Jump to content
MakeWebGames

Recommended Posts

Posted

Hello Every one i recently had a probelm with the whole php version and some one gave me this to look at

http://php.net/manual/en/migration53.deprecated.php

Anyway i have a file/files that had that error and i replaced ereg with preg_match instead so i changed the required lines but before i changed them i could put -9999999 and it was say invalid ammount ( with the error on the page ) but after i changed it to preg_match i could put -999999 and the game would give me money on my hand but i dont know if its cause of my knowledge of programming aint great or im using a wrong command

 

if some one could give me help it would be appreciated of guidence to a topic or something

 

Thank You to Every one that views and comments

 

Below is a non edited version ( ereg not changed )

 

<?
session_start();  

if (!(isset($_SESSION["real_name"])))
{
//echo "I'm not logged in";
header('Location: index.php');
}
else
{
echo "";
}


?>



<html>
<head>
<title>Game</title></head>
   	<link REL="stylesheet" TYPE="text/css" HREF="main.css">


<body background="wallpaper.jpg">
<center> 
<table border="0" cellspacing="0" cellpadding="0" align="center" width="95%" class="cat">

<TR> 

<TD width="150" background="tdbg3.jpg" bgcolor="#222222" valign="top">
<?php include("leftmenu.php");?>
</TD>

   <td width="100%" valign="top">	<br>	
 <?
include_once "includes/jail_check.php";
include_once "includes/hospital_check.php";
include "bb.php";
include "includes/game_connect.php";
include_once "includes/functions.php";
$ownusername=$_SESSION["real_name"];
$time=time();

$select2 = mysql_query("SELECT * FROM jail WHERE username='$ownusername'");
$num2 = mysql_num_rows($select2);

if ($num2 <=0){

$select2 = mysql_query("SELECT * FROM hospital WHERE username='$username'");
$num2 = mysql_num_rows($select2);

if ($num2 <=0){

$sql2="SELECT * from bank WHERE username='$ownusername'";
$result2=mysql_query($sql2);

while($rows2=mysql_fetch_array($result2)){ // Start looping table row 

$cash2= $rows2['amount'];
$timeleft= $rows2['deposit_time'];
$last = $timeleft - time();

}
$sql3="SELECT * from users WHERE username='$username'";
$result3=mysql_query($sql3);

while($rows3=mysql_fetch_array($result3)){ // Start looping table row 

$btime = $rows3['btime'];
$stime = $rows3['stime'];
}
if ($btime > time()){
$left = $btime - time();
echo "<center><b><font color=white>You Must Wait <span id='one'>$left</span> Seconds Before You May Use The Bank!</font></b></center>";
}else{
//teh function
function add_bank($p_sUser, $p_iAmount, $timer){

$ha = 3600 * $timer;
$time=time()+ $ha;	
$date = gmdate('Y-m-d h:i:s');
$time2 = 60;
$timek = time()+$time2;


//avoids sql injection.
$p_sUser = mysql_real_escape_string($p_sUser);
if (is_numeric($p_iAmount) && (0 < $p_iAmount)){
	$res= mysql_query("UPDATE users SET bank='$p_iAmount', cash=cash-'$p_iAmount', btime='$timek' WHERE username='$p_sUser' AND cash >= '$p_iAmount' AND bank ='0'");

	if(mysql_affected_rows() == "1"){
		$res = mysql_query("UPDATE users set deposit_time = '$time' WHERE username='$p_sUser'");
		$p_iAmount2 = number_format($p_iAmount);
		mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` , `ip` ) VALUES ('', '$p_sUser', 'Deposited <b>$$p_iAmount2</b> into bank account!', '$date', '$realip')");

		return 1;//success!;
	}
	else{
		$res = mysql_query("SELECT cash from users where username ='".$p_sUser."'");
		$arr = mysql_fetch_array($res);
		if ($arr['cash'] < $p_iAmount){
			return 2;
		}
		else{
			return 3;
		}
	}
}
else{
	return 4; //invalid amount.
}
}
//teh call.
if ($_POST['bankadd'] && strlen($_POST['bankadd'])<12){
$return = add_bank($ownusername, $_POST['bankadd'], $banktimer);
$bankadd = number_format($_POST['bankadd']);
if($return == 1){
	echo "You successfully deposited <b>$$bankadd</b>, after $banktimer hours you will receive 3% interest!";
}
elseif($return == 2){
	echo "You do not have $$bankadd";
}
elseif($return == 3){
	echo "You already have money deposited!";
}
elseif($return == 4){
	echo "Invalid amount!";
}
}

function withdraw_bank($p_sUser, $p_iAmount){
$date = gmdate('Y-m-d h:i:s');
$time2 = 60;
$timek = time()+$time2;
//avoids sql injection.
$p_sUser = mysql_real_escape_string($p_sUser);
if (is_numeric($p_iAmount) && (0 < $p_iAmount)){
	$res = mysql_query("UPDATE users set cash = cash+'$p_iAmount', bank=bank-'$p_iAmount', btime='$timek' WHERE username='".$p_sUser."' AND bank >= '$p_iAmount'");
	if(mysql_affected_rows() == "1"){
		$p_iAmount2 = number_format($p_iAmount);
		mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` , `ip` ) VALUES ('', '$p_sUser', 'Removed <b>$$p_iAmount2</b> into bank account!', '$date', '$realip')");
		return 1;//success!;
	}
	else{
		return 2;
	}
}
else{
	return 4; //invalid amount.
}
}
///ACTION///
if ($_POST['bankwithdraw'] && strlen($_POST['bankwithdraw'])<12){
$return = withdraw_bank($username, $_POST['bankwithdraw']);
if($return == 1){
	echo "You successfully removed $".number_format($_POST['bankwithdraw']);
}
elseif($return == 2){
	echo "You do not have $".number_format($_POST['bankwithdraw']);
}
elseif($return == 4){
	echo "Invalid amount!";
}
}
function send_bank($p_sUser, $p_sTo, $p_iAmount){

$date = gmdate('Y-m-d h:i:s');

$p_sUser = mysql_real_escape_string($p_sUser);
$p_sTo = mysql_real_escape_string($p_sTo);

$sql2="SELECT * from users WHERE username='$p_sTo'";
$result2=mysql_query($sql2);
while($rows2=mysql_fetch_array($result2)){ // Start looping table row  

$hip = $rows2['lastloginip'];
$myip = $_SERVER['REMOTE_ADDR'];

if ($myip == $hip){
echo "You cant send to this user!";
}else{

$num_true=mysql_num_rows($result2);
if ($num_true == 0){
return 3; 
}elseif ($num_true != 0){	

if (strtolower($p_sUser) == strtolower($p_sTo)){
return 5;//Same User
}else{
if (is_numeric($p_iAmount) && (0 < $p_iAmount)){
	$res = mysql_query("UPDATE users set cash = cash-$p_iAmount WHERE username='".$p_sUser."' AND cash >= $p_iAmount");
	if(mysql_affected_rows() == "1"){
		$res = mysql_query("UPDATE users set cash = cash+$p_iAmount WHERE username='".$p_sTo."'");
		mysql_query("INSERT INTO `transfers` ( `id` , `to` , `from` , `amount` , `place` ) 
VALUES (
'', '$p_sTo', '$p_sUser', '$p_iAmount', 'bank' );");
$ffcash = number_format($p_iAmount); 

mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` , `ip` ) VALUES ('', '$p_sUser', 'Sent <b>$$ffcash</b> to $p_sTo!', '$date, '$realip')");
mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` , `ip` ) VALUES ('', '$p_sTo', 'Recieved <b>$$ffcash</b> from $p_sUser!', '$date', '$realip')");
		return 1; //success!
	}
	else{
		$res = mysql_query("SELECT * from users WHERE username='".$p_sTo."'");
		$check=mysql_num_rows($res);
		if($check == 1){
			return 2; //not enough cash on hand
		}
		else{
			return 3; // user to send to does not exist.
		}
	}
}
else{
	return 4; //invalid amount.
}
}}}}}}}
if ($_POST['give'] && strlen($_POST['giveamount'])<11){

   $giveto = securestr($_POST['giveto']); 
$select2 = mysql_query("SELECT * FROM users WHERE username='$giveto'");
$givename = mysql_num_rows($select2);
function change($msg){
$post = $msg;
$post = str_replace(" ", "", $post);  
return $post;
}
if($givename == 0){
echo "No one with that name exists";
}else{
if($giveto == ""){
echo "No one with that name exists";
}else{
$return = send_bank($username, $giveto, $_POST['giveamount']);
$ffcash = number_format($_POST['giveamount']); 

if($return == 1){
	echo "You sent <a href=viewprofile.php?viewuser=$giveto ; ><b>$giveto</b></a> $$ffcash!";
}
elseif($return == 2){
	echo "You do not have that amount of cash!";
}
	elseif($return == 3){
	echo "This user does not exist!";
}
elseif($return == 4){
	echo "Invalid amount!";
}
}
}
}


$sql2="SELECT * from users WHERE username='$username'";
$result2=mysql_query($sql2);

while($rows2=mysql_fetch_array($result2)){ // Start looping table row 

$bank2= $rows2['bank'];
$timeleft= $rows2['deposit_time'];

}
$last = $timeleft - time();

$cash5 = number_format($bank2); 

if($bank2 <= 0){

mysql_query("UPDATE users SET bank='0', deposit_time='0' WHERE username='$username'");

}

if($last <= 0){

$interest2=$bank2 * 3;

$interest=$interest2 / 100;


$final= $bank2+$interest;

mysql_query("UPDATE users SET cash=cash+'$final', bank='0' WHERE username='$username' AND bank >0");


}
?>
<form method="post" action="" name="insert">
<table border=1 align=center cellspacing=0 cellpadding=2 bordercolor=black width=40% class=sub2>
   <tr>
     <td class="header" colspan="2" align="center"><b><font color=<? echo $layout ; ?>>Bank</font></b></td>
          </tr>
 <tr>
 <td><b><font color=white>Your Current Balance:</font></b></td><td><b><font color=<? echo $layout ; ?>>$<? if ($bank2 <= 0){ echo "0"; }else{ echo "$cash5";} ?></font></b></td>
 </tr>
 <tr>
 <td><b><font color=white>Time Left:</font></b></td><td><b><font color=white><?php if ($last <= 0){ echo "None"; }else{ echo maketime($timeleft) ; } ?></font></b></td>
 </tr>
 <tr>
 <td class="header" colspan="1" align="center"><b><font color=<? echo $layout ; ?>>Deposit</font></b></td>
 <td class="header" colspan="1" align="center"><b><font color=<? echo $layout ; ?>>Withdraw</font></b></td>
 </tr>
 <tr>
 <td align="center" border="0"><font color=white>$</font><input style="border:2px solid black;" type=text name=bankadd size=10><input type=submit name=bankaddsubmit value="Do it" ></td>
 <td align="center" border="0"><input style="border:2px solid black;" type=text name=bankwithdraw size=10><input type=submit name=bankwithdrawsubmit value="Do it"></td>
 </tr></form>
 </table> 
 <br><br>
   <? 
if ($stime > time()){
$left = $stime - time();
echo "<center><b><font color=white>You Must Wait <span id='two'>$left</span> Seconds Before You May Use The Swiss!</font></b></center>";
}else{
if ($_POST['swissbankaddsubmit'] && strip_tags($_POST['swissadd'])){

$donateamount = $_POST['swissadd']; 
$donateamount = strip_tags($donateamount);
$stime2 = 60;
$stimek = time()+$stime2;

if ($donateamount == 0 || !$donateamount || ereg('[^0-9]',$donateamount)){

print "You can not deposit that amount!";
}else{



$finalcash = $cash - $donateamount ;

if ($finalcash < 0){

echo "You do not have enough cash!";

}else{

mysql_query("UPDATE users SET `cash`=`cash`-'$donateamount' WHERE username='$username'");
mysql_query("UPDATE users SET `swissbank`=`swissbank`+'$donateamount' WHERE username='$username'");
mysql_query("UPDATE users SET `stime`='$stimek' WHERE username='$username'");


$donateamount2 = number_format($donateamount); 
mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` ) VALUES ('', '$username', 'Donated $$donateamount2 into swiss bank account!', '$date')");

echo "You deposited $<b>$donateamount2</b> into your swiss bank account!";

}}}

if ($_POST['swissbankwithdrawsubmit'] && strip_tags($_POST['swisswithdraw'])){

$removeamount = $_POST['swisswithdraw']; 
$removeamount = strip_tags($removeamount);
$stime2 = 60;
$stimek = time()+$stime2;

if ($removeamount == 0 || !$removeamount || ereg('[^0-9]',$removeamount)){

echo "You can not remove that amount!";
}else{

$sql4="SELECT * from users WHERE username='$username'";
$result4=mysql_query($sql4);

while($rows4=mysql_fetch_array($result4)){ // Start looping table row 
$swissbank= $rows4['swissbank'];
}

$finalcash = $swissbank - $removeamount ;

if ($finalcash < 0){

echo "You do not have that amount in your swiss account!";

}elseif ($finalcash >=0){

mysql_query("UPDATE users SET `cash`=`cash`+'$removeamount' WHERE username='$username'");
mysql_query("UPDATE users SET `swissbank`=`swissbank`-'$removeamount' WHERE username='$username' AND swissbank >=$removeamount");
mysql_query("UPDATE users SET `stime`='$stimek' WHERE username='$username'");
$removeamount2 = number_format($removeamount); 

mysql_query("INSERT INTO `logs` ( `id` , `who` , `action` , `date` ) VALUES ('', '$username', 'Removed $$removeamount2 from swiss bank account!', '$date')");

echo "You removed <b>$removeamount2</b> from your swiss bank account";

}}}
$sql3="SELECT * from users WHERE username='$username'";
$result3=mysql_query($sql3);

while($rows3=mysql_fetch_array($result3)){ // Start looping table row 

$swissbank2= $rows3['swissbank'];

}

$swisscash5 = number_format($swissbank2); 

if($swissbank2 <= 0){

mysql_query("UPDATE users SET swissbank='0' WHERE username='$username'");

}
?>
<form method="post" action="" name="insert2">
<table border=1 align=center cellspacing=0 cellpadding=2 bordercolor=black width=40% class=sub2></td>
   <tr>
     <td class="header" colspan="2" align="center"><b><font color=<? echo $layout; ?>>Swiss</font></b></td>
     </tr>
<tr>
 <td><b><font color=white>Your Current Swiss Balance:</font></b></td><td><b><font color=<? echo $layout; ?>>$<? if ($swissbank2 <= 0){ echo "0"; }else{ echo "$swisscash5";} ?></font></b></td>
 </tr>
 <tr>
 <td> </td><td> </td>
 </tr>
 <tr>
 <td class="header" colspan="1" align="center"><b><font color=<? echo $layout; ?>>Deposit</font></b></td>
 <td class="header" colspan="1" align="center"><b><font color=<? echo $layout; ?>>Withdraw</font></b></td>
 </tr>
 <tr>
 <td align="center" border="0"><font color=white>$</font>
   <input style="border:2px solid black;" type=text name=swissadd size=10> <input type=submit name=swissbankaddsubmit value="Do it" ></td>
 <td align="center" border="0"><input style="border:2px solid black;" type=text name=swisswithdraw size=10><input type=submit name=swissbankwithdrawsubmit value="Do it"></td>
 </tr>
</form>
</table>
<? }} ?>
<br><br>
  <form method="post" action="" name="f">
 <table border=1 align="center" cellspacing=0 cellpadding=2 bordercolor=black width=50% class=sub2>
 <tr>
 <td class="header" colspan="4" align="center"><b><font color=white>Send Cash!</font></b></td>
 </tr>
 <tr>

 <td align="center" border="0"><b><font color=white>Name:</font></b><br>
   <br><input style="border:1px solid black;" type=text name=giveto></td>
 </tr>
 <tr>
   <td align="center" border="0"><b><font color=white>Amount:</font></b><br>
     <br><input style="border:1px solid black;" type=text name=giveamount></td>
 </tr>

 <tr>
 <td align="center" colspan="3" border="0"><input type=submit name="give" value="Send"></td>
 </tr>
 </form>
<table width="75%" border="0" align="center">
 <tr>
   <td valign="top"><table border=1 cellspacing=0 cellpadding=2 bordercolor=black width=100% class=sub2>
 <tr>
 <td class="header" colspan="3" align="center"><b><font color=white>Last 25 Sent</font></b></td>
 </tr>
   <? $ka=mysql_query("SELECT * FROM `transfers` WHERE `from`='$username' AND place='bank' ORDER BY id DESC LIMIT 25");
      while($pa=mysql_fetch_object($ka)){

$fromcash2 = number_format($pa->amount); 

   echo "
   <tr>
         <td><b><font color=white>You sent $$fromcash2 to <a href='viewprofile.php?viewuser=$pa->to'><b><font color=white>$pa->to</b></font></a></td>
       </tr>";
	}
	?>

 </table></td>
   <td valign="top"><table border=1 cellspacing=0 cellpadding=2 bordercolor=black width=100% class=sub2>
 <tr>
 <td class="header" colspan="3" align="center"><b><font color=white>Last 25 Received</font></b> </td>
 </tr>
<? $k=mysql_query("SELECT * FROM `transfers` WHERE `to`='$username' AND place='bank' ORDER BY id DESC LIMIT 25");
      while($p=mysql_fetch_object($k)){

   $fromcash = number_format($p->amount); 

   echo "
   <tr>
         <td><b><font color=white>You received $$fromcash from <a href='viewprofile.php?viewuser=$p->from'><b><font color=white>$p->from</b></font></a></td>
       </tr>";
	}
	?>

 </table></td>
 </tr>
</center></table>
<script language="JavaScript" type="text/javascript">
 function codeOk(){
	var ok=document.getElementById("one").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("one").innerHTML=k;
		setTimeout("codeOk();",1000);
	}else{
		document.getElementById("one").innerHTML="0";
	}
 }
 	 function codeTwo(){
	var ok=document.getElementById("two").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("two").innerHTML=k;
		setTimeout("codeTwo();",1000);
	}else{
		document.getElementById("two").innerHTML="0";
	}
 }
  function codeThree(){
	var ok=document.getElementById("three").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("three").innerHTML=k;
		setTimeout("codeThree();",1000);
	}else{
		document.getElementById("three").innerHTML="0";
	}
 }
function codeFour(){
	var ok=document.getElementById("four").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("four").innerHTML=k;
		setTimeout("codeFour();",1000);
	}else{
		document.getElementById("four").innerHTML="0";
	}
 }

 function codeFive(){
	var ok=document.getElementById("five").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("five").innerHTML=k;
		setTimeout("codeFive();",1000);
	}else{
		document.getElementById("five").innerHTML="0";
	}
 }

function codeSix(){
	var ok=document.getElementById("six").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("six").innerHTML=k;
		setTimeout("codeSix();",1000);
	}else{
		document.getElementById("six").innerHTML="0";
	}
 }

  function codeSeven(){
	var ok=document.getElementById("seven").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("seven").innerHTML=k;
		setTimeout("codeSeven();",1000);
	}else{
		document.getElementById("seven").innerHTML="0";
	}
 }

  function codeEight(){
	var ok=document.getElementById("eight").innerHTML;
	if(ok > 1){
	var k = ok-1;
	document.getElementById("eight").innerHTML=k;
		setTimeout("codeEight();",1000);
	}else{
		document.getElementById("eight").innerHTML="0";
	}
 }

setTimeout("codeOk();",1000);
setTimeout("codeTwo();",1000);
setTimeout("codeThree();",1000);
setTimeout("codeFour();",1000);
setTimeout("codeFive();",1000);
setTimeout("codeSix();",1000);
setTimeout("codeSeven();",1000);
setTimeout("codeEight();",1000);
</script>
</td>



  	  <TD width="150" valign="top">
<?php include("rightmenu.php");?>
</TD>

</TR>


</table>

</center>
</body>
</html>
Posted (edited)

I just looked through a whole file, and didn't find any preg_match() being used. :confused:

Edit: Never mind, I found ereg().

I'm guessing your familiarity with regex isn't that great, right?

So I'll suggest you use a conditional statement for that, such as:

// will return true if $myVar is less than zero.
if (.... || ($myValue < 0 || abs($myValue) > PHP_INT_MAX))
Edited by Spudinski
Posted

Sorry spudinski but... when will abs($something) be smaller than 0? Never. So that's clearly wrong. Maybe you thought about intval or something like $val+0 or other... but for sure not abs ;)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...