Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

only Experts on php code

Initiate Mage
Joined
Jul 15, 2011
Messages
78
Reaction score
0
this module is a web gunz that I have, this module is used to give away items from the webshop
This is an php code to give a event item or donate by web , is deactivated to send by character name
just send by setting the userid
the problem is that the user does not matter, always says "userid does not exist"
someone could review it and tell me what is wrong , sorry my bad english :*:

module:
PHP:
<?
}   }
if(!function_exists("showgiftitem")){
    function showgiftitem(){
       if($_SESSION['AID'] == ""){
            re_dir("index.php");
       }
       $item2 = clean($_GET['itemid']);
       $res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$item2'");
       $item = mssql_fetch_assoc($res);
       $res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
       $acc = mssql_fetch_assoc($res2);

if (isset($_POST['submit'])){
    $type = clean($_POST['type']);
    $id = clean($_POST['id']);
    $reason = clean($_POST['reason']);
    $custom = clean($_POST['cstom']);
    $itemid = clean($_POST['ItemID']);
    $item2 = clean($_GET['itemid']);
    //--
    if($reason == 1){
        $reason = $custom;
        $custom = str_replace("
        ","</br>",$custom);
    }
    //--
    if ($type == 1){
        $res = mssql_query_logged("SELECT * FROM Account WHERE UserID = '$id'");
        if(mssql_num_rows($res) == 0){
            alertbox("UserID $id doesnt exist","index.php?gunz=eshop&sub=listallitems&type=2");
			die();
}else{
            $data = mssql_fetch_assoc($res);
            $userID = $data['UserID'];
            $UserAID = $data['AID'];
            $res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$itemid'");
            $item = mssql_fetch_assoc($res);
            $res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
            $acc = mssql_fetch_assoc($res2);
            $aid = $_SESSION['AID'];
            $updatecoins = $acc['ECoins'] - $item['CashPrice'];
            $zitemid = $item['ItemID'];
            if($updatecoins < 0){
                die("No Bug here :)");
            }
            mssql_query_logged("INSERT INTO AccountItem ([ShopItemID], [AID], [ItemID], [RentDate], [Cnt])VALUES('$itemid', '$UserAID', '$zitemid', GETDATE(), 1)");
            mssql_query_logged("UPDATE Account SET ECoins = '$updatecoins' WHERE AID = '$aid'");
            alertbox("Item purchased and gifted correctly, your friend can get it in Central bank","index.php?gunz=eshop&sub=listallitems&type=2");
       die();
	    }
    }else{
        $res = mssql_query_logged("SELECT * FROM Character WHERE Name = '$id'");
        if(mssql_num_rows($res) == 0){
            alertbox("The character $id doesnt exist","index.php?gunz=eshop&sub=listallitems&type=2");
			die();
        }else{
            $res = mssql_query_logged("SELECT * FROM Character WHERE Name = '$id'");
            $data = mssql_fetch_assoc($res);
            $UserAID = $data['AID'];
       $res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$item2'");
       $item = mssql_fetch_assoc($res);
       $res2 = mssql_query_logged("SELECT Coins FROM Account WHERE AID = '".$_SESSION['AID']."'");
       $acc = mssql_fetch_assoc($res2);
            $res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$itemid'");
            $item = mssql_fetch_assoc($res);
            $res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
            $acc = mssql_fetch_assoc($res2);
            $aid = $_SESSION['AID'];
            $updatecoins = $acc['ECoins'] - $item['CashPrice'];
            $zitemid = $item['ItemID'];
            if($updatecoins < 0){
                die("No Bug here :)");
            }

            mssql_query_logged("INSERT INTO AccountItem ([ShopItemID], [AID], [ItemID], [RentDate], [Cnt])VALUES('$itemid', '$UserAID', '$zitemid', GETDATE(), 1)");
            mssql_query_logged("UPDATE Account SET ECoins = '$updatecoins' WHERE AID = '$aid'");
            alertbox("Item purchased and gifted correctly, your friend can get it in Central bank","index.php?gunz=eshop&sub=listallitems&type=2");
        die();
		}
		
    }

}
?>
<table width="570" border="0" align="center">
  <tr>
    <td align="center"><table width="450" border="0" class="login4">
      <tr>
        <td width="274" align="left" class="estilo5">name of item: </td>
        <td width="266" align="left" class="estilo5"><b>
          <?=$item['Name']?>
        </b></td>
      </tr>
      <tr>
        <td align="left" class="estilo5">Current Bill: </td>
        <td align="left" class="estilo5"><b>
          <?=$_SESSION['UserID']?>
        </b></td>
      </tr>
      <tr>
        <td align="left" class="estilo5"><select size="1" name="type" class="login">
          <option value="1" selected>[gift] UserID </option>
          <option value="2">[gift]Name Character </option>
        </select></td>
        <td align="left" class="estilo5"><input type="text" name="id" size="26" class="login"></td>
      </tr>
      <tr>
        <td align="left" class="estilo5">Price:</td>
        <td align="left" class="estilo5"><b>
          <?=$item['CashPrice']?>
        </b></td>
      </tr>
      <tr>
        <td align="left" class="estilo5">ECoins That has: </td>
        <td align="left" class="estilo5"><b>
          <?=$acc['ECoins']?>
        </b></td>
      </tr>
      <tr>
        <td align="left" class="estilo5">ECoins That will remain: </td>
        <td align="left" class="estilo5"><b>
          <?
                                                    $result = $acc['ECoins']-$item['CashPrice'];
                                                    if($result < 0){
                                                        $boton = "<b>Insufficient ECoins</b>";
                                                    }else{
                                                        $boton = "<input type='submit' value='Buy Item' name='submit' class='login'>";
                                                    }

                                                        echo $acc['ECoins']-$item['CashPrice'];?>
        </b></td>
      </tr>
      <tr>
        <td height="20" colspan="2" align="left" class="estilo5"></td>
        </tr>

      <tr>
        <td colspan="2" align="center" class="estilo5"><form method="POST" action="index.php?gunz=eshop&sub=giftitem">
            <?=$boton?>
            <input type="hidden" value="<?=$_GET['itemid']?>" name="ItemID2">
        </form></td>
      </tr>
    </table></td>
  </tr>
</table>

link download
 
Joined
Nov 20, 2007
Messages
31
Reaction score
9
PHP:
$id = clean($_POST['id']); 
... 
$res = mssql_query_logged("SELECT * FROM Account WHERE UserID = '$id'"); if(mssql_num_rows($res) == 0){ 
alertbox("UserID $id doesnt exist","index.php?gunz=eshop&sub=listallitems&type=2");
}

1) Check the content of the variable $id with var_dump.
PHP:
$id = clean($_POST['id']); 
var_dump($id);
Make sure that the variable $id holds the correct value.

2) Make sure that your mysql database has a row called 'UserID' and make sure that an entry exists with the correct id. You can also test it by running the query directly against the database
"SELECT * FROM Account WHERE UserID = 1" (replace $id with an id that you know exists) and see if it works.

3) I noticed that $id is inside quotes '$id' usually quotes means that it is treated as a string as far as I know. so if your UserID is a numeric value maybe you need to omit the quotes '';
PHP:
$res = mssql_query_logged("SELECT * FROM Account WHERE UserID = $id"); // no ''
 
Upvote 0
Initiate Mage
Joined
Jul 15, 2011
Messages
78
Reaction score
0
PHP:
$id = clean($_POST['id']); 
... 
$res = mssql_query_logged("SELECT * FROM Account WHERE UserID = '$id'"); if(mssql_num_rows($res) == 0){ 
alertbox("UserID $id doesnt exist","index.php?gunz=eshop&sub=listallitems&type=2");
}

1) Check the content of the variable $id with var_dump.
PHP:
$id = clean($_POST['id']); 
var_dump($id);
Make sure that the variable $id holds the correct value.

2) Make sure that your mysql database has a row called 'UserID' and make sure that an entry exists with the correct id. You can also test it by running the query directly against the database
"SELECT * FROM Account WHERE UserID = 1" (replace $id with an id that you know exists) and see if it works.

3) I noticed that $id is inside quotes '$id' usually quotes means that it is treated as a string as far as I know. so if your UserID is a numeric value maybe you need to omit the quotes '';
PHP:
$res = mssql_query_logged("SELECT * FROM Account WHERE UserID = $id"); // no ''

about the first:
i add "var_dump($id); "
I put it like that: ( the problem persists )
t0niex - only Experts on php code - RaGEZONE Forums




about the secondt:
if I execute a query on the sql server with normity using:
SELECT * FROM Account WHERE UserID = 'id'
if it works, it shows me the result below and gives me the data
note:I must execute it with parentheses or it does not work

image:
t0niex - only Experts on php code - RaGEZONE Forums




about the third:
as I said you need the parentheses to work so that would not be the problem

-----------------------------------------------------------------------------------------------------------------------------

when I put the userid to which I want to send the gift
I get this error, does not send the item and does not discount the coins
t0niex - only Experts on php code - RaGEZONE Forums


the strange thing is that it should appear:
"UserID (name here) doesnt exist"

because the PHP code is:
PHP:
alertbox("UserID $id doesnt exist","index.php?gunz=eshop&sub=listallitems&type=2");
 
Upvote 0
Joined
Nov 20, 2007
Messages
31
Reaction score
9
Can you show what the payload looks like?

2MjvH - only Experts on php code - RaGEZONE Forums


to verify that the property 'id' is send to the script?



var_dump() is not used to 'fix' the problem, it will display the content of the variable in your response.( )

So after you insert it into your script you check the the server response for the value of id to verify that it holds a value.
It should look like
PHP:
string(4) "Name"





2&3 it looks like the database is correctly setup and indeed returns the correct row. Since the UserId is a String (not a number) you are also correct and the '' are required.

So t
he problem is very likely that your script does not receive, read or the content is malformed causing it not to find the row.

At this line:$id = clean($_POST['id']);
I suspect $id is empty (string(0) "")
 

Attachments

You must be registered for see attachments list
Last edited:
Upvote 0
Initiate Mage
Joined
Jul 15, 2011
Messages
78
Reaction score
0
At this line:$id = clean($_POST['id']);
I suspect $id is empty (string(0) "")

It is true, when I add the PHP code :
"var_dump($id); "
and after I write the userid to which I want to send the gift and press send
this pops up

string(0) ""
 
Last edited:
Upvote 0
Joined
Nov 20, 2007
Messages
31
Reaction score
9
That means your request to the PHP Script does not send the UserId.

As mentioned above you can debug this with the Chrome Inspector or Firefox. You need to check the content of that POST request, it is most likely missing the id.

In that case you need to modify the code of the HTML Form / Button that send the request to include UserId.



Your form should include these things
PHP:
<form action="mod_gift.php?itemid=1" method="post">
Type: <input type="text" name="type"><br>
UserId: <input type="text" name="id"><br>
Reason: <input type="text" name="reason"><br>
Custom: <input type="text" name="cstom"><br>
ItemId: <input type="text" name="ItemID"><br>
<input type="submit">
</form>

If the script receive the value via POST:
$itemid = clean($_POST['ItemID']);
it needs to be inside the form!
(ItemId: <input type="text" name="ItemID"><br>)


if the script receives the value via GET
$item2 = clean($_GET['itemid']);
it needs to be in the URL
(mod_gift.php?itemid=1)

make yourself familiar with the PHP methods used:( )
( )

And learn about creating forms:
 
Last edited:
Upvote 0
Initiate Mage
Joined
Jul 15, 2011
Messages
78
Reaction score
0
make yourself familiar with the PHP methods used:( )
( )

And learn about creating forms:

I read everything,but I could not get anything
i change the code for one that works it's the buyitem and change your name function by "giftitem"
it seems to work fine, but send the item to the same user
I thought that to send another user it would be enough to put the AID of the user in a form
but in the same way it keeps giving me error

t0niex - only Experts on php code - RaGEZONE Forums


this is the function ( what is in red is what I added for the form )

<?
} }
if(!function_exists("showGiftItem")){
function showgiftitem(){
if($_SESSION['AID'] == ""){
re_dir("index.php");
}
$item2 = clean($_GET['itemid']);
$res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$item2'");
$item = mssql_fetch_assoc($res);
$res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
$acc = mssql_fetch_assoc($res2);
if(isset($_POST['submit'])){

$itemid = clean($_POST['ItemID']);
$res = mssql_query_logged("SELECT * FROM EVCashShop WHERE CSID = '$itemid'");
$item = mssql_fetch_assoc($res);
$res2 = mssql_query_logged("SELECT ECoins FROM Account WHERE AID = '".$_SESSION['AID']."'");
$acc = mssql_fetch_assoc($res2);
$aid = $_SESSION['AID'];
$updateecoins = $acc['ECoins'] - $item['CashPrice'];
$zitemid = $item['ItemID'];

$aid2 = ($_POST['aid2']);
if($aid2 == ""){
alertbox("AID not Valid.","index.php?gunz=eshop&sub=listallitems&type=2");
die();
}


if($updateecoins < 0){
die("No Bug here :) ");
}
mssql_query("INSERT INTO AccountItem ([ShopItemID], [ItemID], [AID], [RentDate], [Cnt])VALUES('$itemid', '$zitemid', '$aid2', GETDATE(), 1)");
mssql_query_logged("UPDATE Account SET ECoins = '$updateecoins' WHERE AID = '$aid'");
alertbox("Item purchased correctly, you can get it in Central bank","index.php?gunz=eshop&sub=listallitems&type=2");
die();
}
?>

the box to put the number of aid is this:

<tr>
<td align="left" class="estilo5">AID</td>
<td align="left" class="estilo5"><input name="aid2" type="text" id="aid2" class="Login" size="6" maxlength="6"></td>
</tr>

image:
t0niex - only Experts on php code - RaGEZONE Forums


I was wondering if you can provide me with the form or see if it's okay because I always get the error of the 1st image even if I put or not any number
 
Last edited:
Upvote 0
Joined
Nov 20, 2007
Messages
31
Reaction score
9
Its the same issue, you are not sending the value to the php script at all.
I think your <input>-element needs to be inside a <from>-element with the submit button, or if it uses javascript to post the values you need to include it into the java script.

Can you show the code of the submit button? And can you show the code of the <form>-element, and if you can not find a <form> element can you show the javascript code ?
 
Upvote 0
Initiate Mage
Joined
Jul 15, 2011
Messages
78
Reaction score
0
Its the same issue, you are not sending the value to the php script at all.
I think your <input>-element needs to be inside a <from>-element with the submit button, or if it uses javascript to post the values you need to include it into the java script.

Can you show the code of the submit button? And can you show the code of the <form>-element, and if you can not find a <form> element can you show the javascript code ?

this is the only javascript I found in that PHP

<script language="JavaScript" type="text/JavaScript">
<!--
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a)&&x.oSrc;i++) x.src=x.oSrc;
}

function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a.indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a;}}
}

function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers.document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>


here is the submit and the form that I found

$result = $acc['ECoins']-$item['CashPrice'];
if($result < 0){
$boton = "<b>Insufficient ECoins</b>";
}else{
$boton = "<input type='submit' value='Gift Item' name='submit' class='login'>";
}

echo $acc['ECoins']-$item['CashPrice'];?>
</b></td>
</tr>
<tr>
<td height="20" colspan="2" align="left" class="estilo5"></td>
</tr>
<tr>
<td colspan="2" align="center" class="estilo5"><form method="POST" action="index.php?gunz=eshop&sub=giftitem">
<?=$boton?>
<input type="hidden" value="<?=$_GET['itemid']?>" name="ItemID">
</form></td>

here as in the previous one I show the shipping box that is in an imput

<tr>
<td align="left" class="estilo5">AID</td>
<td align="left" class="estilo5"><input name="aid2" type="text" id="aid2" class="Login" size="6" maxlength="6"></td>
</tr>
 
Last edited:
Upvote 0
Back
Top