PHP/Form running itself without verification

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
2DaysAway
Forum Newbie
Posts: 8
Joined: Thu Oct 18, 2007 4:35 pm

PHP/Form running itself without verification

Post by 2DaysAway »

I have an option on my game for a player to add more turns for use. The way I have it set up is after a 48 hour countdown, a link appears, they click the link, they're SUPPOSE to go to another page with a form and an option to select yes or no to verify if they want to add these turns.

BUT what happens, they click the link and instead of it going to the page with the form, it just runs the script.

Here is the script

Code: Select all

if (($bonustransfer != "no") && ($answer="yes")){
 
    if($time < $pimp[bonusturntime]){ $msg="You have to wait before receiving bonus turns"; }
elseif($time < $site[starts]){ $msg="You must wait until this game starts!"; }
elseif($bonustransfer > $user[credit]){ $msg="You dont have that many credits!"; }
  else{
 
$pimp = mysql_fetch_array(mysql_query("SELECT bonusturnsuses,crewjoindate,crewbonusturns,bonusturns,loyality,crew FROM `{$tab[pimp]}` WHERE `id`='$id' AND `rid`='$rid';"))or die("Error : didnt pull pimps info" . mysql_error());
$user = mysql_fetch_array(mysql_query("SELECT credit FROM `{$tab[user]}` WHERE `id`='$id';"))or die("Error : didnt pull credit count" . mysql_error());
$bonustime=$time+172800;//bonus turns every 48 hours
 
$crewinfo = mysql_fetch_array(mysql_query("SELECT members,totalbtuses FROM `{$tab[crew]}` WHERE `id`='$pimp[crew]' AND `rid`='$rid';"))or die("Error : didnt pull crew info" . mysql_error());
 
$ct=$crewinfo["members"];
$tcbt=$crewinfo["totalbtuses"];
$cjd=$pimp["crewjoindate"];
$cbt=$pimp["crewbonusturns"];
$btu=$pimp["bonusturnsuses"];
$pcw=$pimp["crew"];
if($pcw<=0){$bt=0;}
else{$bt=10;}
$enddate=$time;
$diff=$enddate-$cjd;
// immediately convert to days
$temp=$diff/86400; // 60 sec/min*60 min/hr*24 hr/day=86400 sec/day
// days
$days=floor($temp);  $temp=24*($temp-$days);
$ply=$pimp["loyality"];
if($pcw<=0){$xbt=0;}
else{$xbt=$days*$bt;}
if($pcw<=0){$lxbt=0;}
else{$lxbt=$bt*$ply;}
$bonusturns=$pimp["bonusturns"]+$cbt+$lxbt+$ct+$tcbt;
$adminmessage="Auto-Response: you received ". $bonusturns ." bonus turns.";
mysql_query("INSERT INTO `{$tab[mail]}` (rid,src,dest,msg,time,inbox) VALUES ('$rid','$adminid','$id','$adminmessage','$time',2);")or die("Error : " . mysql_error("tabmail error"));
mysql_query("UPDATE `{$tab[pimp]}` SET `messages`=messages+1 WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not update message bin" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `bonusturnsuses`=$btu+1 WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not update bonus turn count" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `loyalityturns`=$lxbt WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not update loyality turn count" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `turn`=turn+$bonustransfer+$cbt+$lxbt+$ct+$tcbt, `bonusturntime`=$bonustime WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not give turns" . mysql_error());
mysql_query("UPDATE `{$tab[pimp]}` SET `crewbonusturns`=crewbonusturns+$xbt WHERE `id`='$id' AND `rid`='$rid'")or die("Error : did not give crew bonus turns" . mysql_error());
mysql_query("UPDATE `{$tab[user]}` SET `credit`=credit-$bonustransfer WHERE `id`='$id'")or die("Error :did not deduct credits from account " . mysql_error());
mysql_query("UPDATE `{$tab[crew]}` SET `totalbtuses`=$btu+1 WHERE `id`='$pimp[crew]'")or die("Error :did not update crew bonusturn usest " . mysql_error());
mysql_query("INSERT INTO `{$tab[credits]}` (id,username,action,time,ip) VALUES ('','$un','$adminmessage','$time','$REMOTE_ADDR');")or die ("Did not INSERT info into credit table   " .mysql_error ());
header("Location: main.php?rid=$rid");
      }
}
Here is the form

Code: Select all

<form method="post" action="bonuscredits.php?action=bonustransfer">
  <div class="boxdef-hd"> <b>need more turns?</b>
    <div class="boxdef" align="center">
      <table align="center" cellspacing="1" cellpadding="4">
        <tr>
          <td><select name="answer" class="entry">
        <option class="entry" value="">select</option>
              <option class="entry" value="yes">yes</option>
              <option class="entry" value="no">no</option>
            </select></td>
        </tr>
        <tr>
          <td><input type="hidden" class="entry" size="5" value="<?=$answer?>" name="bonustransfer">
            <input type="submit" class="button" value="transfer"></td>
        </tr>
      </table>
    </div>
  </div>
</form>
Post Reply