[HELP] Coins Page

KillHumans · 09/21/2012, 20:52

If user come from:

Quote:

Page add:
$sql = mysql_query("UPDATE account.account SET coins = coins + 50 WHERE id='".$_SESSION['user_id']."'")

Coins in database.

If user comes from another page, page give error:
Error, you don't pay for that.

I need that in php.

Someone can help me?

Thank you.

fortiZ1337 · 09/21/2012, 21:19

I don't like php, so I dont want to answer to the mainquestion,..
nevertheless I'll say.... be careful with that query.

Injection inc!

Maybe this could help you.

KillHumans · 09/21/2012, 21:24

First i need the code, after my teacher protect the file!

Thank you for your reply.

MrSm!th · 09/22/2012, 21:00

#moved

RecK · 09/26/2012, 20:26

You have to check the site from wich your user is came from.
This site you can get with the JavaScript "refferer". It exist a mothod in php like this but i can released only in javascript.

Code:

<script type="text/javascript">
var lastpage = document.referrer;
<script type="text/javascript">

Afterwards you have to check "was the last page like yours?"
You have to take "if and else" to check this.

PHP Code:



<script type="text/javascript"> 
var lastpage = document.referrer; 
 
if (lastpage == "yourSiteAsAString") { 
<?php 
mysql_query("UPDATE account.account SET `coins` = `coins` + 50 WHERE `id`='".mysql_real_escape_string($_SESSION['user_id'])."'") or die (mysql_error()); 
?> 
var result = "you earned coins"; 
} 
else { 
var result = "access denied"; 
} 
<script type="text/javascript">

With document.refferer you'll get the last page in most of the cases.
But sometimes you get an empty string.

マルコ · 09/27/2012, 13:29

Quote:
Originally Posted by RecK
You have to check the site from wich your user is came from.
This site you can get with the JavaScript "refferer". It exist a mothod in php like this but i can released only in javascript.
Code:
<script type="text/javascript">
var lastpage = document.referrer;
<script type="text/javascript">
Afterwards you have to check "was the last page like yours?"
You have to take "if and else" to check this.

PHP Code:

<script type="text/javascript"> var lastpage = document.referrer; if (lastpage == "yourSiteAsAString") { <?php mysql_query("UPDATE account.account SET `coins` = `coins` + 50 WHERE `id`='".mysql_real_escape_string($_SESSION['user_id'])."'") or die (mysql_error()); ?> var result = "you earned coins"; } else { var result = "access denied"; } <script type="text/javascript">

With document.refferer you'll get the last page in most of the cases.
But sometimes you get an empty string.

Are you serious???
You mix server side and client side scripting here! With your script, this query will be executed no matter what page the user came from!
What you have to do is this whole thing in PHP!

PHP Code:



if($_SERVER['HTTP_REFERER'] == "yoursiteasstring") 
{ 
  mysql_query("UPDATE account.account SET `coins` = `coins` + 50 WHERE `id`='".mysql_real_escape_string($_SESSION['user_id'])."'") or die (mysql_error());  
  echo 'U got coins!'; 
} 
else 
  echo 'Y U NO come from my fav site?';

Don't forget to initialize the mysql connection with mysql_connect()!