Jump to content
MakeWebGames

Basic High/Low

The Monk

By The Monk
in Free Modifications

 Share

Recommended Posts

The Monk Newbie

The Monk

Posted
Posted

[align=center]The Monk's High/Low Mod for MCCodes V2

[/align]

I was searching through the requests section and I found an old topic, high/low seemed easy enough.

This is the first mod I made from scratch.

I'll try to update this in the future and might release a paid premium version.

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

[mysql]CREATE TABLE IF NOT EXISTS `highlow` (

`userid` int(11) NOT NULL,

`oldnum` int(11) NOT NULL,

PRIMARY KEY (`userid`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;[/mysql]

A couple comments here and there to explain the point of some things.

I'd love input/feedback, feel free to tear it up and re-post your 'better' version.

Update 1: Secured querys + variables to the best of my knowledge.

Update 2.1: Added support for MySQL table, removed hidden input editing vuln.

Update 2.2: Re-secured in everything to use less processing power.

Equinox Newbie

Equinox

Posted
Posted

Well, security flaws can do a lot - in an McCodes game, users could manipulate the data you're sending to their own benefit and they could insert malicious data to destroy your script and site.

Joshua Newbie

Joshua

Posted
Posted

I did a quick run through and secured the few things i saw, nothing major.

Good job, we need some guys to start making mods again, keeps the forums alive :)

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Joshua Newbie

Joshua

Posted
Posted

$_POST['choice'] is the only post not secure and there is nothing really to my knowledge that can be done with that variable anywho so shrugz.

<center> will work fine enough it's his code i just tightened it up a bit.

Joshua Newbie

Joshua

Posted
Posted

I'm not to great with Javascript the only thing that I could possibly imagine could be done with $_POST['choice'] variable would be some sort of javascript attack, but it's not inserting anything into the database so I dont think it would be manageable.

Just the same, I'll "secure" that post variable to, to appease the masses.

Djkanna Apprentice

Djkanna

Posted
Posted

Um what about checking whether the bet is one of those dropdown options specified?

$bet = number_format(rand(1,10));

Is a bad idea considering you use $bet in the form then when altering the users money via a query.

So UPDATE `users` SET `money` = `money` - 10,000 ...........

if(10,000 > $ir['money']) {

Joshua Newbie

Joshua

Posted
Posted

Oh yeh $bet is inserting to the $db-> good catch.

I spose could use a basic if not in array function for making sure the bet is one specified, but again, i dont see what anyone could do with it

Djkanna Apprentice

Djkanna

Posted
Posted
Oh yeh $bet is inserting to the $db-> good catch.

I spose could use a basic if not in array function for making sure the bet is one specified, but again, i dont see what anyone could do with it

Bet more than what's specified?

I know not much of a security issue but it's a deflect in how it was intended to work therefore a bug :D

Djkanna Apprentice

Djkanna

Posted
Posted

Problem only half fixed though :P

Congratulations! You won your bet of \$1

You guessed high, the previous number was 2 and the new number was 7.

Is the next number going to be higher or lower than 7?

(meh I just signed up and mugged a dude with some cash) :D

Just to note I started with 11k and now I have

Money: $24,666,602

I can always win no matter what, change the old num hidden value to one and always click higher ensures a win each time (also changing my bet makes it easier to gain quick cash

Congratulations! You won your bet of \$110000000

You guessed high, the previous number was 1 and the new number was 6.

Is the next number going to be higher or lower than 6?

Also make sure to check if I have enough money on the higher and lower aswell otherwise you get

Congratulations! You won your bet of \$1100000000000000000000

You guessed high, the previous number was 1 and the new number was 3.

Is the next number going to be higher or lower than 3?

I don't have that kind of cash.

Joshua Newbie

Joshua

Posted
Posted

Well hrmz.

Maybe because i secured the post but not the $bet variable which he's using for the calls

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Djkanna Apprentice

Djkanna

Posted
Posted

A few minutes and my money is already maxed out

Name: Djkanna [4]

Money: $2,147,483,647

Congratulations! You won your bet of \$1100000055555555555555555555555555555555555555555500000000000000

You guessed high, the previous number was 1 and the new number was 6.

Is the next number going to be higher or lower than 6?

peterisgb Community Regular

peterisgb

Posted
Posted

hmm good mod, but just a little query, i dont know much about coding but adding cards in would like be better.

the code here

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

could like this be added to make the cards show,

if ($guess == 1 { print "card1.jpg"; } else

if ($guess == 2 { print "card2.jpg"; } else

if ($guess == 3 { print "card3.jpg"; }

etc, would that work or not??

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...