Jump to content
MakeWebGames

{REQUEST}Mccode Duping...


ShizzleNizzle
 Share

Recommended Posts

Re: {REQUEST}Mccode Duping...

Duping is when someone use's two computer's and clicks the same link on both computer's similtaneously.

So they will recieve double bank withdrawal sum without actually paying for that ect

This can be used on most feature's in game eg - Bank,Crystalbank(If you have),Anything that's Sending anything really.

Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

It's not hard, i've tried myself and it does work unfortunatley :(

I've also seen this happen in other game's but people are normally clever enough to do small amount's to benefit themselve's

Also even if you do it once you can just refresh the page and it will do it again and again :(

Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

I have tons of experience fixing these things.

There's a number of little tricks that need to be done. Each script that has the problem needs to be edited one by one. So it's not exactly a deal where you can just toss in a few lines of code and the entire game is fixed.

Well, that is unless you limited loading pages to one page load per one/two seconds.

To stop someone from withdrawing cash from the bank you would do something like this:

First, you need to find out how much money they have.

Then, when you go to take the money out of the bank, toss in a where clause like this:

where money = current_value

 

The idea is, on a dual page load, the cash they have is the same in both instances of the script being executed. And since mysql queries are crafted in a way where it just subtracts the withdrawal from the bank money column, you can toss in that where clause because on the second page load the amount will not match the amount they had at the start of the script.

 

It's tricky, and it's hard to explain, but you just have to trip it up a bit and use the dual page load intricacies to your own advantage.

Anyways, if you need someone to help you out, lemme know, but I can't do it for free.

Link to comment
Share on other sites

Guest Anonymous

Re: {REQUEST}Mccode Duping...

SQL clauses should always perform a conditional check against current data - you cannot rely on what is in memory.

Problem:

Assume $ir['money'] = 150

Browser tab #1

$ir['money'] -= 100;

UPDATE users SET money = {$ir['money']}

Browser tab #2

$ir['money'] -= 100;

UPDATE users SET money = {$ir['money']}

Now what does the database hold? -- (For those NOT paying attention - 50).

Solution:

Assume $ir['money'] = 150

Browser tab #1

$ir['money'] -= 100;

UPDATE users SET money = money - 100 WHERE money >= 100

Browser tab #2

$ir['money'] -= 100;

UPDATE users SET money = money - 100 WHERE money >= 100

(This will not affect any rows)

So all you need is a call to mysql_affected_rows() to check if your UPDATE statement succeeded.

Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

A price would be dependent on how many areas there are to fix.

I could prolly secure a typical bank script in a half hour max. Something like that wouldn't cost much. Doing that to 10 different scripts, that would be a bit more expensive.

I will say though that if you are decent with mysql, and once you get the idea down Nyna and I are talking about, it's not too difficult.

 

mysql_affected_rows is going to be an essential part of this though.

Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

session lock? only allowing one session per user?

if so, that doesn't prevent issues where one person lists an item in a shop, and then gets a friend to buy it at the same time they remove it. lol

and that's just one example of crossover between accounts.

there is no one fix for it all, but only allowing one session per user is a BIG help.

Link to comment
Share on other sites

Guest Anonymous

Re: {REQUEST}Mccode Duping...

 

there is no one fix for it all

Mutexes

Row Locks

Page Locks

Table Locks

Transactions

There are several solutions here all well documented each with good and bad points.

Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

 

session lock? only allowing one session per user?

if so, that doesn't prevent issues where one person lists an item in a shop, and then gets a friend to buy it at the same time they remove it. lol

and that's just one example of crossover between accounts.

there is no one fix for it all, but only allowing one session per user is a BIG help.

ah that i didn't think of lol

so what do you recommend Nyna, you run several servers so im sure you have great insight into this

Link to comment
Share on other sites

Guest Anonymous

Re: {REQUEST}Mccode Duping...

What part of :

Mutexes

Row Locks

Page Locks

Table Locks

Transactions

Did you miss?

Or even:

Try using a transaction safe database.
Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

 

Mutexes

Row Locks

Page Locks

Table Locks

Transactions

There are several solutions here all well documented each with good and bad points.

good and bad points i asked for your opinion on the best not a pm's reply which involves

"OH theres good and bad but lets not discuss it" even though the subject saysing REQUEST mccodes Duping lol if your not going to help why post...

Someone of such higher intelligence must help the "Idiots" when they are stuck, im sure

Link to comment
Share on other sites

Guest Anonymous

Re: {REQUEST}Mccode Duping...

You asked:

so what do you recommend Nyna

I merely pointed out that I had already answered the question fully. If you can't be bothered to go and read up on these, discover which is the best suited to your environment, and then perhaps ask questions on implementing them - I see no point in furthering this.

Why you are so closed off to doing your own research is beyond me. I have spent years reading up, experimenting, analyzing queries, and testing environments to see what method works best in what scenario.

Your little games with a few users have to be handled totally differently to tables with +1,000,000 rows of data a day, or tables with in excess of 100,000,000 rows. Exactly how do you expect an answer to suit *you* when you cannot comprehend the basics, or supply information which *may* make it a little easier to decide on a course of action and suggestions?

When you have actually done so of your *own* research, seen the problem ideally first hand, and have made some tentative steps at providing a solutions that works in all cases, *then* feel free to come back and ask.

Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

 

You asked:

so what do you recommend Nyna

I merely pointed out that I had already answered the question fully. If you can't be bothered to go and read up on these, discover which is the best suited to your environment, and then perhaps ask questions on implementing them - I see no point in furthering this.

Why you are so closed off to doing your own research is beyond me. I have spent years reading up, experimenting, <censored>yzing queries, and testing environments to see what method works best in what scenario.

Your little games with a few users have to be handled totally differently to tables with +1,000,000 rows of data a day, or tables with in excess of 100,000,000 rows. Exactly how do you expect an answer to suit *you* when you cannot comprehend the basics, or supply information which *may* make it a little easier to decide on a course of action and suggestions?

When you have actually done so of your *own* research, seen the problem ideally first hand, and have made some tentative steps at providing a solutions that works in all cases, *then* feel free to come back and ask.

I'm sorry but is this or is this not a help forum?

your staff therefor you help...

and referring to all the members has idiots doesn't go down well.

You're stuck up, just because you run several servers (but have time to comment on posts on a forum) you think you're like gods gift maybe when you learn how to interact with people rather than just dispespect people who are trying to better themselves.

You will be appreciated but frankly at this point i find you a annoying disturbance.

Everyone says "oh goto CE you'll learn" but all i have seen is obnoxious staff and the members who try to learn just get shit on...

Link to comment
Share on other sites

Re: {REQUEST}Mccode Duping...

oh don't get me wrong i research almost everything i've posted on google is a powerful tool is it not lol

but she and many others consider that they are better because they did this and did that but really all the newb is doing is asking for a little help on a subject he is stuck on.

lol google "sql duping" tell me if you see anything worth looking at because i've tried all kinds of things referring to this topic.

i even tried you're script Luke.

just not getting anywhere with it, i only ever ask a question if i am really stuck and sadly the only person i know who is available enough is Nyna but even then she does persist on making me figure it out (i know that probably a way or making me learn harder) but it is semi annoying.

Link to comment
Share on other sites

Guest Anonymous

Re: {REQUEST}Mccode Duping...

 

I'm sorry but is this or is this not a help forum?

I'm undecided. As people seldom take advice, it's difficult to ascertain.

 

your staff therefor you help...

No, my job here is Site Administrator... My middle name is not Google, I will help people who are willing to help themselves and show the relevant skills necessary to ask a question which at least provides some iota of a clue as to the area of expertise, or environmental skills needed.

 

and referring to all the members has idiots doesn't go down well.

I agree - but as I don't recall doing so... I fail to see the relevance of this.

 

You're stuck up, just because you run several servers (but have time to comment on posts on a forum) you think you're like gods gift maybe when you learn how to interact with people rather than just dispespect people who are trying to better themselves. You will be appreciated but frankly at this point i find you a annoying disturbance.

Not stuck up - just tired with people who fail to see the significance of research, with people who don't understand that asking questions itself is an art, with people who won't go and at least make some attempt to help themselves and with children who appear to assume the their knowledge of DBS/MCcodes, PHP, and MySQL is the pinnacle of knowledge.

And as for you finding my me an "annoying disturbance", please tell that to somebody who gives a hoot. I certainly care not. You have an ignore button - use it.

 

Everyone says "oh goto CE you'll learn" but all i have seen is obnoxious staff and the members who try to learn just get shit on...

Well now.. there are plenty of staff at a variety of levels that I've seen here. All have a variety of skills, and all help out in ways beyond your imagination. They all have talents in excess of a lot of people I have met. Yet they are willing to give up their free time and help members with little or no knowledge, little capacity for learning, poor English skills, are incapable of presenting a logical and coherent question, fail to realize the importance of detailed questions and bug reports etc.

You appear to be assuming yet again that just because I reply with a terse answer, that answer is not sufficient. I have no intention of spoon feeding you answers - you should be capable of at least finding out what each of the relative mechanisms can be used to protect tables against "duping" (OP's term, but rather inaccurate).

As I stated before - go do some research, find out which mechanism is suitable for *your* environment, try to implement, and then ask questions. Starting a flame war because you cannot see that an answer does not fit your *exact* purposes is madness.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...