modernmafia Posted December 16, 2011 Share Posted December 16, 2011 cant seem to fix it on line 87 <?php require("safe.php"); ?> <? // Gaining User Information: $login=mysql_fetch_assoc(mysql_query("SELECT name,money,id,location FROM login WHERE name='".$name."'"))or die(mysql_error()); // Gaining Casino Information: $casino=mysql_fetch_assoc(mysql_query("SELECT * FROM casino_owner WHERE state='".$login['location']."' AND casino='1'"))or die(mysql_error()); if(isset($_GET['reset'])){ $reset=strip_tags(addslashes(htmlspecialchars($_GET['reset']))); if($reset == "yes"){ $result = mysql_query("UPDATE casino_owner SET profit='0' WHERE state='".mysql_real_escape_string($location)."'") or die(mysql_error()); echo 'Profit Reset!<br><br>'; }} // Check if owner is human: if($casino['owner'] == '0'){ if($_POST['pickup']){ if($money < 5000000){ echo "You don't have enough money to purchase this Casino."; }else{ mysql_query("UPDATE casino_owner SET owner='".$name."' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); // remove cash $costs = $money - 5000000; $result = mysql_query("UPDATE login SET money='".mysql_real_escape_string($costs)."' WHERE name='".$name."'") or die(mysql_error()); 'You now own the casino!'; } } echo '<center><form action="home.php?pageid=768" method="POST"> <table width="250" border="1" align="center" cellspacing="1" class="table"> <tr> <td colspan="2" align="center" bgcolor="#133337" class="style2">Purchase Chance</td> </tr> <tr> <td width="75" bgcolor="#414141" class="style1">Price:</td> <td width="175" bgcolor="#414141" class="style1">$5,000,000</td> </tr> <tr> <td colspan="2" bgcolor="#414141" class="style1"><table width="100" border="0" align="right" cellspacing="0"> <tr> <td align="center"><input name="pickup" type="submit" class="button" id="Pickup" value="Purchase" /></td> </tr> </table></td> </tr> </table> </form></center>'; }else{ // Casino Owner Information $owner=mysql_fetch_assoc(mysql_query("SELECT name,money,id FROM login WHERE name='".$casino['owner']."'"))or die(mysql_error()); // Starting the Game: if($_POST['roll_1'] OR $_POST['roll_2']){ $result=rand(1,2); $amount=secure($_POST['amount']); if($login['money'] < $amount){ echo 'You don\'t have enough money.'; }elseif($amount < 100){ echo 'The minimum bet is $100.'; }elseif(empty($amount)){ echo 'Please fill in a bet.'; }elseif($amount > $casino['max']){ echo 'Your bet exceeds the casino\'s maxbet.'; }else{ if($_POST['roll_1']){ $chose='Heads'; $false='Tails'; }else{ $chose='Tails'; $false='Heads'; } switch($result){ case 1: if($owner['money'] < $amount){ echo 'The coin rolled '.$chose.'. You won but the owner went broke. You won the casino!.'; mysql_query("UPDATE casino_owner SET owner='".$name."' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); }else{ echo 'The coin rolled '.$chose.'. You won <b>$'.number_format($amount*2).'</b>.'; $winnings = $amount * 0.90; mysql_query("UPDATE login SET money=money+$winnings WHERE id='".$login['id']."'")or die(mysql_error()); mysql_query("UPDATE login SET money=money-$amount WHERE id='".$owner['id']."'")or die(mysql_error()); mysql_query("UPDATE casino_owner SET profit=profit-$amount WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); } break; case 2: echo 'The coin rolled '.$false.'. You lost $'.number_format($amount).'.'; $winnings = $amount * 0.90; mysql_query("UPDATE login SET money=money-$amount WHERE id='".$login['id']."'")or die(mysql_error()); mysql_query("UPDATE login SET money=money+$winnings WHERE id='".$owner['id']."'")or die(mysql_error()); mysql_query("UPDATE casino_owner SET profit=profit+$winnings WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); break; default: echo 'Invalid Action.'; break; }}} if($_POST['update']){ if($login['name'] != $casino['owner']){ echo 'Access Denied'; }else{ $maxbet=secure($_POST['maxbet']); if($maxbet < 100){ echo 'Minimum maxbet is $100'; }else{ mysql_query("UPDATE casino_owner SET max=$maxbet WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); echo 'Maxbet updated'; }}} if($_POST['update2']){ if($login['name'] != $casino['owner']){ echo 'Access Denied.'; }else{ $sql = "SELECT name,sitestate FROM login WHERE name='".mysql_real_escape_string($_POST['owner'])."'"; $query = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_object($query); $owner_new = htmlspecialchars($row->name); $check_newowner=mysql_query("SELECT name,sitestate FROM login WHERE name='".$owner_new."'")or die(mysql_error()); $count_newowner=mysql_num_rows($check_newowner); if($count_newowner != 0){ $fetch_newowner=mysql_fetch_assoc($check_newowner); } if($count_newowner == 0){ echo 'No such player.'; }elseif($fetch_newowner['sitestate'] == 2){ echo 'This player is dead'; }else{ mysql_query("UPDATE casino_owner SET owner='".$owner_new."',max='100' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error()); echo 'You sent your casino to <b>'.$owner_new.'</b>'; $casino['owner']=$owner_new; }}} // Showing the Betting Screen: if($login['name'] != $casino['owner']){ echo ' <form action="home.php?pageid=768" method="POST"> <table width="275" border="1" align="center" cellspacing="1" bordercolor="#000000" bgcolor="#FFFFFF" class="table"> <tr> <td colspan="4" align="center" bgcolor="#133337" class="style2"><label>Chance</label></td> </tr> <tr> <td align="center" class="style1">Bet:</td> <td align="center" class="style1"><input type="text" name="amount" class="entryfield" value="'.$_POST[amount].'"; " style="width: 70%;"></td> </tr> <tr> <td width="100%" colspan="2" align="center" class="style1"> <input name="roll_1" type="submit" class="button" value="Heads" style="width: 33%;"> <input name="roll_2" type="submit" class="button" value="Tails" style="width: 33%;"> </td> </tr> </table><BR> <center>This casino is owned by <a href=\home.php?pageid=900&studentname='. $casino['owner'] .'><b>'.$casino['owner'].'</b></a>.<BR> '; if (($casino['max']) >= 99999999999){ echo "This casino has no betting limit.</center>"; }else{ echo 'The maximum bet is limited to $<b>'.number_format($casino['max']).'</b>.</center>'; } echo ' </form> <center>The local authorities charge 10% tax on all winnings.</center> '; }else{ // Show Owner Interface: echo ' <form action="home.php?pageid=768" method="POST"> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" class="table"> <tr> <td colspan="2" align="left" class="info_row" style="background:url(/images/chance.jpg) #222222 no-repeat right bottom; height:120px;"></td> </tr> </table><br> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" class="table"> <tr> <td colspan="2" align="center" bgcolor="#133337" class="style2"><label>'; echo $loc." Chance Management"; echo'</label></td> </tr> <tr> <td align="left" class="style1">Profit:</td> <td align="left" class="style1">$'.number_format($casino['profit']).' <a href="home.php?pageid=768&reset=yes"><i>(Reset)</i></a></td> </tr> <tr> <td width="100" align="left" class="style1">Maximum Bet:</td> <td width="250" align="center" class="style1">';?> <input name="maxbet" type="text" class="entryfield" id="max_bet" style='width: 98%;' onkeyup="fancyWriting(this);" onfocus="if(this.value=='<? if (( $casino['max'] ) >= 99999999999){ echo "Unlimited."; }else{ echo '$'.number_format( $casino['max'] ).''; } ?>'){this.value=''}" onblur="if(this.value==''){this.value='<? if (( $casino['max'] ) >= 99999999999){ echo "Unlimited."; }else{ echo '$'.number_format( $casino['max'] ).''; } ?>'}" value="<? if (( $casino['max'] ) >= 99999999999){ echo "Unlimited."; }else{ echo '$'.number_format( $casino['max'] ).''; } ?>" maxlength="20" /></td> </tr> <? echo' <tr> <td align="center" colspan="2" class="style1"> <input name="update" type="submit" class="button" value="Update" style="width: 30%;"> </td> </tr> <tr> <td align="left" class="style1">New Owner:</td> <td align="left" class="style1"> <input type="text" name="owner" class="entryfield" style="width: 98%;"></td> </tr> <tr> <td align="center" colspan="2" class="style1"> <input name="update2" type="submit" class="button" value="Transfer" style="width: 30%;"> </td> </tr> </table></form> '; } } // If owner is human ?> Quote Link to comment Share on other sites More sharing options...
modernmafia Posted December 16, 2011 Author Share Posted December 16, 2011 (edited) REMOVED DOUBLE POST: illusions whats the error your getting Edited December 16, 2011 by illusions Quote Link to comment Share on other sites More sharing options...
Uridium Posted December 16, 2011 Share Posted December 16, 2011 whats the error your getting Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted December 16, 2011 Share Posted December 16, 2011 (edited) by glancing at this you have $reset=strip_tags(addslashes(htmlspecialchars($_GE T['reset']))); the $_GE T should be $_GET And $amount=secure($_POST['amount']); do you have a secure function in another page? if not that can be your problem. You can use ... $amount=abs(intval($_POST['amount'])); Edited December 16, 2011 by lucky3809 Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted December 16, 2011 Share Posted December 16, 2011 I would reckon thats a forum caused spacing Lucky. Several things wrong with this. mres on several things which are numeric strip tags addslashes htmlspecialchars is really not needed on that GET read what these do on php.net Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted December 16, 2011 Share Posted December 16, 2011 Yeah I noticed those things to I pm'd him after I wrote that. The security is not really good, several things not needed and several things not placed right, and told him about mres being on alphabet such as names that it does NOTHING for the numeric value. Quote Link to comment Share on other sites More sharing options...
Uridium Posted December 16, 2011 Share Posted December 16, 2011 Thanks for helping him out Lucky :) Quote Link to comment Share on other sites More sharing options...
modernmafia Posted December 18, 2011 Author Share Posted December 18, 2011 any suggestion on line 133 = $maxbet=secure($_POST['maxbet']); when doing what lucky said i get erros on that line Quote Link to comment Share on other sites More sharing options...
Dominion Posted December 18, 2011 Share Posted December 18, 2011 Post the error, and the secure function? Quote Link to comment Share on other sites More sharing options...
modernmafia Posted December 18, 2011 Author Share Posted December 18, 2011 i dont think i have a secure function as im new to coding but when updating a max bet it gives me this error Fatal error: Call to undefined function secure() in /home/modernma/public_html/chance.php on line 133 as i didnt have one for amount so i wont have one for maxbet what can put there Quote Link to comment Share on other sites More sharing options...
lucky3809 Posted December 18, 2011 Share Posted December 18, 2011 (edited) Your error is the secure function in one of your scripts, it wont be in the same page, as I tried stating. call to undefined function secure() <-----THAT IS YOUR ERROR! just replace all secure () function with the right secure functions... abs(intval()) for numeric values. mysql_real_escape_string(htlmentites()) with all your name and alphabetic values... Edited December 19, 2011 by lucky3809 Quote Link to comment Share on other sites More sharing options...
modernmafia Posted December 19, 2011 Author Share Posted December 19, 2011 ill give it a go Quote Link to comment Share on other sites More sharing options...
modernmafia Posted December 19, 2011 Author Share Posted December 19, 2011 fixed now thanks lucky Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.