NarutoPRG.com Posted August 6, 2010 Share Posted August 6, 2010 Hey, So I continue to learn(when I CBA). I Was jusr practising on the cmarket.php, as was wondering what doesn't need to be there, or what's a better option. Here it is: <? require_once(DIRNAME(__FILE__). '/globals.php'); $_GET['action'] = (isset($_GET['action'])) && (is_string($_GET['action'])) ? (strtolower(trim($_GET['action']))) : FALSE; $_GET['ID'] = (abs((int)$_GET['ID'])); echo '<h3>Crystal Market</h3>'; switch ( ($_GET['action']) ) { case "buy": crystal_buy(); break; case "remove": crystal_remove(); break; case "add": crystal_add(); break; default: cmarket_index(); break; } function cmarket_index() { global $db,$ir,$c,$userid,$h; echo '[url="cmarket.php?action=add"]Add a Listing[/url] <table width = "75%" `cellspacing` = "1" class = "table"> <tr style="background:gray"> <th>Adder</th> <th>Qty</th> <th>Price each</th> <th>Price total</th> <th>Links</th> </tr> '; $Cmarket_info = ($db->fetch_single($db->query("SELECT cm.*, u.* FROM crystalmarket cm LEFT JOIN users u ON u.userid = cm.cmADDER ORDER BY cmPRICE/cmQTY ASC "))); while ( $user_adder = ($db->fetch_row($Cmarket_info)) ) { if ( (number_format($user_adder['cmADDER'])) == ($_GET['ID']) ) { $link = '<a href = "cmarket.php?action=remove&ID = '.number_format($user_adder['cmID'].'">Remove?</a>'; } else { $link = '<a href = "cmarket.php?action=buy&ID = '.number_format($user_adder['cmID']).'">Buy</a>'; } $each = (number_format($user_adder(['cmPRICE']))) / (number_format($user_adder(['cmQTY']))); echo '\n <tr> <td>[url="viewuser.php?u='.number_format($user_adder['userid']).'"]'.$user_adder['username'].'[/url] ['.number_format($user_adder['userid']).'] </td> <td>'.number_format($user_adder['cmQTY']).'</td> <td>($each)</td> <td>$'.number_format($user_adder['cmPRICE']).'</td> <td>[$link]</td> </tr> '; } echo '</table>'; } function crystal_remove() { global $db,$ir,$c,$userid,$h; $Cmarket_info = ($db->fetch_single($db->query("SELECT * FROM `crystalmarket` WHERE `cmID` = ".($_GET['ID'])." AND `cmADDER` = ".($_GET['ID'])." "))); if ( (!$db->num_rows($Cmarket_info)) ) { echo 'Error, either these crystals do not exist, or you are not the owner. [url="index.php"]Home[/url] '; $h->endpage(); exit; } $user_adder = ( ($db->fetch_row($Cmarket_info)) ); $db->query("UPDATE `users` SET `crystals` = `crystals` + ".number_format($user_adder['cmQTY'])." WHERE `userid` = ".($_GET['ID'])." "); $db->query("DELETE FROM `crystalmarket` WHERE `cmID` = ".($_GET['ID'])." "); echo 'Crystals removed from market! [url="home.php"]Home[/url] '; $h->endpage(); exit; } function crystal_buy() { global $db,$ir,$c,$userid,$h; $Cmarket_info = ($db->fetch_single($db->query("SELECT * FROM crystalmarket cm WHERE `cmID` = ".($_GET['ID'])." "))); if ( (!$db->num_rows($Cmarket_info)) ) { echo 'Error, either these crystals do not exist, or they have already been bought. [url="home.php"]Home[/url] '; $h->endpage(); exit; } $user_adder = ( ($db->fetch_row($Cmarket_info)) ); if ( (number_format($user_adder['cmPRICE']) > ($ir['money'])) ) { echo 'Error, you do not have the funds to buy these crystals. [url="home.php"]Home[/url] '; $h->endpage(); exit; } $db->query("UPDATE `users` SET `crystals` = `crystals` + ".number_format($user_adder['cmQTY'])." WHERE `userid` = ".($_GET['ID'])." "); $db->query("DELETE FROM `crystalmarket` WHERE `cmID` = ".($_GET['ID'])." "); $db->query("UPDATE `users` SET `money` = `money` - ".number_format($user_adder['cmPRICE'])." WHERE `userid` = ".($_GET['ID']." "); $db->query("UPDATE `users` SET `money` = `money` + ".number_forumat($user_adder['cmPRICE'])." WHERE `userid` = ".number_forumat($user_adder['cmADDER'])." "); event_add ($user_adder['cmADDER'] , '<a href = "viewuser.php?u=".($_GET['ID'])."">'.($ir['username']).'</a> bought your '.number_format($user_adder['cmQTY']).' crystals from the market for $'.number_format($user_adder['cmPRICE']).'.',$c); echo 'You bought the '.number_format($user_adder['cmQTY']).' crystals from the market for $'.number_format($r['cmPRICE']).'.'; } function crystal_add() { global $db,$ir,$c,$userid,$h; $_POST['amnt'] = (abs((int) $_POST['amnt'])); $_POST['price'] = (abs((int) $_POST['price'])); if ( ($_POST['amnt'])) { if ( ($_POST['amnt']) > (number_format($ir['crystals'])) ) { echo 'You are trying to add more crystals to the market than you have.'; $h->endpage(); exit; } $tp = ( ($_POST['amnt']*$_POST['price']) ); $db->query("INSERT INTO `crystalmarket` VALUES ( '',".($_POST['amnt'])." , ".($_GET['ID'])." , ($tp) ) "); $db->query("UPDATE `users` SET `crystals` = `crystals` - ".($_POST['amnt'])." WHERE `userid` = ".($_GET['ID'])." "); echo 'Crystals added to market! [url="cmarket.php"]Back[/url] '; $h->endpage() exit; } else { echo '[b]Adding a listing.[/b] You have [b]'.number_format($ir['crystals']).'[/b] crystal(s) that you can add to the market. <form action = "cmarket.php?action=add" method = "post"> <table width = "50%" border = "2" > <tr> <td>Crystals:</td> <td><input type = "text" name = "amnt" value = '.($ir['crystals']).' /> </td> </tr> <tr> <td>Price Each:</td> <td><input type = "text" name = "price" value = "200" /> </td> </tr> <tr> <td colspan = "2" align = "center"> <input type = "submit" value = "Add To Market" /> </tr> </table> </form> '; } } $h->endpage(); ?> Nothing Major, but I could do with some help like every body. :) Quote Link to comment Share on other sites More sharing options...
Danny696 Posted August 6, 2010 Share Posted August 6, 2010 $Cmarket_info = ($db->fetch_single($db->query("SELECT cm.*, u.* FROM crystalmarket cm LEFT JOIN users u ON u.userid = cm.cmADDER ORDER BY cmPRICE/cmQTY ASC "))); Is wrong. Doesnt need anything before the $db->query Quote Link to comment Share on other sites More sharing options...
Danny696 Posted August 6, 2010 Share Posted August 6, 2010 And your using wayyy to many brackets Quote Link to comment Share on other sites More sharing options...
NarutoPRG.com Posted August 6, 2010 Author Share Posted August 6, 2010 Ahh right. Thanks Danny bud. :) EDIT: I don't like thing being open. But just my way of doing stuff mate =P Quote Link to comment Share on other sites More sharing options...
Equinox Posted August 6, 2010 Share Posted August 6, 2010 I'm surprised Danny didn't pick up on this.... number_format() should only be used on output. It just formats the number to display nicely, for example 1000 becomes 1,000. You're using this on inserts, urls and in if() statements O.o Your if() statement would look like this: if( (1,000 == 1000)) { As you can see, this isn't going to work. And in some cases you spelt it "money_forumat" You've used HTML that is deprecated like the tag. There are several other things I would've changed and done differently, but that's my preference and some things I just don't agree with. Other than that, you tried, so kudos to you. Quote Link to comment Share on other sites More sharing options...
Danny696 Posted August 6, 2010 Share Posted August 6, 2010 I didnt look too much into it. Quote Link to comment Share on other sites More sharing options...
NarutoPRG.com Posted August 7, 2010 Author Share Posted August 7, 2010 Ty Equinox. :) Was really useful information mate mate. I didn't know was deprecated. :P Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted August 7, 2010 Share Posted August 7, 2010 Good effort. Try to avoid using cm.*, u.* or SELECT * Its better to see what actually needs selecting from the database otherwise you could be calling way to much information than is required. Especially with the users table. Quote Link to comment Share on other sites More sharing options...
NarutoPRG.com Posted August 7, 2010 Author Share Posted August 7, 2010 Cheers Roz. I need to work on my querys. Right now, I need a hosting to try to test the on. Or anything the supports PHP, MySQL. PHPMYADMIN is what's needed for me now. But yet again, thanks for the advice. :) Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted August 7, 2010 Share Posted August 7, 2010 Just download wamp or similiar to your computer. Quote Link to comment Share on other sites More sharing options...
Equinox Posted August 7, 2010 Share Posted August 7, 2010 Ty Zed. :) Was really useful information mate mate. I didn't know was deprecated. :P Erm..... I'm not Zed. My name is Equinox -.- Quote Link to comment Share on other sites More sharing options...
NarutoPRG.com Posted August 7, 2010 Author Share Posted August 7, 2010 Lmao. Faill.. It's that picture.. ¬_¬ Quote Link to comment Share on other sites More sharing options...
Aurora078 Posted August 10, 2010 Share Posted August 10, 2010 Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically Quote Link to comment Share on other sites More sharing options...
Equinox Posted August 10, 2010 Share Posted August 10, 2010 Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically Why would it matter?? Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted August 10, 2010 Share Posted August 10, 2010 I don't see the point or need for any Ajax/Javascript really, And refill automatically? I think you might just be lacking off sleep when you're thinking about this Quote Link to comment Share on other sites More sharing options...
Equinox Posted August 10, 2010 Share Posted August 10, 2010 Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically Why would it matter?? Never mind that, I thought it said something else XD I'd just got up. -.- Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted August 10, 2010 Share Posted August 10, 2010 I don't see the point or need for any Ajax/Javascript really, And refill automatically? I think you might just be lacking off sleep when you're thinking about this I think, (s)he is meaning to say refresh automatically. It's not that hard to stop the bot's refreshing. In explore.php under include "globals.php" add: $_SESSION['cstamp'] = sha1(time()); Then find the market url and change to Crystal Market Then in your cmarket.php, find the default function and add: if(isset($_GET['cstamp']) && $_GET['cstamp'] != sha1(time()+10)) { exit; } else if(!isset($_GET['cstamp'])) { exit; } That's just a simple way. But there are better method's, which i will not go into right now. And no, that has not been tested. That there should only accept people that has viewed the explore from 10 second's ago. Quote Link to comment Share on other sites More sharing options...
Uridium Posted August 10, 2010 Share Posted August 10, 2010 doing a quick scan you have 125 Open brackets ( and 123 Closed Brackets ) not that these may cause an issue but it could slow down the script if things are missing Quote Link to comment Share on other sites More sharing options...
NarutoPRG.com Posted August 10, 2010 Author Share Posted August 10, 2010 Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically Thanks. Right now I'm only concentrating on PHP. But honestly, I don't see the point of using Ajax on a cmarket. @ HD: Would you mind explaining more of this? If it's help on security or performance, I would be really helpful. :) @ Illusions: Thanks for that. I might just have to cut down on them. :P Quote Link to comment Share on other sites More sharing options...
Aurora078 Posted August 10, 2010 Share Posted August 10, 2010 Ooh i misread it ^^. I thought it was a ctemple xD. The only thing that should be added is limit the amount of entries each user should be able to have on the market at once. Like say 5 entries per user at a time, so you dont have someone with 1k points putting 1 point in and using a macro to keep posting and spam your thing up Quote Link to comment Share on other sites More sharing options...
NarutoPRG.com Posted August 10, 2010 Author Share Posted August 10, 2010 Ohh.. Nice Idea ^^ I'm not going to make another cmarket again. But thanks for the small info. :) Quote Link to comment Share on other sites More sharing options...
Aurora078 Posted August 10, 2010 Share Posted August 10, 2010 Ohh.. Nice Idea ^^ I'm not going to make another cmarket again. But thanks for the small info. :) NP Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted August 10, 2010 Share Posted August 10, 2010 Well, +1 for effort. However, i'd love to see some JS/Ajax put into it, as well as something to stop macro bots from just refilling automatically Thanks. Right now I'm only concentrating on PHP. But honestly, I don't see the point of using Ajax on a cmarket. @ HD: Would you mind explaining more of this? If it's help on security or performance, I would be really helpful. :) @ Illusions: Thanks for that. I might just have to cut down on them. :P Naruto. The code HD suggested is more a prevention method to stop players hitting f5 or using macro's etc to refresh the browser. Ive seen players on games do this to do multiple crimes, train in the gym quicker, auto attack someone. I use a similiar method on certain parts of rulerofzu.com to stop page refreshing. Quote Link to comment Share on other sites More sharing options...
Aurora078 Posted August 10, 2010 Share Posted August 10, 2010 There are effective method's for leveling without cheating with bots. One thing that i know alot of players do if they can is called jail/bail. one user clicks the crime button, and on the other end someone bails them out. I know this cuz i used to do it Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted August 10, 2010 Share Posted August 10, 2010 That would depend on how much exp you are giving out on those. If your giving out a lot then expect it to be abused. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.