Ragnar Posted April 8, 2008 Share Posted April 8, 2008 Version 2, but shouldn't be hard to convert. Note: Do a back-up first!! If you're a mySQL n00bie and mess up on this, you're game can be royally screwed up!! If a player ends up with too much money or crystals, from say a mySQL injection, as soon as any one loads any page, he ends up with zero of it until an admin checks it out and edits his profile in the Admin Panel. Until then he will have zero money or crystals. Which ever the player goes over on he loses and can't get any more of to use, until checked out by admin, and if it's not a cheat, admin increases the cap in header.php, and deletes it from his account, using the edit user page, or moves it back to money/crystals *after* updating the cap. The best part about this is, it also keeps players from being able to attack the player for that money or crystals, making it much easier to manage when some one does for example a mySQL injection. mySQL... ALTER TABLE `users` ADD `moneyabuse` bigint(25) NOT NULL default 0; ALTER TABLE `users` ADD `crystalabuse` bigint(25) NOT NULL default 0; In attackwon.php attackwin.php (What ever name your file is if players can take crystals.) attacktake.php attacklost.php attackbeat.php and any other files that let players take money or crystals from players, right below include "globals.php"; add $db->query("UPDATE users SET laston=unix_timestamp(),lastip='$IP' WHERE userid=$userid"); $db->query("UPDATE users SET moneyabuse=money+moneyabuse WHERE money > 9000000000000000000"); $db->query("UPDATE users SET moneyabuse=money+moneyabuse WHERE moneyabuse > 9000000000000000000 AND money < 9000000000000000000"); $db->query("UPDATE users SET money=0 WHERE moneyabuse > 9000000000000000000"); $db->query("UPDATE users SET crystalabuse=crystals+crystalabuse WHERE crystals > 9234567891011121314"); $db->query("UPDATE users SET crystalabuse=crystals+crystalabuse WHERE crystalabuse > 9234567891011121314 AND crystals < 9234567891011121314"); $db->query("UPDATE users SET crystals=0 WHERE crystalabuse > 9234567891011121314"); Depending on the economy, replace the numbers to numbers that no one can get to with out cheating, but that's not too high to catch cheaters. For example, if the richest player has 100 billion in the bank, 1-10 trillion would probably be a good cap, or 500 billion if the economy grows slowly, until the economy get's close to having players get to 1-10 trillion, or 500 billion with out cheating. (By default the numbers are way too high, so n00bies don't destroy their game by not changing the numbers, and instead just make the mod useless!) For example, in the default code, if a player ends up with over $9000000000000000000 or 9234567891011121314 crystals, the players money or crystals, which ever goes over, gets moved to moneyabuse/crystalabuse (Making it unusable.) until you look in to it, increase the numbers in header.php if it's not cheating, *and* then move the money/crystals from moneyabuse/crystalabuse back to money/crystals using the edit user page, or fed them if it is cheating. No cron job required. Any time some one loads a page, it checks the users, making it so no one can get money or crystals before the cron would next run. (If you might have a server load/lag issue, you can put it in one of your cron files.) In staff_users.php Replace House: ".house2_dropdown($c, "maxwill", $itemi['maxwill'])." with House: ".house2_dropdown($c, "maxwill", $itemi['maxwill'])." Money Abuse: \$<input type='text' name='moneyabuse' value='{$itemi['moneyabuse']}' /> Crystal Abuse: <input type='text' name='crystalabuse' value='{$itemi['crystalabuse']}' /> Replace $_POST['forumban']=(int) $_POST['forumban']; with $_POST['forumban']=(int) $_POST['forumban']; $_POST['moneyabuse']=(float) $_POST['moneyabuse']; $_POST['crystalabuse']=(float) $_POST['crystalabuse']; Replace $db->query("UPDATE users SET username='{$_POST['username']}', level={$_POST['level']}, money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve, maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']}, jail={$_POST['jail']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', forumban={$_POST['forumban']}, fb_reason='{$_POST['fb_reason']}', hospreason='{$_POST['hospreason']}', jail_reason='{$_POST['jail_reason']}', login_name='{$_POST['login_name']}', will=$will, maxwill=$maxwill WHERE userid={$_POST['userid']}"); with $db->query("UPDATE users SET username='{$_POST['username']}', level={$_POST['level']}, money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve, maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']}, jail={$_POST['jail']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', forumban={$_POST['forumban']}, fb_reason='{$_POST['fb_reason']}', hospreason='{$_POST['hospreason']}', jail_reason='{$_POST['jail_reason']}', login_name='{$_POST['login_name']}', will=$will, maxwill=$maxwill, moneyabuse={$_POST['moneyabuse']}, crystalabuse={$_POST['crystalabuse']} WHERE userid={$_POST['userid']}"); In staff_logs.php add case 'moneysuspectlogs': view_moneysuspect_logs(); break; case 'crystalsuspectlogs': view_crystalsuspect_logs(); break; then at the end of the file, right before $h->endpage(); ?> add function view_moneysuspect_logs() { global $ir,$c,$h,$userid; print "<h3>Money Suspect Logs</h3> <table width=75% border=1> <tr> <th>Money</th><th>Player</th></tr>"; $q=mysql_query("SELECT * FROM users ORDER BY moneyabuse DESC",$c); while($r=mysql_fetch_array($q)) { print"<tr><td>\${$r['moneyabuse']}</td><td>{$r['username']}</td> </tr>"; } } function view_crystalsuspect_logs() { global $ir,$c,$h,$userid; print "<h3>Money Suspect Logs</h3> <table width=75% border=1> <tr> <th>Crystals</th><th>Player</th></tr>"; $q=mysql_query("SELECT * FROM users ORDER BY crystalabuse DESC",$c); while($r=mysql_fetch_array($q)) { print"<tr><td>{$r['crystalabuse']}</td><td>{$r['username']}</td> </tr>"; } } In smenu.php add the links at the logs section. > Money Suspect Logs > Crystal Suspect Logs "; If you get.... Parse error: syntax error, unexpected '&' in /public_html/smenu.php on line 58 Make sure only the last link has the "; at the end. Quote Link to comment Share on other sites More sharing options...
Halo Posted April 8, 2008 Share Posted April 8, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much Nice Work! Quote Link to comment Share on other sites More sharing options...
$$ ?????? $$ Posted April 8, 2008 Share Posted April 8, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much. great idea. Quote Link to comment Share on other sites More sharing options...
ShizzleNizzle Posted April 8, 2008 Share Posted April 8, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much. I Like The Idea Alot :-D Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 8, 2008 Share Posted April 8, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much I'm not even going to go into just how dangerous this is... Detecting problems this is fine, but it would be a far better idea to prevent them from happening to start with. $db->query("UPDATE users SET username='{$_POST['username']}', level={$_POST['level']}, money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve, maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']}, jail={$_POST['jail']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', forumban={$_POST['forumban']}, fb_reason='{$_POST['fb_reason']}', hospreason='{$_POST['hospreason']}', jail_reason='{$_POST['jail_reason']}', login_name='{$_POST['login_name']}', will=$will, maxwill=$maxwill, moneyabuse={$_POST['moneyabuse']}, crystalabuse={$_POST['crystalabuse']} WHERE userid={$_POST['userid']}"); YUCH - difficult to read, easy to make errors, prone to SQL injection to name but a few: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Still ugly, but IMHO *much* safer (bu using $db->escape( ) wrappers, and easier to maintain. (BTW poor alignment of quotation marks is the forum ... not me) Quote Link to comment Share on other sites More sharing options...
Ragnar Posted April 8, 2008 Author Share Posted April 8, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much prone to SQL injection to name but a few Don't blame me for that, that's how mccodes set it up. All I did was add the moneyabuse and crystalabuse to it. Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted April 18, 2008 Share Posted April 18, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much. Must say I do prefer Nyna's way - any day xD Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted May 19, 2008 Share Posted May 19, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much injections have many uses. not just money/crystal abuse... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. would be the one you would wanna protect from but basically you can stop all injections by making it so they can't add - into anything... or if they post/get - then it errors... Quote Link to comment Share on other sites More sharing options...
Ragnar Posted May 20, 2008 Author Share Posted May 20, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much Mods been updated. If you already got it installed, just take $db->query("UPDATE users SET laston=unix_timestamp(),lastip='$IP' WHERE userid=$userid"); $db->query("UPDATE users SET moneyabuse=money+moneyabuse WHERE money > 9000000000000000000"); $db->query("UPDATE users SET moneyabuse=money+moneyabuse WHERE moneyabuse > 9000000000000000000 AND money < 9000000000000000000"); $db->query("UPDATE users SET money=0 WHERE moneyabuse > 9000000000000000000"); $db->query("UPDATE users SET crystalabuse=crystals+crystalabuse WHERE crystals > 9234567891011121314"); $db->query("UPDATE users SET crystalabuse=crystals+crystalabuse WHERE crystalabuse > 9234567891011121314 AND crystals < 9234567891011121314"); $db->query("UPDATE users SET crystals=0 WHERE crystalabuse > 9234567891011121314"); out of header.php and in attackwon.php attackwin.php (What ever name your file is if players can take crystals.) attacktake.php attacklost.php attackbeat.php and any other files that let players take money or crystals from players, right below include "globals.php"; add the code. This is way more server friendly!!! It'll now only check every single player right BEFORE some one tries to take something from the player after battle, instead of every single time some one loads a page, most of them being where players arn't taking money or crystals, but are doing stuff like crime and training, where this isn't needed. Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted August 11, 2008 Share Posted August 11, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much. Something I just noticed, Nyna's code would break your page!! :O Unless you remove the quote mark (") from userid=%u" Quote Link to comment Share on other sites More sharing options...
Joel Posted August 11, 2008 Share Posted August 11, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much. Must say I do prefer Nyna's way - any day xD wouldn't we all lol Quote Link to comment Share on other sites More sharing options...
topmorpg Posted August 11, 2008 Share Posted August 11, 2008 Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much. $db->query("UPDATE users SET laston=unix_timestamp(),lastip='$IP' WHERE userid=$userid"); $db->query("UPDATE users SET moneyabuse=money+moneyabuse WHERE money > 9000000000000000000"); $db->query("UPDATE users SET moneyabuse=money+moneyabuse WHERE moneyabuse > 9000000000000000000 AND money < 9000000000000000000"); $db->query("UPDATE users SET money=0 WHERE moneyabuse > 9000000000000000000"); $db->query("UPDATE users SET crystalabuse=crystals+crystalabuse WHERE crystals > 9234567891011121314"); $db->query("UPDATE users SET crystalabuse=crystals+crystalabuse WHERE crystalabuse > 9234567891011121314 AND crystals < 9234567891011121314"); $db->query("UPDATE users SET crystals=0 WHERE crystalabuse > 9234567891011121314"); Why wouldnt you have a single query at the begining to check to see if money or crystals are larger then "x" if so page die and log to abuse table. if not then continue with script normally. Would cut the querys in more then half as well save time as well. Also place the checks for is int etc. is numeric etc.. secure your code further. Hate to see it compromised by hex code TJ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.