Basic High/Low

[Joshua]

"Idealy" one would just use an array function or foreach, but we are working with mccodes >,<

[Dominion]

did not look at the whole page so may be the way you want it, however in your posts you seem to be missing a "_" on the post?

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

[Joshua]

definately am.

Never wake up and try to quick secure anything >,<

Currently am re-writing it so it will work. I'm awake now :D

[The Monk]

Thanks Josh, that is exactly what I meant by feel free to tear it up :)

After I posted this last night and turned my computer off the first thing I though was oh sh*t you can chance bet to anything so i'm glad that's fixed.

Do you think I should use an array or switch statement for card images?

[Joshua]

It's still exploitable as the way you have the forms pitching data and using some of the same data, it's easy enough to manipulate, i gave it a run with firebug and sure enough.

I know there is a simple way to go about doing it but then i'd actually have to go through the code and read it all and well, meh :p

Maybe tomorrow >,<

[The Monk]

That's fine, I don't expect you to spend hours doing something you can get payed for, I've already found out a decent amount of new stuff from the bits you changed.

Edit:

Should I add this in the make sure 'choice' is high or low?

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

or is there a better way of checking that?

Edit again:

Should I check the prize the same way?

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

or is there once again a better/more secure way.

[Joshua]

No, $price is the $_POST['variable'] and it's already secured.

Look at it like this, as this is the only problem left.

in your form data

where it says

<input type="hidden" value="'.$variable.'" name="oldnum">

 

The Variable is a number.

Using firebug, you can change that number.

Hence lies the problem

Really the way it's set up I'm not sure right off on just how to take care of it, i'll work on it tomorrow though.

[The Monk]

I think I understand, they could edit the hidden value to 10 and keep guessing low.

Is that what you mean?

[Joshua]

or the amount of money bet

[The Monk]

I didn't think the bet would matter because the bet amount if being checked with the !in_array statement?

One solution for the bet amount could be too only have 1 bet amount that wasn't declared in a hidden input.

[peterisgb]

kwls and yh i think card images should be added, but dont add the cards, make people that want it badly get the cards lol, but yh i think u should add it

[lucky3809]

Got this when i tried checking it out I clicked low and got ...

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

May want to fix that.

[Joshua]

Havent had time to correct the errors in this code, SO.

 

NOTE****THIS CODE is NOT secure.

If you choose to USE this code, Within literally 2 minutes I could have the Max allowable cash in game and that's the easy part.

 

So lets not use it for now eh? Look at it as a learning experience :-)

[The Monk]

I was just thinking I could use MySQL table or add a field to 'users'.

I'm not sure whether it would be a good idea though, adds another thing for the server to process and another thing to secure.

[The Monk]

Update 2: More security added, uses database now, database removes hidden input cheating.