Cmarket.php *Review please*

[NarutoPRG.com]

Hey,

So I continue to learn(when I CBA). I Was jusr practising on the cmarket.php, as was wondering what doesn't need to be there, or what's a better option. Here it is:

 

<?
   require_once(DIRNAME(__FILE__). '/globals.php');

$_GET['action'] = (isset($_GET['action'])) && (is_string($_GET['action'])) ? (strtolower(trim($_GET['action'])))  : FALSE;

$_GET['ID'] = (abs((int)$_GET['ID']));

  echo '<h3>Crystal Market</h3>';

  switch ( ($_GET['action']) )
        {

    case "buy":
   crystal_buy();
  break;

    case "remove":
   crystal_remove();
  break;

    case "add":
   crystal_add();
  break;

    default:
   cmarket_index();
  break;

        }

    function cmarket_index()
            {

   global $db,$ir,$c,$userid,$h;

  echo '[url="cmarket.php?action=add"]Add a Listing[/url]




	 <table width = "75%" `cellspacing` = "1" class = "table"> 
	 <tr style="background:gray"> 
	 <th>Adder</th> 
	 <th>Qty</th> 
	 <th>Price each</th> 
	 <th>Price total</th> 
	 <th>Links</th> 
	 </tr>
	';

  $Cmarket_info = ($db->fetch_single($db->query("SELECT cm.*, u.* 
                                                 FROM crystalmarket cm 
											  LEFT JOIN users u 
											  ON u.userid = cm.cmADDER 
											  ORDER BY cmPRICE/cmQTY ASC
											 ")));

  while ( $user_adder = ($db->fetch_row($Cmarket_info)) )
       {

  if ( (number_format($user_adder['cmADDER'])) == ($_GET['ID']) ) 
    { 

  $link = '<a href = "cmarket.php?action=remove&ID = '.number_format($user_adder['cmID'].'">Remove?</a>'; 

    } 

  else 

 { 

  $link = '<a href = "cmarket.php?action=buy&ID = '.number_format($user_adder['cmID']).'">Buy</a>'; 

    }

  $each = (number_format($user_adder(['cmPRICE']))) / (number_format($user_adder(['cmQTY'])));

  echo '\n
        <tr> 
	 <td>[url="viewuser.php?u='.number_format($user_adder['userid']).'"]'.$user_adder['username'].'[/url] 
	 ['.number_format($user_adder['userid']).']
	 </td> 
	 <td>'.number_format($user_adder['cmQTY']).'</td>
	 <td>($each)</td> 
	 <td>$'.number_format($user_adder['cmPRICE']).'</td>
	 <td>[$link]</td> 
	 </tr>
	';

    }

  echo '</table>';

    }

    function crystal_remove()
            {

   global $db,$ir,$c,$userid,$h;

  $Cmarket_info = ($db->fetch_single($db->query("SELECT * 
                                                 FROM `crystalmarket` 
											  WHERE `cmID` = ".($_GET['ID'])." 
											  AND `cmADDER` = ".($_GET['ID'])."
											 ")));

  if ( (!$db->num_rows($Cmarket_info)) )
    {

  echo 'Error, either these crystals do not exist, or you are not the owner.

        [url="index.php"]Home[/url]
	';
        $h->endpage();
       exit;

    }

  $user_adder = ( ($db->fetch_row($Cmarket_info)) );

                $db->query("UPDATE `users` 
			             SET `crystals` = `crystals` + ".number_format($user_adder['cmQTY'])." 
						 WHERE `userid` = ".($_GET['ID'])."
						");

                $db->query("DELETE FROM `crystalmarket` 
			             WHERE `cmID` = ".($_GET['ID'])."
						");

  echo 'Crystals removed from market!

        [url="home.php"]Home[/url]
	';
        $h->endpage();
       exit;

	} 

	function crystal_buy()
               {

   global $db,$ir,$c,$userid,$h;

$Cmarket_info = ($db->fetch_single($db->query("SELECT * 
                                               FROM crystalmarket cm 
											   WHERE `cmID` = ".($_GET['ID'])."
											  ")));

  if ( (!$db->num_rows($Cmarket_info)) )
    {

  echo 'Error, either these crystals do not exist, or they have already been bought.

        [url="home.php"]Home[/url]
	';
        $h->endpage();
       exit;

  }

  $user_adder = ( ($db->fetch_row($Cmarket_info)) );

  if ( (number_format($user_adder['cmPRICE']) > ($ir['money'])) )
    {

  echo 'Error, you do not have the funds to buy these crystals.

        [url="home.php"]Home[/url]
	';
        $h->endpage();
       exit;

    }

               $db->query("UPDATE `users` 
			            SET `crystals` = `crystals` + ".number_format($user_adder['cmQTY'])." 
			            WHERE `userid` = ".($_GET['ID'])."
					   ");

               $db->query("DELETE FROM `crystalmarket` 
			            WHERE `cmID` = ".($_GET['ID'])."
					   ");

               $db->query("UPDATE `users` 
			            SET `money` = `money` - ".number_format($user_adder['cmPRICE'])." 
						WHERE `userid` = ".($_GET['ID']."
					   ");

			$db->query("UPDATE `users` 
			            SET `money` = `money` + ".number_forumat($user_adder['cmPRICE'])." 
						WHERE `userid` = ".number_forumat($user_adder['cmADDER'])."
					   ");

   event_add ($user_adder['cmADDER'] , 
           '<a href = "viewuser.php?u=".($_GET['ID'])."">'.($ir['username']).'</a> 
		   bought your '.number_format($user_adder['cmQTY']).' crystals from the market 
		   for $'.number_format($user_adder['cmPRICE']).'.',$c);

  echo 'You bought the '.number_format($user_adder['cmQTY']).' crystals from the market for 
        $'.number_format($r['cmPRICE']).'.';

               }

    function crystal_add()
            {

   global $db,$ir,$c,$userid,$h;

  $_POST['amnt'] = (abs((int) $_POST['amnt']));
  $_POST['price'] = (abs((int) $_POST['price']));

  if ( ($_POST['amnt']))
    {

  if ( ($_POST['amnt']) > (number_format($ir['crystals'])) )
    {

  echo 'You are trying to add more crystals to the market than you have.';
       $h->endpage();
	exit;

 }

  $tp = ( ($_POST['amnt']*$_POST['price']) );

               $db->query("INSERT INTO `crystalmarket` 
			            VALUES ( '',".($_POST['amnt'])." , ".($_GET['ID'])." , ($tp) )
					   ");

               $db->query("UPDATE `users` 
			            SET `crystals` = `crystals` - ".($_POST['amnt'])." 
						WHERE `userid` = ".($_GET['ID'])."
					   ");

  echo 'Crystals added to market!

        [url="cmarket.php"]Back[/url]
	';
       $h->endpage()
	exit;

	}
     else
       { 

  echo '[b]Adding a listing.[/b]




	 You have [b]'.number_format($ir['crystals']).'[/b] crystal(s) that you can add to the market.

	 <form action = "cmarket.php?action=add" method = "post">

	 <table width = "50%" border = "2" >
	 <tr>

        <td>Crystals:</td> 
	 <td><input type = "text" name = "amnt" value = '.($ir['crystals']).' />
	 </td>
	 </tr>

	 <tr>

	 <td>Price Each:</td> 
	 <td><input type = "text" name = "price" value = "200" />
	 </td>
	 </tr>

	 <tr>

	 <td colspan = "2" align = "center">
	 <input type = "submit" value = "Add To Market" />
	 </tr>
	 </table>
	 </form>
	';

	}
    }

$h->endpage();
?>

 

Nothing Major, but I could do with some help like every body. :)

[Danny696]

$Cmarket_info = ($db->fetch_single($db->query("SELECT cm.*, u.*

FROM crystalmarket cm

LEFT JOIN users u

ON u.userid = cm.cmADDER

ORDER BY cmPRICE/cmQTY ASC

")));

Is wrong.

Doesnt need anything before the $db->query

[Danny696]

And your using wayyy to many brackets

[NarutoPRG.com]

Ahh right.

Thanks Danny bud. :)

EDIT: I don't like thing being open. But just my way of doing stuff mate =P

[Equinox]

I'm surprised Danny didn't pick up on this....

number_format() should only be used on output. It just formats the number to display nicely, for example

1000 becomes 1,000.

You're using this on inserts, urls and in if() statements O.o

Your if() statement would look like this:

if( (1,000 == 1000)) {

As you can see, this isn't going to work.

And in some cases you spelt it "money_forumat"

You've used HTML that is deprecated like the tag.

 

There are several other things I would've changed and done differently, but that's my preference and some things I just don't agree with.

Other than that, you tried, so kudos to you.

[Danny696]

I didnt look too much into it.

[NarutoPRG.com]

Ty Equinox. :)

Was really useful information mate mate. I didn't know was deprecated. :P

[rulerofzu]

Good effort.

Try to avoid using cm.*, u.* or SELECT *

 

Its better to see what actually needs selecting from the database otherwise you could be calling way to much information than is required. Especially with the users table.

[NarutoPRG.com]

Cheers Roz.

I need to work on my querys. Right now, I need a hosting to try to test the on. Or anything the supports PHP, MySQL. PHPMYADMIN is what's needed for me now.

But yet again, thanks for the advice. :)

[rulerofzu]

Just download wamp or similiar to your computer.

[Equinox]

Ty Zed. :)

Was really useful information mate mate. I didn't know was deprecated. :P

 

Erm.....

 

I'm not Zed.

My name is Equinox -.-

[NarutoPRG.com]

Lmao. Faill..

It's that picture.. ¬_¬

[Aurora078]

Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically

[Equinox]

Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically

Why would it matter??

[Jordan Palmer]

I don't see the point or need for any Ajax/Javascript really, And refill automatically? I think you might just be lacking off sleep when you're thinking about this

[Equinox]

Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically

Why would it matter??

Never mind that, I thought it said something else XD I'd just got up. -.-

[Haunted Dawg]

I don't see the point or need for any Ajax/Javascript really, And refill automatically? I think you might just be lacking off sleep when you're thinking about this

 

I think, (s)he is meaning to say refresh automatically.

It's not that hard to stop the bot's refreshing.

In explore.php under include "globals.php" add:

$_SESSION['cstamp'] = sha1(time());

Then find the market url and change to

Crystal Market

Then in your cmarket.php, find the default function and add:

if(isset($_GET['cstamp']) && $_GET['cstamp'] != sha1(time()+10)) {

exit;

}

else if(!isset($_GET['cstamp'])) {

exit;

}

That's just a simple way. But there are better method's, which i will not go into right now. And no, that has not been tested.

That there should only accept people that has viewed the explore from 10 second's ago.

[Uridium]

doing a quick scan you have 125 Open brackets ( and 123 Closed Brackets )

not that these may cause an issue but it could slow down the script if things are missing

[NarutoPRG.com]

Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically

Thanks. Right now I'm only concentrating on PHP. But honestly, I don't see the point of using Ajax on a cmarket.

@ HD:

Would you mind explaining more of this? If it's help on security or performance, I would be really helpful. :)

@ Illusions:

Thanks for that. I might just have to cut down on them. :P

[Aurora078]

Ooh i misread it ^^. I thought it was a ctemple xD. The only thing that should be added is limit the amount of entries each user should be able to have on the market at once. Like say 5 entries per user at a time, so you dont have someone with 1k points putting 1 point in and using a macro to keep posting and spam your thing up

[NarutoPRG.com]

Ohh.. Nice Idea ^^

I'm not going to make another cmarket again. But thanks for the small info. :)

[Aurora078]

Ohh.. Nice Idea ^^

I'm not going to make another cmarket again. But thanks for the small info. :)

NP

[rulerofzu]

Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically

Thanks. Right now I'm only concentrating on PHP. But honestly, I don't see the point of using Ajax on a cmarket.

@ HD:

Would you mind explaining more of this? If it's help on security or performance, I would be really helpful. :)

@ Illusions:

Thanks for that. I might just have to cut down on them. :P

Naruto.

The code HD suggested is more a prevention method to stop players hitting f5 or using macro's etc to refresh the browser.

Ive seen players on games do this to do multiple crimes, train in the gym quicker, auto attack someone.

I use a similiar method on certain parts of rulerofzu.com to stop page refreshing.

[Aurora078]

There are effective method's for leveling without cheating with bots. One thing that i know alot of players do if they can is called jail/bail. one user clicks the crime button, and on the other end someone bails them out. I know this cuz i used to do it

[rulerofzu]

That would depend on how much exp you are giving out on those. If your giving out a lot then expect it to be abused.