Probleme Faille .. - PHP/MYSQL - Forum

Pages: 1
Auteur	Message
blingcru	25/01/2011 à 01:37:56
Membre	Bonjour, voila je post parce que je n'arrive pas a regler le probleme present .. nous pouvons repartir les xp a volonter sans fin si tu ajoute un 0 devant le nombre souhaiter .. Pouvez-vous m'aider ?? 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 <?php include("lib.php"); define("PAGENAME", "Acheter"); $player = check_user($secret_key, $db); $img = "<img src=images/bar_logo.PNG border=0 align=absmiddle><br /><br />"; include("templates/private_header.php"); ?> <div class="contenu"> <div class="contenu_bloc"> <h1>Acheter une boisson</h1> <? if (isset($_POST['byu'])) { if (!$_POST['byu']) { //If username isn't filled in... $msg = "Mmh oui et quoi encore ?<br />\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu1'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu2'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu3'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu4'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!$_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4'] > $player->stat_points \|\| $_POST['byu4'] < 0 \|\| $_POST['byu3'] < 0 \|\| $_POST['byu2'] < 0 \|\| $_POST['byu1'] < 0) { //If username isn't filled in... $msg = "Mmh oui et quoi encore sale tricheur ?<br />\n"; //Add to error message echo $msg; die(); } $cost = ($_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4']); $query = $db->execute("update `players` set `strength`=?, `force`=?, `vitality`=?, `def`=?, `stat_points`=? where `id`=?", array($player->strength + $_POST['byu1'], $player->force + $_POST['byu2'], $player->vitality + $_POST['byu3'], $player->def + $_POST['byu4'], $player->stat_points - $cost, $player->id)); echo "<font color=white>Xp r&eacutepartie!</font><br /><br />"; } ?> <i>Tu as <b><?=$player->stat_points?></b> points de comp&eacutetence &agrave d&eacutepenser.</i><br /> <form method="post" action="xp21.php"> <input readonly="readonly" type="text" name="byu" value="<?=$player->username?>" /><br /> Force:<input type="text" name="byu1" class="input_int" value="<?=$_POST['byu1'];?>" /><br /> Agileter:<input type="text" name="byu2" class="input_int" value="<?=$_POST['byu2'];?>" /><br /> Esquive:<input type="text" name="byu3" class="input_int" value="<?=$_POST['byu3'];?>" /><br /> Resistance:<input type="text" name="byu4" class="input_int" value="<?=$_POST['byu4'];?>" /> <input type="submit" name="action" value="XP"/> </form> <?php include("templates/private_footer.php"); ?> https://guerredesgangs.net & http://www.bazinio.ca & http://www.thestreet2.ca
ybouane	25/01/2011 à 06:10:34
Admin	Bonjour, essaye ce code: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 <?php include("lib.php"); define("PAGENAME", "Acheter"); $player = check_user($secret_key, $db); $img = "<img src=images/bar_logo.PNG border=0 align=absmiddle><br /><br />"; include("templates/private_header.php"); ?> <div class="contenu"> <div class="contenu_bloc"> <h1>Acheter une boisson</h1> <? if (isset($_POST['byu']) and $_POST['byu1']>0 and $_POST['byu2']>0 and $_POST['byu3']>0 and $_POST['byu4']>0) { if (!$_POST['byu']) { //If username isn't filled in... $msg = "Mmh oui et quoi encore ?<br />\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu1'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu2'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu3'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!preg_match("/^[0-9]+$/", $_POST['byu4'])) { //If username contains illegal characters... $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message echo $msg; die(); } if (!$_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4'] > $player->stat_points \|\| $_POST['byu4'] < 0 \|\| $_POST['byu3'] < 0 \|\| $_POST['byu2'] < 0 \|\| $_POST['byu1'] < 0) { //If username isn't filled in... $msg = "Mmh oui et quoi encore sale tricheur ?<br />\n"; //Add to error message echo $msg; die(); } $cost = ($_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4']); $query = $db->execute("update `players` set `strength`=?, `force`=?, `vitality`=?, `def`=?, `stat_points`=? where `id`=?", array($player->strength + $_POST['byu1'], $player->force + $_POST['byu2'], $player->vitality + $_POST['byu3'], $player->def + $_POST['byu4'], $player->stat_points - $cost, $player->id)); echo "<font color=white>Xp r&eacutepartie!</font><br /><br />"; } ?> <i>Tu as <b><?=$player->stat_points?></b> points de comp&eacutetence &agrave d&eacutepenser.</i><br /> <form method="post" action="xp21.php"> <input readonly="readonly" type="text" name="byu" value="<?=$player->username?>" /><br /> Force:<input type="text" name="byu1" class="input_int" value="<?=$_POST['byu1'];?>" /><br /> Agileter:<input type="text" name="byu2" class="input_int" value="<?=$_POST['byu2'];?>" /><br /> Esquive:<input type="text" name="byu3" class="input_int" value="<?=$_POST['byu3'];?>" /><br /> Resistance:<input type="text" name="byu4" class="input_int" value="<?=$_POST['byu4'];?>" /> <input type="submit" name="action" value="XP"/> </form> <?php include("templates/private_footer.php"); ?> Cordialement
blingcru	25/01/2011 à 14:27:38
Membre	maintenant il fais plus rien oula :S, ok mais la le probleme maintenant exemple j'ai 1 xp qui me reste je peux pas le metre nul pas :S ses bien ses regler mais la oula :S https://guerredesgangs.net & http://www.bazinio.ca & http://www.thestreet2.ca
Pages: 1

Membre

Bonjour,

voila je post parce que je n'arrive pas a regler le probleme present .. nous pouvons repartir les xp a volonter sans fin si tu ajoute un 0 devant le nombre souhaiter ..

Pouvez-vous m'aider ??

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

<?php
include("lib.php");
define("PAGENAME", "Acheter");
$player = check_user($secret_key, $db);
$img = "<img src=images/bar_logo.PNG border=0 align=absmiddle><br /><br />";
include("templates/private_header.php");
?>
<div class="contenu">
 <div class="contenu_bloc">
  <h1>Acheter une boisson</h1>
<?


if (isset($_POST['byu']))
{
if (!$_POST['byu']) { //If username isn't filled in...
                $msg = "Mmh oui et quoi encore ?<br />\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu1']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu2']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu3']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu4']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
if (!$_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4']  > $player->stat_points  || $_POST['byu4'] < 0 || $_POST['byu3'] < 0 || $_POST['byu2'] < 0 || $_POST['byu1'] < 0) { //If username isn't filled in...
                $msg = "Mmh oui et quoi encore sale tricheur ?<br />\n"; //Add to error message
                echo $msg;
                die();
        }
$cost = ($_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4']);
                $query = $db->execute("update `players` set `strength`=?, `force`=?, `vitality`=?, `def`=?, `stat_points`=? where `id`=?", array($player->strength + $_POST['byu1'], $player->force + $_POST['byu2'], $player->vitality + $_POST['byu3'], $player->def + $_POST['byu4'], $player->stat_points - $cost, $player->id));

        
                
echo "<font color=white>Xp r&eacutepartie!</font><br /><br />";
}

?>
        <i>Tu as <b><?=$player->stat_points?></b> points de comp&eacutetence &agrave d&eacutepenser.</i><br />
<form method="post" action="xp21.php">
<input readonly="readonly" type="text" name="byu" value="<?=$player->username?>" /><br />
Force:<input type="text" name="byu1" class="input_int" value="<?=$_POST['byu1'];?>" /><br />
Agileter:<input type="text" name="byu2" class="input_int" value="<?=$_POST['byu2'];?>" /><br />
Esquive:<input type="text" name="byu3" class="input_int" value="<?=$_POST['byu3'];?>" /><br />
Resistance:<input type="text" name="byu4" class="input_int" value="<?=$_POST['byu4'];?>" />
<input type="submit" name="action" value="XP"/>
</form>


<?php
include("templates/private_footer.php");
?>

https://guerredesgangs.net & http://www.bazinio.ca & http://www.thestreet2.ca

Admin

Bonjour,
essaye ce code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

<?php
include("lib.php");
define("PAGENAME", "Acheter");
$player = check_user($secret_key, $db);
$img = "<img src=images/bar_logo.PNG border=0 align=absmiddle><br /><br />";
include("templates/private_header.php");
?>
<div class="contenu">
 <div class="contenu_bloc">
  <h1>Acheter une boisson</h1>
<?


if (isset($_POST['byu']) and $_POST['byu1']>0 and $_POST['byu2']>0 and $_POST['byu3']>0 and $_POST['byu4']>0)
{
if (!$_POST['byu']) { //If username isn't filled in...
                $msg = "Mmh oui et quoi encore ?<br />\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu1']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu2']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu3']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
        if (!preg_match("/^[0-9]+$/", $_POST['byu4']))
        { //If username contains illegal characters...
                $msg = "Essaye pas de me mettre la douille...\n"; //Add to error message
                echo $msg;
                die();
        }
if (!$_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4']  > $player->stat_points  || $_POST['byu4'] < 0 || $_POST['byu3'] < 0 || $_POST['byu2'] < 0 || $_POST['byu1'] < 0) { //If username isn't filled in...
                $msg = "Mmh oui et quoi encore sale tricheur ?<br />\n"; //Add to error message
                echo $msg;
                die();
        }
$cost = ($_POST['byu1'] + $_POST['byu2'] + $_POST['byu3'] + $_POST['byu4']);
                $query = $db->execute("update `players` set `strength`=?, `force`=?, `vitality`=?, `def`=?, `stat_points`=? where `id`=?", array($player->strength + $_POST['byu1'], $player->force + $_POST['byu2'], $player->vitality + $_POST['byu3'], $player->def + $_POST['byu4'], $player->stat_points - $cost, $player->id));

       
               
echo "<font color=white>Xp r&eacutepartie!</font><br /><br />";
}

?>
        <i>Tu as <b><?=$player->stat_points?></b> points de comp&eacutetence &agrave d&eacutepenser.</i><br />
<form method="post" action="xp21.php">
<input readonly="readonly" type="text" name="byu" value="<?=$player->username?>" /><br />
Force:<input type="text" name="byu1" class="input_int" value="<?=$_POST['byu1'];?>" /><br />
Agileter:<input type="text" name="byu2" class="input_int" value="<?=$_POST['byu2'];?>" /><br />
Esquive:<input type="text" name="byu3" class="input_int" value="<?=$_POST['byu3'];?>" /><br />
Resistance:<input type="text" name="byu4" class="input_int" value="<?=$_POST['byu4'];?>" />
<input type="submit" name="action" value="XP"/>
</form>


<?php
include("templates/private_footer.php");
?>

Cordialement

Membre

maintenant il fais plus rien oula :S,

ok mais la le probleme maintenant exemple j'ai 1 xp qui me reste je peux pas le metre nul pas :S ses bien ses regler mais la oula :S

https://guerredesgangs.net & http://www.bazinio.ca & http://www.thestreet2.ca