Jump to content
MakeWebGames

Gang respect bug, page refresh gives away respect.


Hendrickson

Recommended Posts

I've found a bug in the script, well at least mine. Where a player looses a fight and then

respect points for their gang. Well if the user were to refresh the page they can give away more

respect points to the winning gang. So its a way for Gangs to get cheap respect points.

I'm lost at how to stop stop this. Using sessions to stop a page refresh is not the answer.

 

Not sure if using the below would work.

 

$_GET['userid']=abs((int) $_GET['userid']);
if(($_SESSION['userid'] == $r['userid']) || $r['userid']<100)
{
die ("Don't refresh the page please");
}

 

Here is my attacklost.php below:

 

<?php
$atkpage=1;
include "globals.php";

$_GET['ID']==abs((int) $_GET['ID']);
$_SESSION['attacking']=0;
$_SESSION['attacklost']=0;
$od=$db->query("SELECT * FROM users WHERE userid={$_GET['ID']}");
if($db->num_rows($od))
{
$r=$db->fetch_row($od);
print "You lost to {$r['username']}";
$expgain=abs(($ir['level']-$r['level'])^3);
$expgainp=$expgain/$ir['exp_needed']*50;
print " and lost $expgainp% EXP!";
$db->query("UPDATE users SET exp=exp-$expgain, attacking=0 WHERE userid=$userid");
$db->query("UPDATE users SET exp=0 WHERE exp<0");
$msg="{$ir['username']} Attacked you and lost!";
sms_send($msg,$_GET['ID']);
event_add($r['userid'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> attacked you and lost.",$c);
$atklog=mysql_escape_string($_SESSION['attacklog']);
$db->query("INSERT INTO attacklogs VALUES('',$userid,{$_GET['ID']},'lost',unix_timestamp(),0,'$atklog');");
$warq=$db->query("SELECT * FROM gangwars WHERE (warDECLARER={$ir['gang']} AND warDECLARED={$r['gang']}) OR (warDECLARED={$ir['gang']} AND warDECLARER={$r['gang']})");
if ($db->num_rows($warq) > 0)
{
$war=$db->fetch_row($warq);
$db->query("UPDATE gangs SET gangRESPECT=gangRESPECT+1 WHERE gangID={$r['gang']}");
$db->query("UPDATE gangs SET gangRESPECT=gangRESPECT-1 WHERE gangID={$ir['gang']}");
print "<br />You lost 1 respect for your gang!";
}
print"<a data-role='button' href='explore.php'>Back to Town</a>";
}
else
{
print "You lost to Mr. Non-existant! =O";
}
$h->endpage();
?>
Link to comment
Share on other sites

Thanks, I didn't see there where updates this month!

Edit: Download the new update from my account,

Doesn't seem to find the issue? attacklost.php doesn't mention the cheaters don't get anywhere in an if statement?

          $war = $db->fetch_row($warq);
           $db->query(
                   "UPDATE `gangs` SET `gangRESPECT` = `gangRESPECT` + 1 WHERE `gangID` = {$r['gang']}");
           $db->query(
                   "UPDATE `gangs` SET `gangRESPECT` = `gangRESPECT` - 1 WHERE `gangID` = {$ir['gang']}");
           echo "<br />You lost 1 respect for your gang!";
       }
       $db->free_result($warq);
   }
Edited by Hendrickson
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...