Jump to content
MakeWebGames

functions secure error


modernmafia

Recommended Posts

cant seem to fix it on line 87

<?php
require("safe.php");
?>
<?



// Gaining User Information:
$login=mysql_fetch_assoc(mysql_query("SELECT name,money,id,location FROM login WHERE name='".$name."'"))or die(mysql_error());

// Gaining Casino Information:
$casino=mysql_fetch_assoc(mysql_query("SELECT * FROM casino_owner WHERE state='".$login['location']."' AND casino='1'"))or die(mysql_error());

if(isset($_GET['reset'])){
$reset=strip_tags(addslashes(htmlspecialchars($_GET['reset'])));
if($reset == "yes"){
$result = mysql_query("UPDATE casino_owner SET profit='0' WHERE state='".mysql_real_escape_string($location)."'") 
or die(mysql_error());
echo 'Profit Reset!<br><br>';
}}

// Check if owner is human:
if($casino['owner'] == '0'){

if($_POST['pickup']){

if($money < 5000000){
echo "You don't have enough money to purchase this Casino.";
}else{


mysql_query("UPDATE casino_owner SET owner='".$name."' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error());

 // remove cash
$costs = $money - 5000000;
$result = mysql_query("UPDATE login SET money='".mysql_real_escape_string($costs)."' WHERE name='".$name."'") 
or die(mysql_error());

'You now own the casino!';
} 
}

echo '<center><form action="home.php?pageid=768" method="POST">

<table width="250" border="1" align="center" cellspacing="1" class="table">

   <tr>

     <td colspan="2" align="center" bgcolor="#133337" class="style2">Purchase Chance</td>

   </tr>

   <tr>

     <td width="75" bgcolor="#414141" class="style1">Price:</td>

     <td width="175" bgcolor="#414141" class="style1">$5,000,000</td>

   </tr>

   <tr>

     <td colspan="2" bgcolor="#414141" class="style1"><table width="100" border="0" align="right" cellspacing="0">

         <tr>

           <td align="center"><input name="pickup" type="submit" class="button" id="Pickup" value="Purchase" /></td>

         </tr>

     </table></td>

   </tr>

 </table>

</form></center>';
}else{


// Casino Owner Information
$owner=mysql_fetch_assoc(mysql_query("SELECT name,money,id FROM login WHERE name='".$casino['owner']."'"))or die(mysql_error());

// Starting the Game:
if($_POST['roll_1'] OR $_POST['roll_2']){
$result=rand(1,2);
$amount=secure($_POST['amount']);
if($login['money'] < $amount){
echo 'You don\'t have enough money.';
}elseif($amount < 100){
echo 'The minimum bet is $100.';
}elseif(empty($amount)){
echo 'Please fill in a bet.';
}elseif($amount > $casino['max']){
echo 'Your bet exceeds the casino\'s maxbet.';
}else{
if($_POST['roll_1']){
$chose='Heads';
$false='Tails';
}else{
$chose='Tails';
$false='Heads';
}
switch($result){
case 1:
if($owner['money'] < $amount){
echo 'The coin rolled '.$chose.'. You won but the owner went broke. You won the casino!.';
mysql_query("UPDATE casino_owner SET owner='".$name."' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error());
}else{
echo 'The coin rolled '.$chose.'. You won <b>$'.number_format($amount*2).'</b>.';
$winnings = $amount * 0.90;
mysql_query("UPDATE login SET money=money+$winnings WHERE id='".$login['id']."'")or die(mysql_error());
mysql_query("UPDATE login SET money=money-$amount WHERE id='".$owner['id']."'")or die(mysql_error());
mysql_query("UPDATE casino_owner SET profit=profit-$amount WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error());
}
break;
case 2:
echo 'The coin rolled '.$false.'. You lost $'.number_format($amount).'.';
$winnings = $amount * 0.90;
mysql_query("UPDATE login SET money=money-$amount WHERE id='".$login['id']."'")or die(mysql_error());
mysql_query("UPDATE login SET money=money+$winnings WHERE id='".$owner['id']."'")or die(mysql_error());
mysql_query("UPDATE casino_owner SET profit=profit+$winnings WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error());
break;
default:
echo 'Invalid Action.';
break;
}}}

if($_POST['update']){
if($login['name'] != $casino['owner']){
echo 'Access Denied';
}else{
$maxbet=secure($_POST['maxbet']);
if($maxbet < 100){
echo 'Minimum maxbet is $100';
}else{
mysql_query("UPDATE casino_owner SET max=$maxbet WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error());
echo 'Maxbet updated';
}}}

if($_POST['update2']){
if($login['name'] != $casino['owner']){
echo 'Access Denied.';
}else{

$sql = "SELECT name,sitestate FROM login WHERE name='".mysql_real_escape_string($_POST['owner'])."'";
$query = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_object($query);
$owner_new = htmlspecialchars($row->name);

$check_newowner=mysql_query("SELECT name,sitestate FROM login WHERE name='".$owner_new."'")or die(mysql_error());
$count_newowner=mysql_num_rows($check_newowner);
if($count_newowner != 0){
$fetch_newowner=mysql_fetch_assoc($check_newowner);
}
if($count_newowner == 0){
echo 'No such player.';
}elseif($fetch_newowner['sitestate'] == 2){
echo 'This player is dead';
}else{
mysql_query("UPDATE casino_owner SET owner='".$owner_new."',max='100' WHERE state='".$casino['state']."' AND casino='1'")or die(mysql_error());
echo 'You sent your casino to <b>'.$owner_new.'</b>';
$casino['owner']=$owner_new;
}}}

// Showing the Betting Screen:
if($login['name'] != $casino['owner']){
echo '
<form action="home.php?pageid=768" method="POST">
<table width="275" border="1" align="center" cellspacing="1" bordercolor="#000000" bgcolor="#FFFFFF" class="table">
 <tr>
   <td colspan="4" align="center" bgcolor="#133337" class="style2"><label>Chance</label></td>
 </tr>
 <tr>
   <td align="center" class="style1">Bet:</td>
   <td align="center" class="style1"><input type="text" name="amount" class="entryfield" value="'.$_POST[amount].'"; " style="width: 70%;"></td>
 </tr>
 <tr>
   <td width="100%" colspan="2" align="center" class="style1">
   <input name="roll_1" type="submit" class="button" value="Heads" style="width: 33%;">
   <input name="roll_2" type="submit" class="button" value="Tails" style="width: 33%;">
   </td>
 </tr>
</table><BR>
<center>This casino is owned by 


		  <a href=\home.php?pageid=900&studentname='. $casino['owner'] .'><b>'.$casino['owner'].'</b></a>.<BR>
';
 if (($casino['max']) >= 99999999999){ echo "This casino has no betting limit.</center>";
}else{ 
echo 'The maximum bet is limited to $<b>'.number_format($casino['max']).'</b>.</center>'; }

echo '
</form>
<center>The local authorities charge 10% tax on all winnings.</center>
';
}else{
// Show Owner Interface:
echo '
<form action="home.php?pageid=768" method="POST">

<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" class="table">

 <tr>
   <td colspan="2" align="left" class="info_row" style="background:url(/images/chance.jpg) #222222 no-repeat right bottom; height:120px;"></td>
 </tr>
</table><br>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" class="table">
 <tr>

   <td colspan="2" align="center" bgcolor="#133337" class="style2"><label>';  echo $loc." Chance Management";  echo'</label></td>
 </tr>
 <tr>
   <td align="left" class="style1">Profit:</td>
   <td align="left" class="style1">$'.number_format($casino['profit']).' <a href="home.php?pageid=768&reset=yes"><i>(Reset)</i></a></td>
 </tr>

 <tr>
   <td width="100" align="left" class="style1">Maximum Bet:</td>
   <td width="250" align="center" class="style1">';?>

<input name="maxbet" type="text" class="entryfield" id="max_bet" style='width: 98%;' onkeyup="fancyWriting(this);" onfocus="if(this.value=='<?
 if (( $casino['max'] ) >= 99999999999){ echo "Unlimited.";
}else{ 
echo '$'.number_format( $casino['max'] ).''; }
?>'){this.value=''}" onblur="if(this.value==''){this.value='<?
 if (( $casino['max'] ) >= 99999999999){ echo "Unlimited.";
}else{ 
echo '$'.number_format( $casino['max'] ).''; }
?>'}" value="<?
 if (( $casino['max'] ) >= 99999999999){ echo "Unlimited.";
}else{ 
echo '$'.number_format( $casino['max'] ).''; }
?>" maxlength="20" /></td>
 </tr>
<?
echo'




 <tr>
   <td align="center" colspan="2" class="style1">
<input name="update" type="submit" class="button" value="Update" style="width: 30%;">
   </td>
 </tr>
 <tr>
   <td align="left" class="style1">New Owner:</td>
   <td align="left" class="style1">    <input type="text" name="owner" class="entryfield" style="width: 98%;"></td>
 </tr>
 <tr>
   <td align="center" colspan="2" class="style1">
   <input name="update2" type="submit" class="button" value="Transfer" style="width: 30%;">
   </td>
 </tr>

</table></form>
';
}
} // If owner is human


?>
Link to comment
Share on other sites

by glancing at this you have

$reset=strip_tags(addslashes(htmlspecialchars($_GE T['reset'])));

the $_GE T should be $_GET

And

$amount=secure($_POST['amount']);

do you have a secure function in another page?

if not that can be your problem.

You can use ...

$amount=abs(intval($_POST['amount']));

Edited by lucky3809
Link to comment
Share on other sites

Your error is the secure function in one of your scripts, it wont be in the same page, as I tried stating.

call to undefined function secure() <-----THAT IS YOUR ERROR!

just replace all secure () function with the right secure functions...

abs(intval()) for numeric values.

mysql_real_escape_string(htlmentites()) with all your name and alphabetic values...

Edited by lucky3809
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...