Originally Posted by
GiantAxe
But I can speak for most people here when I make this comment,
1. format your project, stop putting everything in single php files
- move css to actual css files
- move your javascript to actual js files
- format your php code to actual classes so its easier to maintain and looks cleaner aswell to work with.
2. spend some time on data validation, concurrent request handling and all that so that a user can only get a item once even if he uses 10 webbrowsers at the same time to get an item.
i prefer iframe over ajax, not every site use ajax and i don't know any private server where on website have that huge traffic, maybe in game but not on web, still can't understand how can anybody abuse it with fast clicking since money is taken.
i used ajax and not like really, mainly here don't need async at all for buying because what point in that if user anyway buy 1 item per time?
html - Why AJAX over iFrames? - Stack Overflow
ajax doesnt mean iframe is dead, they have difference and advantage, main advantage of ajax isn't used here (unlike in search engines where ajax clearly alot better than iframe)
i am glad if you want help but i dont change to ajax only because its trendy now, because iframe is also ok with security checks/fix (correct me if i am wrong, i allways accept if someone can prove have a alot better way).
1. formating and separate css/javascript i will do, first i didnt did, simple reason because less file and item builder mainly designed for admin tool/testing stuffs.
2. if you readed what i wrote i hope you understanded you could make 10000 browser but every time you pay for item can't avoid (atleast how i see can't if serverside have money check before paying) but anyway the reload page without query string is good idea because donesn't make any bad :)
validation is there, user validation, item data validation etc (if have special syntax then can't be same string than in file), but maybe needed a replace for '/"$ characters aswell?
this is how its work when iframe called:
PHP Code:
//valid use check before
if ($AllowN !== true){die;}
if (isset($_GET['BuyFromShop'])){
if ((isset($_GET['Amount']))&&(isset($_GET['buyWith']))&&(isset($_GET['transWith']))&&(isset($_GET['IData']))&&(isset($_GET['roleid']))){
$idata = trim($_GET['IData']);
$idata = str_replace('|', '#', trim($_GET['IData']));
$idata = str_replace('@', '+', $idata);
//check server if running
if (strpos($idata, "#") !== false){
$iArr = explode("#", $idata);
if (count($iArr) == 19){
$handle = fopen($ShopItemD, 'r');
$valid = false; // item data is in file?
while (($line = fgets($handle)) !== false) {
if (strpos($line, $idata) !== false) {
$valid = TRUE;
break;
}
}
fclose($handle);
if ($valid !== false){
$buyWith = intval($_GET['buyWith']); //1 is coin, 2 is web point
$transWith = intval($_GET['transWith']); //1 is mail, 2 is not added yet
$Amount = intval($_GET['Amount']); //how much from item
$roleId = intval($_GET['roleid']); //target role
if (($buyWith > 0) && ($transWith > 0) && ($Amount > 0) && ($roleId > 0) && ($iArr[11] >= $Amount)){
$sockres = [MENTION=493081]fsockopen[/MENTION]($DB_Host, $ServerPort, $errno, $errstr, 10);
if (!$sockres){
echo"<script>parent.alert('Server is offline');</script>";
}else{
@FClose($sockres);
//server online
$conn = new mysqli($DB_Host, $DB_User, $DB_Password, $DB_Name);
if (($conn->connect_error)||(mysqli_connect_error())) {
echo"<script>parent.alert('Cannot connect to mysql database');</script>";
}else{
include("./packet_class.php");
if ($buyWith == 2){
//check user point & gold
$query = "SELECT VotePoint FROM users WHERE ID=?";
$statement = $conn->prepare($query);
$statement->bind_param('i', $userid);
$statement->execute();
$statement->bind_result($LWebPoint);
$statement->store_result();
$result = $statement->num_rows;
if (!$result) {
exit;
}else{
while($statement->fetch()) {
$WPoint=$LWebPoint;
}
$price = $iArr[1]*$Amount;
if ($WPoint >= $price){
$NPoint = $WPoint - $price;
if ($transWith == 1){
echo"<script>parent.MReady = false;
</script>";
$expir = $iArr[14];
if ($expir>0){$expir=$expir+time();}
if (SysSendMail($roleId, ("[SHOP]: ".$iArr[2]), ("Thank you for bought this item from web!"), $iArr[7], $Amount, $iArr[11], $iArr[15], $iArr[9], $expir, $iArr[12], $iArr[13], $iArr[8], 0) == 0){
$query = "UPDATE users SET VotePoint = $NPoint WHERE ID=?";
$stmt = $conn->prepare($query);
$stmt->bind_param('i', $userid);
$stmt->execute();
$stmt->close();
echo"
<script>
parent.UPoint = parseInt('".$NPoint."', 10);
parent.document.getElementById('User_Point').innerHTML = parent.UPoint;
parent.document.getElementById('BuyWindow').style.display='none';
parent.alert('Mail sent with your item!');
parent.MReady = true;
parent.LockItem=false; parent.SelectIcon(0);
</script>";
}else{
echo"<script>
parent.alert('Error, cannot send mail!');
parent.document.getElementById('BuyWindow').style.display='none';
parent.SelectIcon(0);
parent.MReady = true;
</script>";
}
}
}else{
echo"<script>parent.alert('Insufficient point (".($price-$WPoint)." missing)!');</script>";
}
}
}
}
$conn->close();
}
}
}else{
echo"<script>parent.alert('Item not found!');</script>";
}
}
}
}
}
Reply With Quote