Page 1 of 1

Math question

Posted: Fri Jul 02, 2004 10:52 pm
by fresh
hey,

trying to add some values together, I have script that will mkdir and file in dir named points, and in points is the file, points.htm... In points.htm is blank, until the user beats a challenge, I suppose I could setup a variable with the given point value for that mission, but I can't get it to add to the points.htm...

I tried:

Code: Select all

$var = "10";
$sp = fopen("points.htm", "w");
$add = readfile($sp);
fwrite($sp,  $var + $add);
fclose($sp);
but it doesnt seem to work, as you can see Im trying to read the value of that points.htm file, and take that value, and add 10 to it, and it doesnt work, just overwrites the file, with 10 not the sum of 10 + value of points.htm... can someone point me to a good tutorial or throw up a working script to refernce... I would greatly appreciate the help... thanks

Posted: Fri Jul 02, 2004 10:57 pm
by feyd
try using file_get_contents() instead of readfile().

Posted: Fri Jul 02, 2004 10:59 pm
by feyd
another problem: you asked fopen to give you write-only access..

oh

Posted: Fri Jul 02, 2004 11:38 pm
by fresh
I see... thanks...

file_get_contents():... I'll try it, what about the math part, was my syntax correct?

thanks

Posted: Fri Jul 02, 2004 11:58 pm
by feyd
you're basically guaranteed to get at least 10 in the file.. The math should be okay.

Personally, I'd store this data in a database, but you may be just experimenting or something..

yeah

Posted: Sat Jul 03, 2004 12:47 am
by fresh
I'm simulating a db just for the profiles and point system, i dont want the users to have write access to the real db... I'm not good enough yet to prtoect it properly... anyway... could you look at my script feyd?

Code: Select all

<?php
$points = "100";
$name = $_GET['name'];
$pass = $_GET['pass'];

if(!$pass == "test") {
echo "<center>Wrong!  No points recieved.</center>";
} else {
$fp = fopen("user/".$name."/points.htm","w+");
$add = file_get_contents("user/".$name."/points.htm");
fwrite($fp, $add + $points);
fclose($fp);
echo "Correct!  You are awarded ".$points." points!";
}
?>
This is writing to the file and it's going to the right places and all, but it's not taking the value, and adding to it...

in the file it makes it puts the value 100 in it, and when I went back and tested it again, the file appeared to have been overwritten with 100 again.. is my syntax right for this? thanks

Posted: Sat Jul 03, 2004 1:13 am
by nigma
I was going to point out that you cannot use the arithmetic addition operator on two strings and get an integer. But, I guess you can :)

Code: Select all

<?php
$string1 = "2";
$string2 = "3";
$result = $string1 + $string2;
echo '$string1 = ' . gettype($string1) . '<br />';
echo '$string2 = ' . gettype($string2) . '<br />';
echo '$string1 + $string2 = ' . gettype($result);
?>
Thanks for helping me realize that.

By the way, does anyone think that's wierd?

Posted: Sat Jul 03, 2004 1:15 am
by feyd
other than your if, I see nothing striking that should make it fail... (the if should probably look more like the following)

Code: Select all

if($pass != "test")
also note, it's dangerous to pass a user's password over a get.

so

Posted: Sat Jul 03, 2004 1:36 am
by fresh
should I use $_POST['blah']...? Will that be 'more' secure?

ok, using the w just overwrites the value of 100, maybe I should auto give all users a value at go, and then write off that, unless...

I use a+, this writes the right sum but adds it to the value like so:

100200300, etc....

now I could add a + between each:
100 + 200 + 300

and give a var this value and output and write the value back to the file and screen... unless...

there is an easier way... thanks

Posted: Sat Jul 03, 2004 1:58 am
by feyd
using post is slightly more secure, but only a tiny bit. :)

how does the following run?

Code: Select all

<?php

$pts = 100;
$user = isset($_GET['name']) ? basename($_GET['name']) : '~nobody'; // <===  note the 'basename' here
// otherwise user would have the ability to pass something like:
//     http://your.host/your.script.php?name=. ... /passwd%00
$file = 'user/' . $user . '/points.htm';

$pts += (is_readable($file) ? (int)file_get_contents($file) : 0 );

$fp = fopen($file, 'wb');
if($fp === false) die('unable to open points file.');
fputs($fp, $pts );
fclose($fp);

echo 'Your point total is now ' . $pts . '.';

?>
[edited by Weirdan] made script secure [/edited]

ahhh...

Posted: Sat Jul 03, 2004 2:32 am
by fresh
now I can stop stressing... thank you buddy, that script is great! I would have never thought to code it like that... works exactly like I was wanting, just fantastic!! Thanks alot! :)


edit: saw the edit, and made the changes immediatly, thank you very much :)