Jump to content
MakeWebGames

Recommended Posts

Posted

There is an urgent problem with my sendcash.php file for Lite. I have been running the game for about 5 months now, and never had any trouble like this before, but now people are able to send as much cash as they want (well it appears it). I though it could be the old 1.3483E999999999 Trick, but its not. Here is my sendcash.php file. Please can you check over it, and see what needs to be added/taken away. Obviously i shall be adding a function that only people 5+ days can send money.

 

<?php
/*
MCCodes Lite
sendcash.php Rev 1.0.0
Copyright (C) 2006 Dabomstew

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/
session_start();
require "global_func.php";
if($_SESSION['loggedin']==0) { header("Location: login.php");exit; }
$userid=$_SESSION['userid'];
require "header.php";
$h = new headers;
$h->startheaders();
include "mysql.php";
global $c;
$is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error());
$ir=mysql_fetch_array($is);
check_level();
$fm=money_formatter($ir['money']);
$cm=money_formatter($ir['crystals'],'');
$lv=date('F j, Y, g:i a',$ir['laston']);
$h->userdata($ir,$lv,$fm,$cm);
$h->menuarea();
$_GET['ID'] = abs((int) $_GET['ID']);
$_POST['money'] = make_bigint($_POST['money']);
if($ir['jail'] or $ir['hospital']) 
{
die("This page cannot be accessed while in jail or hospital."); 
}

if(!((int)$_GET['ID']))
{
print "Invalid User ID";
}
else if($_GET['ID'] == $userid)
{
print "Haha, what does sending money to yourself do anyway?";
}
else
{
if((int) $_POST['money'])
{
if($_POST['money'] > $ir['money'])
{
print "Die j00 abuser.";
}
else
{
mysql_query("UPDATE users SET money=money-{$_POST['money']} WHERE userid=$userid",$c);
mysql_query("UPDATE users SET money=money+{$_POST['money']} WHERE userid={$_GET['ID']}",$c);
print "You sent \${$_POST['money']} to ID {$_GET['ID']}.";
event_add($_GET['ID'],"You received \${$_POST['money']} from {$ir['username']}.",$c);
$it=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid={$_GET['ID']}",$c) or die(mysql_error());
$er=mysql_fetch_array($it);
mysql_query("INSERT INTO cashxferlogs VALUES ('', $userid, {$_GET['ID']}, {$_POST['money']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}','')",$c);
}
}
else
{
print " Sending Money
You are sending money to ID: [b]{$_GET['ID']}[/b].

Amnt: 

";
print "Latest 5 Transfers
</pre>
<table width="75%" border="2">Time User From User To Amount </table>
<span style="color:#FF0000;font-weight:800;">MULTI</span>"; } else { $m=""; }<br>print "" . date("F j, Y, g:i:s a",$r['cxTIME']) . "{$r['sender']} [{$r['cxFROM']}] {$r['sent']} [{$r['cxTO']}]   \${$r['cxAMOUNT']} ";<br>}<br>print "";<br>}<br>}<br>$h->endpage();<br

 

URGENT HELP REQUIRED

Posted

Re: Send Money -- Mc Lite

Try this:

 

<?php
/*
MCCodes Lite
sendcash.php Rev 1.0.0
Copyright (C) 2006 Dabomstew

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/
session_start();
require "global_func.php";
if($_SESSION['loggedin']==0) { header("Location: login.php");exit; }
$userid=$_SESSION['userid'];
require "header.php";
$h = new headers;
$h->startheaders();
include "mysql.php";
global $c;
$is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error());
$ir=mysql_fetch_array($is);
check_level();
$fm=money_formatter($ir['money']);
$cm=money_formatter($ir['crystals'],'');
$lv=date('F j, Y, g:i a',$ir['laston']);
$h->userdata($ir,$lv,$fm,$cm);
$h->menuarea();
$_GET['ID'] = abs((int) $_GET['ID']);
$_POST['money'] = make_bigint($_POST['money']);

//The limit one the amount of money they can send.
$max['send'] = 1000000; // 1 million
if($ir['jail'] || $ir['hospital']) 
{
die("This page cannot be accessed while in jail or hospital."); 
}
//user not older than 5 days cannot send money
if ($ir['daysold'] < 5){
echo "You must be 5 days or older to send money!";
exit;
$h->endpage(); }
if(!((int)$_GET['ID']))
{
print "Invalid User ID";
}
else if(isset($_GET['ID']) == $userid)
{
print "Haha, what does sending money to yourself do anyway?";
}
else
{
if((int) $_POST['money'])
{
$money = mysql_real_escape_string($_POST['money']);
if (isset($money) > $max['money']){
echo "You are not allowed to send more than 1000000.";
exit;
$h->endpage(); }
if(isset($money) > $ir['money'])
{
print "Die j00 abuser.";
}
else
{
mysql_query("UPDATE users SET money=money-'$money' WHERE userid=$userid",$c);
mysql_query("UPDATE users SET money=money+'$money' WHERE userid={$_GET['ID']}",$c);
print "You sent \${$_POST['money']} to ID {$_GET['ID']}.";
event_add($_GET['ID'],"You received \$$money from {$ir['username']}.",$c);
$it=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid={$_GET['ID']}",$c) or die(mysql_error());
$er=mysql_fetch_array($it);
mysql_query("INSERT INTO cashxferlogs VALUES ('', $userid, {$_GET['ID']}, $money, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}','')",$c);
}
}
else
{
print "<h3> Sending Money</h3>
You are sending money to ID: [b]{$_GET['ID']}[/b].
<form action='sendcash.php?ID={$_GET['ID']}' method='post'>
Amnt: <input type='text' name='money' />

<input type='submit' value='Send' /></form>";
print "<h3>Latest 5 Transfers</h3>
<table width=75% border=2> <tr style='background:gray'>  <th>Time</th> <th>User From</th> <th>User To</th> <th>Amount</th> </tr>";
$q=mysql_query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5",$c) or die(mysql_error()."
"."SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5");
while($r=mysql_fetch_array($q))
{
if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; }
print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sender']} [{$r['cxFROM']}] </td><td>{$r['sent']} [{$r['cxTO']}] </td> <td> \${$r['cxAMOUNT']}</td> </tr>";
}
print "</table>";
}
}
$h->endpage();
?>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...