Yea.. i had an idea. wich was kinda useless to me when i was done because .. well dont need to tell..
maybe you guys have some use for this.
Code:<?php $username = $_SESSION['username']; $Charnamesel = $_GET[Charname]; $Silkamountsel = $_GET[Silkamount]; $Commentsel = $_GET[Comment]; $JID = $_SESSION['JID']; if(isset($_SESSION['IsReseller'])) { switch($_GET['do']) { case "givesilk"; if(!$sql->is_secure($_GET['Charname'])) { echo "Charname contains invalid letters<br>"; } if(!$sql->is_secure($_GET['Comment'])) { echo "Comment contains invalid letters<br>"; } if(!$sql->is_secure($_GET['Silkamount'])) { echo "Silks amount contains invalid letters<br>"; } if(!is_numeric($_GET['Silkamount'])) { echo "Silks amount must be numeric<br>"; } /*** an integer to check ***/ $int = $_GET['Silkamount']; /*** lower limit of the int ***/ $min = 1; /*** upper limit of the int ***/ $max = 20000; /*** validate the integer ***/ if(!filter_var($int, FILTER_VALIDATE_INT, array("options" => array("min_range"=>$min, "max_range"=>$max)))) { echo "Silk amount must be betwen 1 and 20000 your selected silk amount is $Silkamountsel"; } else { $query = $sql->Query("SELECT * FROM SRO_VT_SHARD.dbo._Char WHERE CharName16='$_GET[Charname]'"); if(!$sql->rowcount($query)) { echo "This account doesn't exist"; } else { $query1 = $sql->Query("SELECT * FROM SRO_VT_ACCOUNT.dbo.Sk_Silk WHERE JID = $JID AND silk_gift > $Silkamountsel"); if(!$sql->rowcount($query1)) { echo "You do not have enought silk"; } else { $insert = $sql->Query("exec SRO_VT_ACCOUNT.dbo._Silkadd $Charnamesel,$Silkamountsel,$Commentsel"); $update = $sql->Query("UPDATE SRO_VT_ACCOUNT.dbo.Sk_Silk SET silk_gift = silk_gift - $Silkamountsel WHERE JID = $JID"); $insert2 = $sql->Query("INSERT INTO SRO_VT_ACCOUNT.dbo.reseller VALUES ('$username','$Charnamesel','$Silkamountsel','$Commentsel',GETDATE())"); if($insert) if($update) if($insert2) { echo "Silks given sucessfully to user $_GET[Charname]"; } } } } break; default : echo ' <center><form action="" method="GET"> Charname : <input type="text" name="Charname"><br><br> Silk Amount : <input type="text" name="Silkamount"><br><br> Comment : <input type="text" name="Comment"><br><br> <input type="submit" name="submit" value="GO"> <input type="hidden" name="do" value="givesilk"> </form>'; break; } } else { echo "You're not authorized to view this page"; } ?>
edit ur sessions.
edit ur database names.
cant release the config.php/sql.php , its not my work . dont know if LastThief is okay with that, but its not hard to rewrite the querys...
just use mssql_query("");
instead of $sql->Query , easy huh?
i suck at php.
its probaly the worst code u've ever seen, but hey.. it works ;)
and its secure against abuse too.. cool eh?
Reply With Quote
