NPC hit prevention.

[Damond]

So the idea is to prevent users from being able to hit NPCs unless they are using the battle tent or they come across them in streets.

I have already created a second attack.php called npc_attack.php and removed the location restriction so that if you come across an NPC in streets that happens to be in another town you can still attack them.

The next step I took was to add a bit of code to attack.php to prevent users from attacking NPCs from the view user page.

 

else if ($r['user_level']==0)
{
print "<div class='box-style7'>
<div class='title12'>
	<h2>You can only attack NPCs from the battle grounds.</h2>
</div>
<a href='index.php'><button>Back</button></a>
</div>";
$h->endpage();
exit;
}

 

A draw back to this is that I now had to link my battle tent to the new npc_attack.php which means even at the battle tent you can attack any NPC, that you have not already attacked, from any location. The second part of this problem was pointed out to me by a friend. Set up like this a user need only change the URL to include npc_attack.php?ID=(add NPC ID here) and they can attack an NPC as many times as they like from any location.

So does anyone know a way that I could keep users from attacking NPCs from the view user page while making it impossible to change a URL and get hits in anyways and while forcing a user to travel to the right town to use the battle tent?

I feel like I am chasing myself in circles here.

Edited December 13, 2014 by Damond
edited for clarification.

[KyleMassacre]

I think there is a table in MCC called challenges beaten or whatever. So what you could do is query that for the NPC id and the userid; if any rows appear then they have completed that NPC challenge and you can kill the rest of the script from executing

[Damond]

I'm sorry but I don't see how that would help. If I queried the challenges beating table and tell it to die if the user has already beaten that bot would that not stop you from being able to attack the same NPC during streets?

[Zettieee]

if($ir['user_level'] == 4) {

echo "nope";

exit;

}

[Damond]

[MENTION=69001]Zettieee[/MENTION] How is that different from the code I am already using?

[Zettieee]

[MENTION=69001]Zettieee[/MENTION] How is that different from the code I am already using?

your 100% right!

I didn't bother reading it before posting :(

in battle tent or the other place set a session for npc atks.

then just check if the session is still valid?

Edited December 13, 2014 by Zettieee

[Damond]

I'm still new to this PHP and SQL thing so I wouldn't even know where to start with that one. Any chance of an example?

[KyleMassacre]

I'm a bit confused on what your asking for. Do you want them to be able to attack the same NPC over and over again or no?

[Veramys]

The idea is to be able to attack the bot only once from the battle tent page. Then you can not attack again from view user or any other page except for the streets page.

[KyleMassacre]

Well don't use the query to check for a successful attack on the streets page. To make it easy you can do a function to do the check where ever you want it to check for that type of thing.

Im still kind of confused here though because isn't the battle tent different from the streets? Just remove the link from viewuser for a NPC and add at the top of attack (after you do the query for the user being attacked) and do something like:

if($r["user_level"] == 0) {
   echo "Put something fancy right here";
   $h->endpage();
   return;
}

if your worried about them changing the url to have the NPC's id I wouldn't worry about it if you put your if ststement in the correct place

[Veramys]

Ok it is coded that you can run into and attack them from streets, we want it so that if you click from the streets page then it allows you to attack, but if you click attack from anywhere else besides the battle tent then it won't work

[KyleMassacre]

Ok just follow what I said and it should be ok

[Damond]

OK so I am going to try and be a little more clear about what I want to happen. I know it can be done because I have see the exact same set up in other games.

First we have the battle ground. Here you can challenge any of the bots exactly one time for a cash prize if you beat them. You MUST travel to the city that the bot is in to challenge them.

Next is streets. Here we want you to run into the bot closest too but not exceeding your level. This issue was solved in another thread to my great satisfaction. This way users can encounter the bots and use them for leveling experience while doing streets. The only issue that I have with it right now is that you MUST be in the right city to fight the bot of your level during your streets. I have tried to change this by adding a little extra to the location code.

 

else if ($youdata['location'] != $odata['location'] && $r['user_level'] != 0)
{
print "<div class='box-style7'>
<div class='title12'>
	<h2>You must be in the same location!</h2>
</div>
<a href='index.php'><button>Back</button></a>
</div>";

 

The problem here is that by adding the && $r['user_level'] != 0 it is allowing you to attack any user for any city.

The main goal of this thread was to make it so that my users CAN hit the bot if they come across it in streets, but CAN NOT alter the URL and attack them any ways.

I have tried the code KyleMassacre provided.

 

if($r["user_level"] == 0) {
   echo "Put something fancy right here";
   $h->endpage();
   return;
}

 

But no mater where I place it in the attack page while doing my streets I am prevented from attacking the bots. Granted it does stop the changing of the URL, but again it also stops you from being able to attack them during street encounters.

I did find a quick way to solve the attack link on the view user page by adding coding so that it will not print the link if it is an NPC.

 

if ($r['user_level']==0){
print "";
}
else {
print "
[<a href='attack.php?ID={$r['userid']}'>Attack</a>]<br /><br />";
}
print "
[<a href='contactlist.php?action=add&ID={$r['userid']}'>Add Contact</a>]";
}

[KyleMassacre]

In your code snippet try changing the $r['user_level'] to $odata['user_level']?

[Damond]

See this is why I come here.

[MENTION=68711]KyleMassacre[/MENTION]

That worked exactly how I wanted it too for location. I don't know why I didn't see that to make the change myself. Thank you.

Still need to solved the URL change issue though.

[KyleMassacre]

If they are changing the URL in attack.php you can probably start a new $_SESSION with the persons id they are attacking and when they win the attack be sure to end that $_SESSION. If the $_SESSION doesn't match the current id then you can do whatever like redirect them, log them out, etcetera

[Damond]

Ok so I finally figured this out. It was so simple I really can't believe I didn't see it sooner. I didn't use a session because I truly just can't understand how they work. It was the attack page that really set me in the right direction.

First step is to add a row to you user table in the data base. For our needs we are going to call it "streeting" (yeah I know thats not a word, but it work.) Make sure you set the default to 0.

Next we need a bit of code in your header.

 

if ($atkpage == 0 && $ir['streeting']==1){
$db->query("UPDATE users SET attacking=0, streeting=0 WHERE userid=$userid");
}

 

This is going to make sure that if you are not on the attack page everything is set to zero.

Next is my streets page. I added this bit of code in the same block as the code that would send you to fight the NPC. It sets streeting to one.

 

else if($step['reward_type'] == 'npc'){
                                               	$db->query("UPDATE users SET streeting=1 WHERE userid=$userid");
                                                   $q=$db->query("SELECT cb.*,u.* FROM challengebots cb LEFT JOIN users u ON cb.cb_npcid=u.userid LEFT JOIN cities cy ON u.location=cy.cityid WHERE u.level <= {$ir['level']} ORDER BY u.level desc LIMIT 1"); 
                                                   $s=$db->fetch_row($q);

                                                   print"While out walking the streets you run into {$s['username']}, they seem to be looking for a fight.<br />
                                                   <a href='attack.php?ID={$s['userid']}'>Fight them?</a><br/>";
                                               }

 

Just a couple of more bits of code in all the attack results files i.e. 'attackwon, attackloss, attackbeat, attacktake'. This makes sure that streeting is set back to zero after an attack. Its placed just in the top of the file.

 

$db->query("UPDATE users SET attacking=0, streeting=0 WHERE userid=$userid");

 

And the final piece of code is in the attack.php itself.

 

if ($ir['streeting'] == 0 && $r['user_level'] == 0)
{
die ("Cheaters don't get anywhere.");
}

 

You have to make sure and add the && $r['user_level'] == 0 or else you will not be able to attack any other player at all.

That does it. The part in the header makes sure that if you change the URL to another page while in an attack on an NPC that streeting is set back to zero anyways. So there is no back out and trying again. Although that would be pointless in the first place as attacking the NPC is the goal. Still I feel it is better to leave no holes.

Edited December 24, 2014 by Damond
Fat fingered the mouse while previewing...

[KyleMassacre]

Seems like a lot of work when you could've used a session which I think may have been easier. Sessions can be a great tool for things since they stay with the person until you basically decide to end the session. On your attack page at the start you could declare a new session like for example:

//Start the session for the person of the id being attacked
$id = abs((int)$_GET['id'];
if(!array_key_exists('user_attacking',$_SESSION)) {
   $_SESSION['user_attacking'] = $id;//or whatever the variable is for the user being attacked
}
else if(array_key_exists('user_attacking',$_SESSION) && $_SESSION['user_attacking'] != $id) {
   //they must have changed the url so do something with them here and end that session
   unset($_SESSION['user_attacking']);
}

You can also add the same in the attack reward files just incase they get sneaky and try to change it up their too by editing the source in inspect element of whatever their browser uses.

Then about the place where they claim the reward for winning and where they lose an attack you can unset their session:

//kill their session of who they are attacking
unset($_SESSION['user_attacking']);

Edited December 24, 2014 by KyleMassacre
Fixed syntax error

[Damond]

Your right it was a lot of work with some trial and error but I was happy all the same because it did accomplish what I wanted. As I said in the beginning of my last post I couldn't understand on my own how a session would work for this. Now seeing your post I will go back and try it that way just for the sake of learning something new.

[KyleMassacre]

You dont have to go back and edit your stuff but maybe implement something like that else where? Besides, my code is untested and written while I was on my phone haha so who knows the outcome of that lol