gurpreet Posted October 2, 2011 Share Posted October 2, 2011 (edited) I'm trying to create a hitlist, but when I'm adding a hit I can add anyone to the hitlist, even if they dont exist.. Plus there's a few small bugs I can't figure out like when I try to change the userid into the username. I can't see anything wrong in the script but recently I've been missing lots of small stuff. Could anyone help me fix it? Also if I'm using any bad practices, could you tell me so I can use the better way. Thanks <?php include "globals.php"; switch($_GET['action']) { case "addhit": addhit(); break; default: index(); break; } function index() { global $db,$ir,$c,$userid,$h; print " <a href='hitlist.php?action=addhit'><h3>Add a Hit!</h3></a><br> Hits that are up:<br> <table width='100%' cellspacing='2' cellpadding='2' class='table' border='1'> <th>User</th> <th>Bounty</th> <th>Level</th> <th>Attack!</th> </tr> "; $SELECT = (" SELECT hl.*, u.userid, u.username, u.level FROM hitlist AS hl LEFT JOIN users AS u ON (u.userid = hl.hitADDED) ORDER BY userid ASC" ); $q = $db->query($SELECT); while($r=$db->fetch_row($q)) { print " <tr> <td>".finduser($r['userid'])."</td> <td>".number_format($r['hitBOUNTY'])."</td> <td>".number_format($r['level'])."</td> </tr> </table>"; } } function addhit() { global $db,$ir,$c,$userid,$h; $_POST['user'] = abs(@intval($_POST['user'])); if($_POST['user']) { $sel = $db->query("SELECT username, level, userid FROM users WHERE userid = {$_POST['user']}"); $row = $db->fetch_row($sel); $cost = "{$row['level']} * 50000"; if($cost > $ir['money']) { die("You do not have enough money to place a hit on {$_POST['user']}"); } else if(!$_POST['user']) { die("No user exists with this ID!"); } $db->query("INSERT INTO hitlist VALUES ('','{$ir['userid']}','{$_POST['user']}','$cost')"); $db->query("ALTER TABLE users SET money = money - $cost WHERE userid = {$ir['userid']}"); print "{$_POST['user']} added to the hitlist!<br> <a href='hitlist.php'>> Back</a>"; } else { echo " Adding a hit:<br><br><br> <form action='hitlist.php?action=addhit' method='post'> <table width=50% border=2> <tr> <td>User ID:</td> <td><input type='text' name='user' /></td> </tr> <tr> <td colspan='2' align='center'><input type='submit' value='Add to hitlist!'></td> </tr> </table> </form> "; } } ?> Edited October 2, 2011 by gurpreet Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted October 2, 2011 Share Posted October 2, 2011 for your no users exist try this... else if($db->num_rows($sel)==0) { die("No user exists with this ID!"); } Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 2, 2011 Author Share Posted October 2, 2011 (edited) Thanks all fixed now. Edited October 3, 2011 by gurpreet Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 3, 2011 Author Share Posted October 3, 2011 I've added a few more stuff to this script, but I have a few problems: Sometimes it says No user exists with this ID! even though the user is there? I can't seem to add an else if to check if they are in hospital or jail, I just get a blank page. <?php include "globals.php"; switch($_GET['action']) { case "addhit": addhit(); break; default: index(); break; } function index() { global $db,$ir,$c,$userid,$h; print " <a href='hitlist.php?action=addhit'><h3>Add a Hit!</h3></a><br> Hits that are up:<br> <table width='80%%' cellspacing='2' cellpadding='2' class='table' border='1'> <th>User</th> <th>Bounty</th> <th>Level</th> <th>Attack!</th> </tr> "; $SELECT = mysql_query(" SELECT hl.*, u.userid, u.username, u.level FROM hitlist AS hl LEFT JOIN users AS u ON (u.userid = hl.hitADDED) ORDER BY userid ASC" ); while($bounty=mysql_fetch_array($SELECT)) { print " <tr> <td>".finduser($bounty['userid'])." [{$bounty['userid']}]</td> <td>\$".number_format($bounty['hitBOUNTY'])."</td> <td>".number_format($bounty['level'])."</td> <td><a href='attack.php?ID={$bounty['userid']}'>Attack</a></td> </tr>"; } echo "</table>"; } function addhit() { global $db,$ir,$c,$userid,$h; $_POST['user'] = abs(@intval($_POST['user'])); if($_POST['user']) { $sel = mysql_query("SELECT hl.*, u.username, u.level, u.userid FROM hitlist AS hl LEFT JOIN users AS u ON ({$_POST['user']} = hl.hitADDED) WHERE userid = {$_POST['user']}"); $row = $db->fetch_row($sel); $costrand = mt_rand(50000,70000); $cost = ($row['level'] * $costrand); if($_POST['user'] == $ir['userid']) { die("Why are you trying to place a hit on yourself?"); } else if($cost > $ir['money']) { die("You do not have enough money to place a hit on {$row['username']}"); } else if($db->num_rows($sel)==0) { die("No user exists with this ID!"); } else if($_POST['user'] == $row['hitADDED']) { die("{$row['username']} is already on the hitlist!"); } $db->query("INSERT INTO hitlist VALUES ('','{$ir['userid']}','{$_POST['user']}','$costrand')"); $db->query("UPDATE users SET money = money - $cost WHERE userid = {$ir['userid']}"); event_add($_POST['user'], "You were placed on the hitlist by ".finduser($ir['userid'])."!"); print "{$row['username']} added to the hitlist! The bounty is \$".number_format($cost)." and has been taken by the hitmen contractors.<br> <a href='hitlist.php'>> Back</a>"; } else { echo " Adding a hit:<br><br><br> <form action='hitlist.php?action=addhit' method='post'> <table width=50% border=2> <tr> <td>User ID:</td> <td><input type='text' name='user' /></td> </tr> <tr> <td colspan='2' align='center'><input type='submit' value='Add to hitlist!'></td> </tr> </table> </form> "; } } ?> Can anyone see anything wrong with this? The problems are all in the addhit() function Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 4, 2011 Author Share Posted October 4, 2011 Bump. Can anyone help? 2 problems here: 1) Sometimes it says "No user exists with this ID!" even though the user exists 2) I can't seem to add an else if to check if they are in hospital or jail, I just get a blank page. I've tried many different things, but none seem to work. My hitlist table has the following: hitID, hitADDER, hitADDED, hitBOUNTY. Quote Link to comment Share on other sites More sharing options...
newttster Posted October 4, 2011 Share Posted October 4, 2011 Try doing your checks before your switch statement. Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 4, 2011 Author Share Posted October 4, 2011 (edited) What do you mean? I can't because I have to add the checks in the addhit function? This is how I've done it, and I've commented the erroneous parts <?php include "globals.php"; switch($_GET['action']) { case "addhit": addhit(); break; default: index(); break; } function index() { global $db,$ir,$c,$userid,$h; print " <a href='hitlist.php?action=addhit'><h3>Add a Hit!</h3></a><br> Hits that are up:<br> <table width='80%%' cellspacing='2' cellpadding='2' class='table' border='1'> <th>User</th> <th>Bounty</th> <th>Level</th> <th>Attack!</th> </tr> "; $SELECT = mysql_query(" SELECT hl.*, u.userid, u.username, u.level FROM hitlist AS hl LEFT JOIN users AS u ON (u.userid = hl.hitADDED) ORDER BY userid ASC" ); while($bounty=mysql_fetch_array($SELECT)) { print " <tr> <td>".finduser($bounty['userid'])." [{$bounty['userid']}]</td> <td>\$".number_format($bounty['hitBOUNTY'])."</td> <td>".number_format($bounty['level'])."</td> <td><a href='attack.php?ID={$bounty['userid']}'>Attack</a></td> </tr>"; } echo "</table>"; } function addhit() { global $db,$ir,$c,$userid,$h; $_POST['user'] = abs(@intval($_POST['user'])); if($_POST['user']) { $sel = mysql_query("SELECT hl.*, u.username, u.level, u.hospital, u.jail, u.userid FROM hitlist AS hl LEFT JOIN users AS u ON ({$_POST['user']} = hl.hitADDED) WHERE userid = {$_POST['user']}"); $row = $db->fetch_row($sel); $costrand = mt_rand(50000,70000); $cost = ($row['level'] * $costrand); if($_POST['user'] == $ir['userid']) { die("Why are you trying to place a hit on yourself?"); } else if($cost > $ir['money']) { die("You do not have enough money to place a hit on {$row['username']}"); } //This else if below is a bit messed up too. It outputs the die message when a user exists else if($db->num_rows($sel)==0) { die("No user exists with this ID!"); } else if($_POST['user'] == $row['hitADDED']) { die("{$row['username']} is already on the hitlist!"); } //The else if below this are the messed up ones else if($row['hospital'] > 0) { die("This user is in the hospital and therefore cannot be placed on the hitlist."); } else if($row['jail'] > 0) { die("This user is in jail so a hit cannot be placed on them."); } $db->query("INSERT INTO hitlist VALUES ('','{$ir['userid']}','{$_POST['user']}','$costrand')"); $db->query("UPDATE users SET money = money - $cost WHERE userid = {$ir['userid']}"); event_add($_POST['user'], "You were placed on the hitlist by ".finduser($ir['userid'])."!"); print "{$row['username']} added to the hitlist! The bounty is \$".number_format($cost)." and has been taken by the hitmen contractors.<br> <a href='hitlist.php'>> Back</a>"; } else { echo " Adding a hit:<br><br><br> <form action='hitlist.php?action=addhit' method='post'> <table width=50% border=2> <tr> <td>User ID:</td> <td><input type='text' name='user' /></td> </tr> <tr> <td colspan='2' align='center'><input type='submit' value='Add to hitlist!'></td> </tr> </table> </form> "; } } ?> Edited October 4, 2011 by gurpreet Quote Link to comment Share on other sites More sharing options...
Lithium Posted October 5, 2011 Share Posted October 5, 2011 Try this one... addhit() slightly changed only <?php include "globals.php"; switch($_GET['action']) { case "addhit": addhit(); break; default: index(); break; } function index() { global $db,$ir,$c,$userid,$h; print " <a href='hitlist.php?action=addhit'><h3>Add a Hit!</h3></a> Hits that are up: <table width='80%%' cellspacing='2' cellpadding='2' class='table' border='1'> <th>User</th> <th>Bounty</th> <th>Level</th> <th>Attack!</th> </tr> "; $SELECT = mysql_query(" SELECT hl.*, u.userid, u.username, u.level FROM hitlist AS hl LEFT JOIN users AS u ON (u.userid = hl.hitADDED) ORDER BY userid ASC" ); while($bounty=mysql_fetch_array($SELECT)) { print " <tr> <td>".finduser($bounty['userid'])." [{$bounty['userid']}]</td> <td>\$".number_format($bounty['hitBOUNTY'])."</td> <td>".number_format($bounty['level'])."</td> <td><a href='attack.php?ID={$bounty['userid']}'>Attack</a></td> </tr>"; } echo "</table>"; } function addhit() { global $db,$ir,$c,$userid,$h; $_POST['user'] = abs(@intval($_POST['user'])); if($_POST['user']) { $sel = mysql_query("SELECT hl.*, u.username, u.level, u.hospital, u.jail, u.userid FROM hitlist AS hl LEFT JOIN users AS u ON ({$_POST['user']} = hl.hitADDED) WHERE userid = {$_POST['user']}"); $row = $db->fetch_row($sel); $costrand = mt_rand(50000,70000); $cost = ($row['level'] * $costrand); if($_POST['user'] == $ir['userid']) { die("Why are you trying to place a hit on yourself?"); } if($cost > $ir['money']) { die("You do not have enough money to place a hit on {$row['username']}"); } //This else if below is a bit messed up too. It outputs the die message when a user exists if(!$db->num_rows($sel)) { die("No user exists with this ID!"); } if($_POST['user'] == $row['hitADDED']) { die("{$row['username']} is already on the hitlist!"); } //The else if below this are the messed up ones if($row['hospital'] > 0) { die("This user is in the hospital and therefore cannot be placed on the hitlist."); } if($row['jail'] > 0) { die("This user is in jail so a hit cannot be placed on them."); } else { $db->query("INSERT INTO hitlist VALUES ('','{$ir['userid']}','{$_POST['user']}','$costrand')"); $db->query("UPDATE users SET money = money - $cost WHERE userid = {$ir['userid']}"); event_add($_POST['user'], "You were placed on the hitlist by ".finduser($ir['userid'])."!"); print "{$row['username']} added to the hitlist! The bounty is \$".number_format($cost)." and has been taken by the hitmen contractors. <a href='hitlist.php'>> Back</a>"; } } else { echo " Adding a hit: <form action='hitlist.php?action=addhit' method='post'> <table width=50% border=2> <tr> <td>User ID:</td> <td><input type='text' name='user' /></td> </tr> <tr> <td colspan='2' align='center'><input type='submit' value='Add to hitlist!'></td> </tr> </table> </form> "; } } ?> Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 5, 2011 Author Share Posted October 5, 2011 There were a few errors to do with the fetch_object syntax ($row->field) but I found those quickly and it works perfectly. Once again many thanks SRB, just wondering is fetch_object better than fetch_array or is a personal preference? Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 6, 2011 Author Share Posted October 6, 2011 Oh ok, one last thing I can't get working is the attack bit. I'm using this but nothing comes up when I attack a person on the hitlist: $bounties = mysql_query("SELECT hl.*,u.userid,u.username FROM `hitlist` hl LEFT JOIN `users` u ON (u.userid = hl.hitADDED) WHERE u.userid={$r['userid']}", $c); while($bounty = mysql_fetch_object($bounties)) { if($bounty->hitADDED == $r['userid']) { echo "You have successfully killed {$r['username']}! Because they were on the hitlist, you have earned \${$bounty->hitBOUNTY}."; } } I've put that in all of my attack pages but it doesn't come up. Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 6, 2011 Author Share Posted October 6, 2011 It checks if the user is on the hitlist. If they are then it should award the attacker the bounty (queries haven't been added yet, i wanted to check if this message appeared) Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted October 9, 2011 Share Posted October 9, 2011 $r['userid'] becomes $bounties['userid'] if i am looking at it right, because you are selecting the userid from that query. Quote Link to comment Share on other sites More sharing options...
gurpreet Posted October 9, 2011 Author Share Posted October 9, 2011 Ah I didn't spot that. Thank you very much lucky! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.