Jake Posted May 17, 2007 Posted May 17, 2007 There is an urgent problem with my sendcash.php file for Lite. I have been running the game for about 5 months now, and never had any trouble like this before, but now people are able to send as much cash as they want (well it appears it). I though it could be the old 1.3483E999999999 Trick, but its not. Here is my sendcash.php file. Please can you check over it, and see what needs to be added/taken away. Obviously i shall be adding a function that only people 5+ days can send money. <?php /* MCCodes Lite sendcash.php Rev 1.0.0 Copyright (C) 2006 Dabomstew This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); $_GET['ID'] = abs((int) $_GET['ID']); $_POST['money'] = make_bigint($_POST['money']); if($ir['jail'] or $ir['hospital']) { die("This page cannot be accessed while in jail or hospital."); } if(!((int)$_GET['ID'])) { print "Invalid User ID"; } else if($_GET['ID'] == $userid) { print "Haha, what does sending money to yourself do anyway?"; } else { if((int) $_POST['money']) { if($_POST['money'] > $ir['money']) { print "Die j00 abuser."; } else { mysql_query("UPDATE users SET money=money-{$_POST['money']} WHERE userid=$userid",$c); mysql_query("UPDATE users SET money=money+{$_POST['money']} WHERE userid={$_GET['ID']}",$c); print "You sent \${$_POST['money']} to ID {$_GET['ID']}."; event_add($_GET['ID'],"You received \${$_POST['money']} from {$ir['username']}.",$c); $it=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid={$_GET['ID']}",$c) or die(mysql_error()); $er=mysql_fetch_array($it); mysql_query("INSERT INTO cashxferlogs VALUES ('', $userid, {$_GET['ID']}, {$_POST['money']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}','')",$c); } } else { print " Sending Money You are sending money to ID: [b]{$_GET['ID']}[/b]. Amnt: "; print "Latest 5 Transfers </pre> <table width="75%" border="2">Time User From User To Amount </table> <span style="color:#FF0000;font-weight:800;">MULTI</span>"; } else { $m=""; }<br>print "" . date("F j, Y, g:i:s a",$r['cxTIME']) . "{$r['sender']} [{$r['cxFROM']}] {$r['sent']} [{$r['cxTO']}] \${$r['cxAMOUNT']} ";<br>}<br>print "";<br>}<br>}<br>$h->endpage();<br URGENT HELP REQUIRED Quote
hamster01 Posted May 17, 2007 Posted May 17, 2007 Re: Send Money -- Mc Lite Try this: <?php /* MCCodes Lite sendcash.php Rev 1.0.0 Copyright (C) 2006 Dabomstew This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); $_GET['ID'] = abs((int) $_GET['ID']); $_POST['money'] = make_bigint($_POST['money']); //The limit one the amount of money they can send. $max['send'] = 1000000; // 1 million if($ir['jail'] || $ir['hospital']) { die("This page cannot be accessed while in jail or hospital."); } //user not older than 5 days cannot send money if ($ir['daysold'] < 5){ echo "You must be 5 days or older to send money!"; exit; $h->endpage(); } if(!((int)$_GET['ID'])) { print "Invalid User ID"; } else if(isset($_GET['ID']) == $userid) { print "Haha, what does sending money to yourself do anyway?"; } else { if((int) $_POST['money']) { $money = mysql_real_escape_string($_POST['money']); if (isset($money) > $max['money']){ echo "You are not allowed to send more than 1000000."; exit; $h->endpage(); } if(isset($money) > $ir['money']) { print "Die j00 abuser."; } else { mysql_query("UPDATE users SET money=money-'$money' WHERE userid=$userid",$c); mysql_query("UPDATE users SET money=money+'$money' WHERE userid={$_GET['ID']}",$c); print "You sent \${$_POST['money']} to ID {$_GET['ID']}."; event_add($_GET['ID'],"You received \$$money from {$ir['username']}.",$c); $it=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid={$_GET['ID']}",$c) or die(mysql_error()); $er=mysql_fetch_array($it); mysql_query("INSERT INTO cashxferlogs VALUES ('', $userid, {$_GET['ID']}, $money, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}','')",$c); } } else { print "<h3> Sending Money</h3> You are sending money to ID: [b]{$_GET['ID']}[/b]. <form action='sendcash.php?ID={$_GET['ID']}' method='post'> Amnt: <input type='text' name='money' /> <input type='submit' value='Send' /></form>"; print "<h3>Latest 5 Transfers</h3> <table width=75% border=2> <tr style='background:gray'> <th>Time</th> <th>User From</th> <th>User To</th> <th>Amount</th> </tr>"; $q=mysql_query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5",$c) or die(mysql_error()." "."SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5"); while($r=mysql_fetch_array($q)) { if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; } print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sender']} [{$r['cxFROM']}] </td><td>{$r['sent']} [{$r['cxTO']}] </td> <td> \${$r['cxAMOUNT']}</td> </tr>"; } print "</table>"; } } $h->endpage(); ?> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.