th> <th>Bank Employees</th> <th>Bank Ranking</th> <th>Select Bank</th></tr>'; while($br = $db->fetch_row($banks)) { $blam = $br['bankemployees']; // Define all bank employees to a simple variable $count = explode(",", $blam); // Destroy the , in the database for Printing out all employees later. $totals = array(); // Using Totals and Foreach will help grab the total amount of employees foreach($count as $item) { isset($totals[$item]) ? $totals[$item] = 1 : $totals[$item]++; } //This is selecting the Total Count of Employees $tezz = $db->query("SELECT u.*, b.* FROM users u LEFT JOIN userbanks b ON u.userid=b.bankemployees WHERE u.userid IN($count[0])"); $rar = $db->fetch_row($tezz); $check = $rar['userid']; // Now we select the bank where the Current User is in, if not we kill the query using // if(!$db->num_rows($tezz)){die('you're not employeed with a bank'); // $h->endpage(); exit; } echo '<tr><td>'.$br['bankname'].'</td> <td>'.$br['bankowner'].'</td> <td>'.array_sum($totals).'</td> <td>'.$br['bankranking'].'</td> <td>[url="userbanks.php?action='.$br['Bid'].'"]Select Bank[/url]</td> </tr>'; } echo '</table>'; echo '[url="userbanks.php?action=openbank"]Start your own bank now![/url]'; } function openbank() { global $banks, $ir, $db, $h; $alreadyhave = $db->query("SELECT * FROM userbanks WHERE bankowner=".$ir['userid'].""); if($db->num_rows($already)) { echo 'It appears you already own a bank at this time.'; $h->endpage(); exit; } /*$find = $db->query("SELECT * FROM userbanks WHERE ".$ir['userid']." IN(`bankemployees`)"); $ff = $db->fetch_row($find); $db->query("UPDATE userbanks SET bankranking = 500 WHERE ".$ir['userid']." IN(bankemployees)"); */ } function loanrequest() { global $banks; echo 'This will be where users can request a loan from a loan officer that is employed with the bank.'; // Loan officers will be employees with the bank } function userbank() { echo 'This will be where users can deposit money into their bank account';//User Owned banking. }   Only 1 SQL table made so far.   -- phpMyAdmin SQL Dump -- version 3.2.4 -- http://www.phpmyadmin.net -- -- Host: localhost -- Generation Time: Oct 11, 2010 at 09:43 AM -- Server version: 5.0.91 -- PHP Version: 5.2.9 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";   /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */;   -- -- Table structure for table `userbanks` -- CREATE TABLE IF NOT EXISTS `userbanks` ( `Bid` int(11) NOT NULL auto_increment, `bankname` varchar(255) NOT NULL, `bankowner` int(11) NOT NULL, `bankemployees` varchar(255) NOT NULL, `bankranking` int(11) NOT NULL, PRIMARY KEY (`Bid`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ; -- -- Dumping data for table `userbanks` -- INSERT INTO `userbanks` (`Bid`, `bankname`, `bankowner`, `bankemployees`, `bankranking`) VALUES (1, 'joshy', 1, ' 1,2,3', 500), (2, 'this and that', 2, '3,2,5,335', 333);
  3. Joshua
    Right, The thing I'm going for however is there won't be one defined ID that i can just set permanently. There will be multiple users in multiple columns I.E One bank may have 10 employees with various ID's One bank may have 100 employees etc. etc. On the banking list i'm going to have it show the total employees for that bank which are all stored in 1 column of the banking for optimiziation purposes. but it's also going to call to that array later on for the Employee purposes also. If employee is in this bank, they have more rights as loan officers, collectors , etc. So i'm not quite sure I could use the in() feature you're referring to?
  4. Joshua
    N/m I figured it out, thanks for the attempt   while($br = $db->fetch_row($banks)) { $blam = $br['bankemployees']; $count = explode(",", $blam); // Destroy the , in the database for Printing out all employees later. $totals = array(); foreach($count as $item) { isset($totals[$item]) ? $totals[$item] = 1 : $totals[$item]++; } echo ''.array_sum($totals).''; // Testing Array Sum Total echo '<tr><td>'.$br['bankname'].'</td> <td>'.$br['bankowner'].'</td> <td></td> <td>'.$br['bankranking'].'</td> <td>[url="bank.php"]Select Bank[/url]</td> </tr>'; echo 'Welcome to the bank yahoo pages. Here you can select a bank.'; // This will have a paginated index of all User Owned Banks. } }
  5. Joshua
    I wasnt sure the database would seperate the ,'s i,e database structure is   Bid bankname bankowner bankemployees bankranking Edit Delete 1 joshy 1 1, 2, 3 1 I need the total of 1,2,3 i.e = 3 I'll give what you suggested a try and see if that won't work I may just be overthinking the scenario Edit: UERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 2, 3' at line 1 Query was SELECT COUNT(*) FROM `userbanks` WHERE `bankemployees`=1, 2, 3 Is what I kinda thought would have happened, stupid databases >,< ;P
  6. Joshua
    I'm working on a large mod to say the least, and I for the life of me can't figure out how to do the following. I am inserting employees using explode/implode into a database. employees will all be on one database row 1,4,11 etc. Now easily enough using implode/explode I can say..call the employees from the database. My problem is, there is a certain part I want to just print the total of employees in that company i.e 1, 4, 11 = 3 How would I do this using the array feature, would I need to use foreach?   while($br = $db->fetch_row($banks)) { $boom = $br['bankemployees']; $array = array($boom); $count = implode(",", $array);   The above is just what i'm using to echo the employee's ID's seperated by a ,
  7. Joshua
    or the amount of money bet
  8. Joshua
    No, $price is the $_POST['variable'] and it's already secured. Look at it like this, as this is the only problem left. in your form data where it says <input type="hidden" value="'.$variable.'" name="oldnum">   The Variable is a number. Using firebug, you can change that number. Hence lies the problem Really the way it's set up I'm not sure right off on just how to take care of it, i'll work on it tomorrow though.
  9. Joshua
    It's still exploitable as the way you have the forms pitching data and using some of the same data, it's easy enough to manipulate, i gave it a run with firebug and sure enough. I know there is a simple way to go about doing it but then i'd actually have to go through the code and read it all and well, meh :p Maybe tomorrow >,<
  10. Joshua
    What's wrong is the <form> box you are using is using the same 'name' variable as your forums use, so they are staying set rename the form boxes and the $_POST variables to something else :)
  11. Joshua
    You would probably need to change the variables then, if you are using the same variables it will do that Define unique variables for the forum report button, maybe keep the poster_id the same
  12. Joshua
    Because you changed what I had up :P Basically you are telling it if the $_POST variable is set to send you back to the form :P There's a reason it was laid out like it was (= And I dno what it is with me and programming i ALWAYS miss the ending ] or a ; somewhere.
  13. Joshua
    Something along these lines, untested of course. $_POST['fp_poster_id'] = abs((int) $_POST['fp_poster_id']); $_POST['fp_id'] = abs((int) $_POST['fp_id']); $_POST['fp_text'] = mysql_real_escape_string(strip_tags($_POST['fp_text']));   if(isset($_POST['fp_poster_id']) && isset($_POST['fp_id') && isset($_POST['fp_text'])) { $poster = $_POST['fp_poster_id']; $postid = $_POST['fp_id']; $posttext = $_POST['fp_text']; $db->query("INSERT INTO forumreport VALUE('',$poster, postid, posttext)"); echo 'Post successfully reported'; } else { echo " <form action='forums.php' method='post'> <input type='hidden' name='fp_poster_id' value='{$r['fp_poster_id']}'> <input type='hidden' name='fp_id' value='{$r['fp_id']}'> <input type='hidden' name='fp_text' value='{$r['fp_text']}'> <input type='submit' value='Report'> </form>"; }
  14. Joshua
    definately am. Never wake up and try to quick secure anything >,< Currently am re-writing it so it will work. I'm awake now :D
  15. Joshua
    "Idealy" one would just use an array function or foreach, but we are working with mccodes >,<
  16. Joshua
    May have helped if i had inserted the updated code on-line i suppose >,<
  17. Joshua
    I mass credited everyone for cash lol
  18. Joshua
    Well hrmz. Maybe because i secured the post but not the $bet variable which he's using for the calls   <?php require_once('globals.php'); echo '<center> <h3>High/Low</h3> </center>'; // Below = The Monk's Code // $POST['bet'] = isset($_POST['bet']) && is_numeric($_POST['bet']) ? abs((int) $_POST['bet']) : false; $POST['oldnum'] = isset($_POST['oldnum']) && is_numeric($_POST['oldnum']) ? abs((int) $_POST['oldnum']) : false; $_POST['choice'] = mysql_real_escape_string(strip_tags($_POST['choice'])); if ($_POST['bet'] && !$_POST['choice']) // Player entered bet but hasn't chosen high/low yet { $bet = $_POST['bet']; if (!in_array($bet, array('500', '1000', '5000', '10000'))) { echo 'The bet you selected is not available'; $h->endpage(); } if($bet > $ir['money']) { echo '<center>Not enough money!</center>'; $h->endpage(); exit; } $num = number_format(rand(1,10)); echo '<center>The number is '.$num.'. Will the next number be higher or lower than '.$num.'? <table> <tr> <td> <form method="post"> <input type="hidden" value="'.$num.'" name="oldnum"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="high" name="choice"> <input type="submit" value="Higher"> </form> </td> <td> <form method="post"> <input type="hidden" value="'.$num.'" name="oldnum"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="low" name="choice"> <input type="submit" value="Lower"> </form> </td> </tr> </table> </center>'; } else if ($_POST['choice'] && $_POST['oldnum'] && $_POST['bet']) // Player chose high/low { $newnum = number_format(rand(1,10)); $oldnum = $_POST['oldnum']; $guess = $_POST['choice']; $bet = $_POST['bet']; if($newnum < $oldnum) { $lala = 'low'; } else if($newnum > $oldnum) { $lala = 'high'; } else if($newnum === $oldnum) { $lala = $guess; } if($lala !== $guess) { $result = 2; } else if($lala === $guess) { $result = 1; } if(!$result) { die("Error!"); } // No result was generated $db->query("UPDATE `users` SET `money`=`money`-".$bet." WHERE (`userid`=".$userid.")"); // Take away bet if($result === 1) // Player won { $prize=$bet * 2; // Prize money for winning echo '<center>Congratulations! You won your bet of \$'.$bet.' '; $db->query("UPDATE `users` SET `money`=`money`+".$prize." WHERE (`userid`=".$userid.")"); echo 'You guessed '.$guess.', the previous number was '.number_format($oldnum).' and the new number was '.number_format($newnum).'. Is the next number going to be higher or lower than '.number_format($newnum).'? <table> <tr> <td> <form method="post"> <input type="hidden" value="'.$newnum.'" name="oldnum"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="high" name="choice"> <input type="submit" value="Higher"> </form> </td> <td> <form method="post"> <input type="hidden" value="'.$newnum.'" name="oldnum"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="low" name="choice"> <input type="submit" value="Lower"> </form> </td> </tr> </table> </center>'; } else if($result === 2) // Player lost { echo '<center>Sorry you lost your bet of $'.number_format($bet).' You guessed '.$guess.', the previous number was '.number_format($oldnum).' and the new number was '.number_format($newnum).'. Is the next number going to be higher or lower than '.number_format($newnum).'? <table> <tr> <td> <form method="post"> <input type="hidden" value="'.$newnum.'" name="oldnum"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="high" name="choice"> <input type="submit" value="Higher"> </form> </td> <td> <form method="post"> <input type="hidden" value="'.$newnum.'" name="oldnum"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="low" name="choice"> <input type="submit" value="Lower"> </form> </td> </tr> </table> </center>'; } } else { // Default display echo '<center>Welcome to the High/Low casino! <form action="highlow.php" method="post"> Select your bet: <select type="dropdown" name="bet"> <option value="500">$500</option> <option value="1000">$1000</option> <option value="5000">$5000</option> <option value="10000">$10000</option> </select> <input type="submit" value="Start Game!"> </form> </center>'; } // End Of The Monk's Code // $h->endpage(); ?>
  19. Joshua
    yep, done.
  20. Joshua
    Fixed either way ^_-
  21. Joshua
    n/m
  22. Joshua
    On a side note It's a $_POST variable not a get variable, so manipulating the variable in anyway is a lot more difficult.
  23. Joshua
    Post updated just for you Dj :P
  24. Joshua
    Oh yeh $bet is inserting to the $db-> good catch. I spose could use a basic if not in array function for making sure the bet is one specified, but again, i dont see what anyone could do with it
  25. Joshua
    I'm not to great with Javascript the only thing that I could possibly imagine could be done with $_POST['choice'] variable would be some sort of javascript attack, but it's not inserting anything into the database so I dont think it would be manageable. Just the same, I'll "secure" that post variable to, to appease the masses.
×
×
  • Create New...