modernmafia Posted November 12, 2011 Share Posted November 12, 2011 This is the line ( 87 with error on it ) $amount=secure($_POST['amount']); any suggestion what i can replace it with also when betting on the chance casio i get Fatal error: Call to undefined function secure() in /home/modernmaa/public_html/chance.php on line 87 Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 12, 2011 Author Share Posted November 12, 2011 would this work $amount=($_POST['amount']); Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 12, 2011 Author Share Posted November 12, 2011 yeah it is numeric vaule Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 12, 2011 Author Share Posted November 12, 2011 when i changed it to what you said somerandombastard i bet the max bet which is 1,000 and click it and then it says The minimum bet is $100. Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 12, 2011 Author Share Posted November 12, 2011 when i change it to $amount=($_POST['amount']); it works Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 12, 2011 Author Share Posted November 12, 2011 (edited) <?php require("safe.php"); // Gaining User Information: $login=mysql_fetch_assoc(mysql_query("SELECT name,money,id,location FROM login WHERE name='".$name."'"))or die(mysql_error()); // Gaining Casino Information: $casino=mysql_fetch_assoc(mysql_query("SELECT * FROM casino_owner WHERE state='".$login['location']."' AND casino='1'"))or die(mysql_error()); if(isset($_GET['reset'])){ $reset=strip_tags(addslashes(htmlspecialchars($_GET['reset']))); if($reset == "yes"){ $result = mysql_query("UPDATE casino_owner SET profit='0' WHERE state='".mysql_real_escape_string($location)."'") or die(mysql_error()); echo 'Profit Reset!<br><br>'; }} // Check if owner is human: if($casino['owner'] == '0'){ if($_POST['pickup']){ if($money < 5000000){ echo "You don't have enough money to purchase this Casino."; }else{ mysql_query("UPDATE casino_owner SET owner='".$name."' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); // remove cash $costs = $money - 5000000; $result = mysql_query("UPDATE login SET money='".mysql_real_escape_string($costs)."' WHERE name='".$name."'") or die(mysql_error()); 'You now own the casino!'; } } echo '<center><form action="home.php?pageid=768" method="POST"> <table width="250" border="1" align="center" cellspacing="1" class="table"> <tr> <td colspan="2" align="center" bgcolor="#133337" class="style2">Purchase Chance</td> </tr> <tr> <td width="75" bgcolor="#414141" class="style1">Price:</td> <td width="175" bgcolor="#414141" class="style1">$5,000,000</td> </tr> <tr> <td colspan="2" bgcolor="#414141" class="style1"><table width="100" border="0" align="right" cellspacing="0"> <tr> <td align="center"><input name="pickup" type="submit" class="button" id="Pickup" value="Purchase" /></td> </tr> </table></td> </tr> </table> </form></center>'; }else{ // Casino Owner Information $owner=mysql_fetch_assoc(mysql_query("SELECT name,money,id FROM login WHERE name='".$casino['owner']."'"))or die(mysql_error()); // Starting the Game: if($_POST['roll_1'] OR $_POST['roll_2']){ $result=rand(1,2); $amount=($_POST['amount']); if($login['money'] <$amount){ echo 'You don\'t have enough money.'; }elseif($amount < 100){ echo 'The minimum bet is $100.'; }elseif(empty($amount)){ echo 'Please fill in a bet.'; }elseif($amount > $casino['max']){ echo 'Your bet exceeds the casino\'s maxbet.'; }else{ if($_POST['roll_1']){ $chose='Heads'; $false='Tails'; }else{ $chose='Tails'; $false='Heads'; } switch($result){ case 1: if($owner['money'] < $amount){ echo 'The coin rolled '.$chose.'. You won but the owner went broke. You won the casino!.'; mysql_query("UPDATE casino_owner SET owner='".$name."' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); }else{ echo 'The coin rolled '.$chose.'. You won <b>$'.number_format($amount*2).'</b>.'; $winnings = $amount * 0.90; mysql_query("UPDATE login SET money=money+$winnings WHERE id='".$login['id']."'")or die(mysql_error()); mysql_query("UPDATE login SET money=money-$amount WHERE id='".$owner['id']."'")or die(mysql_error()); mysql_query("UPDATE casino_owner SET profit=profit-$amount WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); } break; case 2: echo 'The coin rolled '.$false.'. You lost $'.number_format($amount).'.'; $winnings = $amount * 0.90; mysql_query("UPDATE login SET money=money-$amount WHERE id='".$login['id']."'")or die(mysql_error()); mysql_query("UPDATE login SET money=money+$winnings WHERE id='".$owner['id']."'")or die(mysql_error()); mysql_query("UPDATE casino_owner SET profit=profit+$winnings WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); break; default: echo 'Invalid Action.'; break; }}} if($_POST['update']){ if($login['name'] != $casino['owner']){ echo 'Access Denied'; }else{ $maxbet=secure($_POST['maxbet']); if($maxbet < 100){ echo 'Minimum maxbet is $100'; }else{ mysql_query("UPDATE casino_owner SET max=$maxbet WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); echo 'Maxbet updated'; }}} if($_POST['update2']){ if($login['name'] != $casino['owner']){ echo 'Access Denied.'; }else{ $sql = "SELECT name,sitestate FROM login WHERE name='".mysql_real_escape_string($_POST['owner'])."'"; $query = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_object($query); $owner_new = htmlspecialchars($row->name); $check_newowner=mysql_query("SELECT name,sitestate FROM login WHERE name='".$owner_new."'")or die(mysql_error()); $count_newowner=mysql_num_rows($check_newowner); if($count_newowner != 0){ $fetch_newowner=mysql_fetch_assoc($check_newowner); } if($count_newowner == 0){ echo 'No such player.'; }elseif($fetch_newowner['sitestate'] == 2){ echo 'This player is dead'; }else{ mysql_query("UPDATE casino_owner SET owner='".$owner_new."',max='100' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); echo 'You sent your casino to <b>'.$owner_new.'</b>'; $casino['owner']=$owner_new; }}} // Showing the Betting Screen: if($login['name'] != $casino['owner']){ echo ' <form action="home.php?pageid=768" method="POST"> <table width="275" border="1" align="center" cellspacing="1" bordercolor="#000000" bgcolor="#FFFFFF" class="table"> <tr> <td colspan="4" align="center" bgcolor="#133337" class="style2"><label>Chance</label></td> </tr> <tr> <td align="center" class="style1">Bet:</td> <td align="center" class="style1"><input type="text" name="amount" class="entryfield" value="'.$_POST[amount].'"; " style="width: 70%;"></td> </tr> <tr> <td width="100%" colspan="2" align="center" class="style1"> <input name="roll_1" type="submit" class="button" value="Heads" style="width: 33%;"> <input name="roll_2" type="submit" class="button" value="Tails" style="width: 33%;"> </td> </tr> </table><BR> <center>This casino is owned by <a href=\home.php?pageid=900&studentname='. $casino['owner'] .'><b>'.$casino['owner'].'</b></a>.<BR> '; if (($casino['max']) >= 99999999999){ echo "This casino has no betting limit.</center>"; }else{ echo 'The maximum bet is limited to $<b>'.number_format($casino['max']).'</b>.</center>'; } echo ' </form> <center>The local authorities charge 10% tax on all winnings.</center> '; }else{ // Show Owner Interface: echo ' <form action="home.php?pageid=768" method="POST"> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" class="table"> <tr> <td colspan="2" align="left" class="info_row" style="background:url(/images/chance.jpg) #222222 no-repeat right bottom; height:120px;"></td> </tr> </table><br> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" class="table"> <tr> <td colspan="2" align="center" bgcolor="#133337" class="style2"><label>'; echo $loc." Chance Management"; echo'</label></td> </tr> <tr> <td align="left" class="style1">Profit:</td> <td align="left" class="style1">$'.number_format($casino['profit']).' <a href="home.php?pageid=768&reset=yes"><i>(Reset)</i></a></td> </tr> <tr> <td width="100" align="left" class="style1">Maximum Bet:</td> <td width="250" align="center" class="style1">';?> <input name="maxbet" type="text" class="entryfield" id="max_bet" style='width: 98%;' onkeyup="fancyWriting(this);" onfocus="if(this.value=='<? if (( $casino['max'] ) >= 99999999999){ echo "Unlimited."; }else{ echo '$'.number_format( $casino['max'] ).''; } ?>'){this.value=''}" onblur="if(this.value==''){this.value='<? if (( $casino['max'] ) >= 99999999999){ echo "Unlimited."; }else{ echo '$'.number_format( $casino['max'] ).''; } ?>'}" value="<? if (( $casino['max'] ) >= 99999999999){ echo "Unlimited."; }else{ echo '$'.number_format( $casino['max'] ).''; } ?>" maxlength="20" /></td> </tr> <? echo' <tr> <td align="center" colspan="2" class="style1"> <input name="update" type="submit" class="button" value="Update" style="width: 30%;"> </td> </tr> <tr> <td align="left" class="style1">New Owner:</td> <td align="left" class="style1"> <input type="text" name="owner" class="entryfield" style="width: 98%;"></td> </tr> <tr> <td align="center" colspan="2" class="style1"> <input name="update2" type="submit" class="button" value="Transfer" style="width: 30%;"> </td> </tr> </table></form> '; } } // If owner is human ?> Edited November 14, 2011 by illusions added code tags Quote Link to comment Share on other sites More sharing options...
Ishraq Posted November 13, 2011 Share Posted November 13, 2011 Use the code tags! Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 13, 2011 Author Share Posted November 13, 2011 explain please Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 13, 2011 Author Share Posted November 13, 2011 also where i should use code tags Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted November 13, 2011 Share Posted November 13, 2011 I always wonder about posts like this mainly as to where you have got the scripts and why there is no secure function in what you have downloaded. Quote Link to comment Share on other sites More sharing options...
gurpreet Posted November 13, 2011 Share Posted November 13, 2011 I always wonder about posts like this mainly as to where you have got the scripts and why there is no secure function in what you have downloaded. Exactly what I was thinking. Quote Link to comment Share on other sites More sharing options...
plintu Posted November 14, 2011 Share Posted November 14, 2011 (edited) $amount=($_POST['amount']); is completely setting yourself up to get hacked, try this: $amount=mysql_real_escape_string(strip_tags($_POST['amount'])); ok I tried <code> tags and they do not work I even tried it like and nothing so :p Edited November 14, 2011 by plintu Quote Link to comment Share on other sites More sharing options...
plintu Posted November 14, 2011 Share Posted November 14, 2011 There is even other things you can do like just before the above code you can add something like : if (is_numeric($_POST['amount'])) { }else{die("What are you trying to pull here buddy?");} $amount=($_POST['amount']); is completely setting yourself up to get hacked, try this: $amount=mysql_real_escape_string(strip_tags($_POST['amount'])); ok I tried <code> tags and they do not work I even tried it like and nothing so :p Quote Link to comment Share on other sites More sharing options...
Uridium Posted November 14, 2011 Share Posted November 14, 2011 adding code tags example [*php] at start of <?PHP and [*/php] will display the code neater remove the * from both Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 14, 2011 Author Share Posted November 14, 2011 $amount=($_POST['amount']); is completely setting yourself up to get hacked, try this: $amount=mysql_real_escape_string(strip_tags($_POST['amount'])); ok I tried <code> tags and they do not work I even tried it like and nothing so :p Thanks plintu i used $amount=mysql_real_escape_string(strip_tags($_POST['amount'])); and now it works fine and is not throwing out errors Quote Link to comment Share on other sites More sharing options...
modernmafia Posted November 14, 2011 Author Share Posted November 14, 2011 (edited) plintu i also has the same problem with updating the max bet so i replaced it with $maxbet=mysql_real_escape_string(strip_tags($_POST['maxbet'])); Edited November 14, 2011 by modernmafia Quote Link to comment Share on other sites More sharing options...
Dominion Posted November 14, 2011 Share Posted November 14, 2011 Don't use mysql_real_escape_string() on a number... I would suggest looking at SomeRandomBastard's first post. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.