-2

我一直在为我的在线游戏服务器编写一个脚本,从数据库中获取用户名并检查其级别。

问题是代码不检查级别,因此任何级别的任何人都可以投票并滥用我的投票系统。

注意:该投票系统基于时间/日期,因此您只能每 12 小时投票一次。

表格代码:

<html>
<body>
<center>
Please Enter Your Character Name Below, <br /><br />
After You Vote Please Relogin And Your Cps Will be Added<br /><br />
<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
  Character Name: <br /><br /> <input type="text" name='CharName'><br>
<br />
  <input type="submit" name="button" value="Vote">
</form>
</center>
</body>
</html>

投票代码:

<html><center>
<?php
$user = 'test'; //dbuser
$pass = 'test'; //dbpass
$host = 'localhost';    //dbhost
$name = 'zf'; //dbname

$con = mysql_connect($host, $user, $pass);
mysql_select_db($name, $con);

$datetime = date('Y-m-d');
$ip = $_SERVER['REMOTE_ADDR'];

if (isset($_POST['button']))
{
    $result1 = mysql_query("SELECT `level` FROM `cq_user` WHERE `name` = '$char_name'") or die(mysql_error());
    while($row = mysql_fetch_array($result1))
    {
    }

    error_reporting(E_ALL);
    ini_set('display_errors', '1');

    $char_name = $_POST['CharName'];

    $result = mysql_query("SELECT name FROM cq_user WHERE name = '" . $char_name . "' AND UNIX_TIMESTAMP(lastvoted) <= UNIX_TIMESTAMP('" . date('Y-m-d H:i:s', strtotime('-12 Hours')) . "')") or die(mysql_error());
    $result1 = mysql_query("SELECT `level` FROM `cq_user` WHERE `name` = '" . $char_name. "'") or die(mysql_error());
    while($row = mysql_fetch_array($result1))
    {
    }

    if (mysql_num_rows($result) == 0 && $row <= 119)
        echo "This character does not exist, or you have entered the wrong name. Or you could be trying to cheat and have already voted. Or you are not level 120+.";
    else
    {
        mysql_query("UPDATE `cq_user` SET `emoney` = `emoney` + 100000, `lastvoted`='" . date('Y-m-d H:i:s') . "' WHERE `name` = '" . $char_name . "'") or die(mysql_error());
        mysql_query("UPDATE `cq_user` SET `ip` = '$ip' WHERE `name` = '$char_name'");
?>
        <meta http-equiv="REFRESH" content="0;url=http://www.xtremetop100.com/in.php?site=1132303596"></HEAD>
<?php
    }
}
?>
</html></center>

那是我的检查器

if (mysql_num_rows($result) == 0 && $row <= 119)

这就是我的级别检查器应该工作的部分 <= 119!

4

2 回答 2

1

把它改成这个,它是一个关联数组。 

  if (mysql_num_rows($result) == 0 || $row['level'] <= 119)

此外,如果您 $result1 查询返回 1 行,则此处不需要 while 循环。

while($row = mysql_fetch_array($result1))
    {
    }

改成这个

list($row) = mysql_fetch_array($result1);

已编辑

<?php
$user = 'test'; //dbuser
$pass = 'test'; //dbpass
$host = 'localhost';    //dbhost
$name = 'zf'; //dbname

$con = mysql_connect($host, $user, $pass);
mysql_select_db($name, $con);

$datetime = date('Y-m-d');
$ip = $_SERVER['REMOTE_ADDR'];

if (isset($_POST['button']))
{
    $char_name = $_POST['CharName'];
    $result = mysql_query("SELECT `name`, `level` FROM `cq_user` WHERE `name` = '".$char_name."' AND UNIX_TIMESTAMP(lastvoted) <= UNIX_TIMESTAMP('" . date('Y-m-d H:i:s', strtotime('-12 Hours')) . "')") or die(mysql_error());

    list($name, $level) = mysql_fetch_array($result1);

    error_reporting(E_ALL);
    ini_set('display_errors', '1');

if (mysql_num_rows($result) == 0 || $level <= 119)
        echo "This character does not exist, or you have entered the wrong name. Or you could be trying to cheat and have already voted. Or you are not level 120+.";
    else
    {
        mysql_query("UPDATE `cq_user` SET `emoney` = `emoney` + 100000, `lastvoted`='" . date('Y-m-d H:i:s') . "', `ip` = '".$ip."' WHERE `name` = '" . $char_name . "'") or die(mysql_error());
?>
        <meta http-equiv="REFRESH" content="0;url=http://www.xtremetop100.com/in.php?site=1132303596"></HEAD>
<?php
    }
}
?>

你的html

<form name="FORMNAME" action="submit.php" method="post">
    <input type="text" name="CharName"  />
    <input type="submit" name="button" value="Submit" />
</form>
于 2013-07-21T03:57:17.177 回答
0

There are a few things to check out here. I'm assuming character names are unique. If so, I'm guessing you're expecting mysql_fetch_array() to return one result for

mysql_query("SELECT `level` FROM `cq_user` WHERE `name` = '" . $char_name. "'")

You have $row = mysql_fetch_array($result1), and as the function name implies, mysql_fetch_array() returns an array, so $row is an array of the column values requested. Each time it's called, it iterates further over the results. If you're just expecting one row to be returned, you can call it just once (no need for the while loop). Since you're just selecting one column (level), the level should be $row[0].

Also, the conditions in your if statement are mutually exclusive:

if (mysql_num_rows($result) == 0 && $row <= 119)

I'm guessing you meant to use or (||) here, because you want to check if either there are 0 results or the level is less than 119.

Therefore, it should likely be:

if (mysql_num_rows($result) == 0 || $row[0] <= 119)

Also, the mysql_ functions are now deprecated. It is suggested you use mysqli_ function or the PDO_MySQL extension. Your code might also be vulnerable to SQL injections as you're not escaping user input before concatenating it with your query string. Consider using prepared/parameterized queries.

于 2013-07-21T03:32:28.197 回答