Page 1 of 1

Can i jump back in script?

Posted: Thu Jan 28, 2010 10:48 am
by Goofan
Hi there, I where wondering can I jump back in script like jump from line "23 to line 3" (hypothetic)?


Why?
I got a code (shown below) That will generate a random number if the admin number is "1". my problem is if the random number is "1" again it needs to either jump back in script or "something else" plz help me on making this work...

Code: Select all

 
<?php
include "../login/database.php";
$users =(isset($_GET['users'])) ? (int)$_GET['users'] : false;
    if($users !== false)
 {
    $sql="SELECT * FROM konto WHERE saved_id=$users";      //selecting all from DB "Konto" where saved_id is the same as in the array $id
    
 }
    else
 {
    echo "NO saved_id!"."<br>"; 
 }
$result = mysql_query($sql) or die("Kunde inte lägga till ny text:<br />" . mysql_error());//Skicka info till tabell.
                 
while($row = mysql_fetch_array( $result ))      //fetching info from file and putting it in $row
{
        $user=$row['user'];
        $money=$row['pengar'];
        $swordmen=$row['swordmen'];
        $admin=$row['admin'];
    
}
 
echo $admin ."<br>";
 
    if ($admin = 1)
    {
    $sqls = "SELECT saved_id FROM konto ";
    $results = mysql_query($sqls) or die("Kunde inte lägga till ny text:<br />" . mysql_error());//Skicka info till tabell.
    $num_rows = mysql_num_rows($results);
                 
    $users = rand(1,$num_rows);
    
    $sql="SELECT * FROM konto WHERE saved_id=$users";      //selecting all from DB "Konto" where saved_id is the same as in the array $id
    $result = mysql_query($sql) or die("Kunde inte lägga till ny text:<br />" . mysql_error());//Skicka info till tabell.
                 
    while($row = mysql_fetch_array( $result ))      //fetching info from file and putting it in $row
    {
        $user=$row['user'];
        $money=$row['pengar'];
        $swordmen=$row['swordmen'];
    
    }
 
    }
    echo $user ."<br>" .$money ."<br>" .$swordmen ."<br>";?>
 

Re: Can i jump back in sccript?

Posted: Thu Jan 28, 2010 11:33 am
by requinix
Why can't you just generate a random number between 2 and the number of rows?

Maybe you didn't quite explain that right. Are you trying to select a non-admin=1 user? Okay: why not add that as a constraint in the second query?

(PS: $admin == 1)

Re: Can i jump back in script?

Posted: Thu Jan 28, 2010 12:31 pm
by Goofan
tasairis wrote:Why can't you just generate a random number between 2 and the number of rows?

Maybe you didn't quite explain that right. Are you trying to select a non-admin=1 user? Okay: why not add that as a constraint in the second query?

(PS: $admin == 1)

i actually have the $admin == 1) in my own code i dont know why it wasnt here...

and yes im trying to select a non-admin which is the number "0".
what is a constraint? (sorry if im being dummy like :roll: )

i need it to be a "non-admin"! :(

the only ways that i thought of where to say If admin == 1 then rand ... and then the same like 50 times.so that the possibility for the "user" to random a admin is "doubtful". but thats just alot of messy code.


The randomed number is a way to "choose user" and the admin number is a seperate number to see if the user is a admin.

Re: Can i jump back in script?

Posted: Thu Jan 28, 2010 1:16 pm
by requinix
It says in the table whether a user is an admin or not, right? So why not adjust your SELECT so it only returns non-admins?

Re: Can i jump back in script?

Posted: Fri Jan 29, 2010 7:35 am
by Goofan
Yes that is what it is doing.

I need it to as u proberbly see on the code I am telling it to re-random if it is admin == 1 but what if it happens again so next random get a user wich is a admin aswell...

If this is not what ure meaning plz explain further

Re: Can i jump back in script?

Posted: Fri Jan 29, 2010 7:51 am
by josh
Create a function and call it twice. Functions and methods are today's version of GOTO.
Any security mechanism that relies on rand is stupid.

Re: Can i jump back in script?

Posted: Fri Jan 29, 2010 8:33 am
by Goofan
thanks then im stupid ;9 "kidding".
it aint a security thing its just a thing to collect all the stuffs that the "user" got at theire row at the database.

Re: Can i jump back in script?

Posted: Fri Jan 29, 2010 9:22 am
by josh
Why not just use rand( 2, $num_rows)

?

A constraint:

SELECT `id` from `users` WHERE id != 1 order by RAND() limit 1

Your rand version also does not account for missing users. Not saying its necessarily stupid, but if your login mechanism can be bypassed by refreshing the page you have real security flaws.

Re: Can i jump back in script?

Posted: Fri Jan 29, 2010 10:48 am
by Goofan
well the number choosen in the rand(1, $num rows) is a "saved_id" wich indicates what number the user is so i can keep track of him/her. the other number is basicly a number of 0 and 1 where 1 is admin and 0 is normal users.


the users will enter a username and pass then by that i collect a number wich follows the user around...
This is a demo version of a game. practically its just a beginners part so that i would learn about it i will remake all using sessions and OOP later "this is a DEMO". But as said the admin number and the user number dont mix.

Re: Can i jump back in script?

Posted: Sat Jan 30, 2010 9:36 pm
by josh
Goofan wrote:well the number choosen in the rand(1, $num rows) is a "saved_id" wich indicates what number the user is so i can keep track of him/her. the other number is basicly a number of 0 and 1 where 1 is admin and 0 is normal users.
How do you know? What happens if it generates a record for a row that doesn't exist? What happens if you skipped 1,000 auto increments because of a bad import you had to delete? Why rely on something so brittle like the auto increment.

Actually nothing in the mysql documentation says you are guaranteed to have rows present for every number you could randomly generate. Simply put you're doing it wrong, in order to make your solution work you'd also have to check if the user exists and keep trying numbers. That seems like an awful lot of code to write (involving multiple queries, recursive functions, and loops)

Why not just ask the database for a random row like normal people do it?

SELECT * from `table` order by RAND() limit 1

Your approach reminds me of this: http://en.wikipedia.org/wiki/Rube_Goldberg_machine