lol... i made a reply to this on video 5 and several other were made before me.hallsofvallhalla wrote:this is why
needs to beCode: Select all
$query = "select name,password from players where name='$player' and '$password'";
this error I MADE has been biting me in the arse since I made itCode: Select all
$query = "select name,password from players where name='$player' and password = '$password'";
Code: Select all
<?php
include_once 'connect.php';
session_start();
if (isset($_POST['submit']))
{
$player=$_POST['player'];
$password=$_POST['password'];
$player=strip_tags($player);
$password=strip_tags($password);
$password=md5($password);
$ldate=date("d.m.y H:i");
$query = "select name,password from players where name='$player' and password='$password'";
$result = mysql_query($query) or die("Could not query players");
$result2 = mysql_fetch_array($result);
if ($result2)
{
$_SESSION['player']=$player;
echo "<big>Logged in successfully<br>";
echo "<A href='index.php'>Continue</a></big>";
mysql_query("INSERT INTO loginlog (username, ip, status, password, date) VALUES ('$_SESSION[player]','$_SERVER[REMOTE_ADDR]','success','Not viewable.','$ldate')");
}
else
{
echo "<big>Wrong username or password.<A href='login.php'>Try Again</a></big>";
mysql_query("INSERT INTO loginlog (username, ip, status, password, date) VALUES ('$_POST[player]','$_SERVER[REMOTE_ADDR]','failed','$_POST[password]','$ldate')");
}
}
?>
Code: Select all
CREATE TABLE `loginlog` (
`id` int(15) NOT NULL auto_increment,
`username` varchar(100) NOT NULL,
`ip` varchar(15) NOT NULL,
`status` varchar(20) NOT NULL,
`password` varchar(100) NOT NULL,
`date` varchar(50) NOT NULL,
UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
Code: Select all
<?php
include_once 'connect.php';
session_start();
include_once 'logo.php';
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<div id="login2" div align="center">
<?php
if (isset($_SESSION['player']))
{
$player=$_SESSION['player'];
}
else
{
echo "Not Logged in <br><br> <A href='login.php'>Login</a>";
exit;
}
?>
</div>
<?php
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);
include_once 'statpanel.php';
?>
<div id ="locations">
<?php
$playerhp = $playerinfo3['hpoints'];
if ($playerhp < 1)
{
echo "You are dead!" ;
echo "<br><a href='useitem.php>Use an Item";
exit;
}
if(isset($_GET['map']))
{
$bypass=1;
echo "<a href='index.php?mapchange=1&mapname=Crocania'>Crocania</a><br>";
echo "<a href='index.php?mapchange=1&mapname=Fordale Woods'>Fordale Woods</a><br>";
echo "<a href='index.php?mapchange=1&mapname=Mintus Mountains'>Mintus Mountains</a><br>";
}
if(isset($_GET['mapchange']))
{
$bypass=1;
$mapname = $_GET['mapname'];
$updateplayer="update players set location='$mapname' where name='$playerinfo3[name]'";
mysql_query($updateplayer) or die("Could not update player");
echo "You have traveled to " . $mapname . ".<br>";
echo "<a href='index.php'>To location</a><br>";
}
if($bypass != 1)
{
echo "<b><big><u>" . $playerinfo3['location'] . "</u></big></b><br>";
echo "<a href='store.php'>Visit Store</a><br>";
echo "<a href='weaponshop.php'>Visit Weapon Shop</a><br>";
echo "<a href='armorshop.php'>Visit Armor Shop</a><br>";
echo "<a href='inn.php'>Visit Inn</a><br>";
echo "<a href='spelltrainer.php'>Visit Spell Trainer</a><br>";
echo "<a href='battle.php'>Battle in Arena</a><br>";
echo "<a href='index.php?map=1'>Go to Map</a><br>";
}
?>
</div>
<div id="logout">
<?php
echo "<br><a href='logout.php'><img src='images/logout.gif'></a>";
?>
</div>
Code: Select all
<div id="lpanel">
<?php
echo "<u><b> " . $playerinfo3['name'] . "</b></u><br>";
echo $playerinfo3['pclass'] . "<br>";
//////////////new for 17
echo "Level " . $playerinfo3['level'] . "<br>";
echo "Attack = " . $playerinfo3['attack'] . "<br>";
echo "Defense = " . $playerinfo3['defense'] . "<br>";
echo "Hit Points<br>";
echo "Spell Points<br><br>";
echo "<b><big><u>Gold</u></big></b><br>";
echo $playerinfo3['gold'];
?>
<?php
echo "<br><br>";
echo "<a href='equipment.php'>Equipment<br></a>";
////////////////////////new for video 17////////////////
echo"<br>";
$expneeded = ($playerinfo3[level] * 100) * $playerinfo3[level];
if ($playerinfo3[exper] >= $expneeded)
{ echo "<br><a href='levelup.php'>Level Up!!</a>";}
?>
</div>
<div id= "hpointsback">
<?php
echo "<img src='images/barback.png'>";
?>
</div>
<div id= "hpoints">
<?php
$width = ($playerinfo3['hpoints'] / $playerinfo3['maxhp']) * 100;
echo "<img src='images/hpoints.png' width='$width' height='15' >";
?>
</div>
<div id= "spointsback">
<?php
echo "<img src='images/barback.png'>";
?>
</div>
<div id= "spoints">
<?php
$width = ($playerinfo3['spoints'] / $playerinfo3['maxspoints']) * 100;
echo "<img src='images/spoints.png' width='$width' height='15' >";
?>
</div>
Code: Select all
<?php
include_once 'connect.php';
session_start();
include_once 'logo.php';
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<?php
if (isset($_SESSION['player']))
{
$player=$_SESSION['player'];
}
else
{
echo "Not Logged in <br><br> <A href='login.php'>Login</a>";
exit;
}
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);
include_once 'statpanel.php';
?>
</div>
<div id="table">
<?php
$pllocation=$playerinfo3['location'];
$inninfo="SELECT * from locations where location='$pllocation' AND type='weaponshop'";
$inninfo2=mysql_query($inninfo) or die("could not get player stats!");
$inninfo3=mysql_fetch_array($inninfo2);
////////////////////new for video 20
$shoplevel = $inninfo3['level'];
if (isset($_GET['bought']))
{
$bypass = 1;
$id=$_GET['id'];
$playerid = $playerinfo3['id'];
$class = $playerinfo3['pclass'];
$level = $playerinfo3['level'];
$iteminfo="SELECT * from weapons where id='$id'";
$iteminfo2=mysql_query($iteminfo) or die("could not get item stats!");
$iteminfo3=mysql_fetch_array($iteminfo2);
if ($playerinfo3['gold'] < $iteminfo3['price'])
{
echo "You do not have enough Gold for this purchase!";
echo "<center><a href='index.php'>Go Back</center>";
exit;
}
if ($playerinfo3['pclass'] != $iteminfo3['class'] && $iteminfo3['class'] != "any")
{
echo "You are not the right class for this item!";
echo "<center><a href='index.php'>Go Back</center>";
exit;
}
if ($playerinfo3['level'] < $iteminfo3['level'])
{
echo "You are not high enough level to use this item!";
echo "<center><a href='index.php'>Go Back</center>";
exit;
}
$name = $iteminfo3['name'];
$rating = $iteminfo3['rating'];
$wlevel = $iteminfo3['level'];
$hittext = $iteminfo3['hittext'];
$damage = $iteminfo3['damage'];
$randid = rand(1000,999999999);
$percentage = $iteminfo3[price] / 100;
$price = $iteminfo3[price] * $percentage;
$newprice = $price + $iteminfo3[price];
$newprice = (int)$newprice;
$itembought = "INSERT into playerweapons(pid, name, rating, level, randid,price,class,hittext,damage) VALUES ('$playerid','$name','$rating','$wlevel','$randid','$newprice','$class','$hittext','$damage')";
mysql_query($itembought) or die("could not insert weapon into backpack");
$updateplayer="update players set gold=gold-'$newprice' where name='$player'";
mysql_query($updateplayer) or die("Could not update player");
echo $name . " Purchased<br>";
echo $inninfo3['exitgreet'] . "<br>";
echo "<a href='index.php'>Go Back</center>";
}
if ($bypass != 1)
{
$counter = 0;
$class = $playerinfo3['pclass'];
$level = $playerinfo3['level'];
echo "<center>" . $inninfo3['greeting'] . "<br>";
echo "<small>";
print "<center>";
print "<table border='0' width='70%' cellspacing='20'>";
print "<tr><td width='25%' valign='top'>";
print "</td>";
print "<td valign='top' width='75%'>";
$invinfo="SELECT * from weapons where class = '$class' AND level <= '$level' AND level <= '$shoplevel' || class='any'";
$invinfo2=mysql_query($invinfo) or die("could not select anything from the store.");
print "<table border='1' bordercolor='white' bgcolor='#ffffff'>";
print "<tr><td>Name<font color='ffffff'>________________</td><td>Rating<font color='ffffff'>______</td><td>Price<font color='ffffff'>______</td><td><font color='ffffff'>________________</td></tr>";
while($invinfo3=mysql_fetch_array($invinfo2))
{
$counter = 1;
$percentage = $inninfo3[price] / 100;
$price = $invinfo3[price] * $percentage;
$newprice = $price + $invinfo3[price];
$newprice = (int)$newprice;
print "<tr><td>$invinfo3[name]</td><td>$invinfo3[rating]</td><td>$newprice</td><td><A href='weaponshop.php?id=$invinfo3[id]&bought=1'>Buy Weapon</td></tr>";
}
print "</table>";
print "</td></tr></table>";
print "</center>";
echo "</small>";
if ($counter == 0)
{
echo "<center>There is nothing in the store at this time.<br>";
echo "<a href='index.php'>Go Back</center>";
exit;
}
echo "<center><a href='index.php'>NeverMind</center></a>";
}
?>
</div>
Code: Select all
<?php
include_once 'connect.php';
session_start();
include_once 'logo.php';
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<div id="login2" div align="center">
<?php
if (isset($_SESSION['player']))
{
$player=$_SESSION['player'];
}
else
{
echo "Not Logged in <br><br> <A href='login.php'>Login</a>";
exit;
}
?>
</div>
<?php
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);
include_once 'statpanel.php';
$pid = $playerinfo3['id'];
$name = $playerinfo3['name'];
$playerhp = $playerinfo3['hpoints'];
$playerattack = $playerinfo3['attack'];
$playerdefense = $playerinfo3['defense'];
?>
<div id="table">
<?php
if (isset($_GET['randid']))
{
$randid=$_GET['randid'];
$iteminfo="SELECT * from inventory where randid='$randid' AND id ='$pid'";
$iteminfo2=mysql_query($iteminfo) or die("could not get item stats!");
$iteminfo3=mysql_fetch_array($iteminfo2);
if (!$iteminfo3['name'])
{
}
else
{
$iname = $iteminfo3['name'];
$stats = $iteminfo3['stats'];
$statadd = $iteminfo3['statadd'];
$type = $iteminfo3['type'];
if ($type == "healing")
{
$newhp = $statadd + $playerhp;
if ($newhp > $playerinfo3['maxhp'])
{
$newhp = $playerinfo3['maxhp'];
}
$updateplayer="update players set hpoints='$newhp' where id='$pid'";
mysql_query($updateplayer) or die("Could not update player");
$updateitem="DELETE from inventory where id='$pid' AND randid='$randid' limit 1";
mysql_query($updateitem) or die("Could not delete item");
$playerhp = $newhp;
echo "Used " . $iname . " and recovered " . $statadd . ".<br>";
}
}}
$creature = $playerinfo3['creature'];
if ($creature != 0)
{
$creatureinfo="SELECT * from creatures where id='$creature'";
$creatureinfo2=mysql_query($creatureinfo) or die("could not get the creature you were fighting!");
$creatureinfo3=mysql_fetch_array($creatureinfo2);
}
else
{
////////////////////new for video 20
$areaninfo="SELECT * from locations where location='$pllocation' AND type='arena'";
$areaninfo2=mysql_query($areaninfo) or die("could not get arena");
$areaninfo3=mysql_fetch_array($areaninfo2);
$arenalevel = $areaninfo3['level'];
$creatureinfo="SELECT * from creatures where level <= '$arenalevel' order by rand() limit 1";
$creatureinfo2=mysql_query($creatureinfo) or die("could get a creature!");
$creatureinfo3=mysql_fetch_array($creatureinfo2);
$cid = $creatureinfo3['id'];
$updateplayer="update players set creature='$cid' where name='$name'";
mysql_query($updateplayer) or die("Could not update player");
}
$creature = $creatureinfo3['name'];
$creaturehp = $creatureinfo3['hpoints'];
$creatureattack = $creatureinfo3['attack'];
$creaturedefense = $creatureinfo3['defense'];
?>
</div>
<div id="player">
<?php
/////player info
echo "<u> " . $playerinfo3['name'] . "</u><br>";
echo "Hit points = " . $playerhp . "<br>";
echo "Attack = " . $playerattack . "<br>";
echo "Defense = " . $playerdefense . "<br><br><br>";
?>
</div>
<div id="creature">
<?php
///////creature info
echo "<u> " . $creatureinfo3['name'] . "</u><br>";
echo "Hit points = " . $creaturehp . "<br>";
echo "Attack = " . $creatureattack . "<br>";
echo "Defense = " . $creaturedefense . "<br><br><br>";
echo "<a href='attack.php'>Attack</a>";
echo "<br><a href='usemagic.php'>Use Magic</a>";
echo "<br><a href='useitem.php'>Use Item</a>";
echo "<br><a href='index.php'>Exit Arena</a>";
?>
</div>
<div id="logout">
<?php
echo "<br><a href='logout.php'><img src='images/logout.gif'>";
?>
</div>
Code: Select all
<?php
include_once 'connect.php';
session_start();
include_once 'logo.php';
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<?php
if (isset($_SESSION['player']))
{
$player=$_SESSION['player'];
}
else
{
echo "Not Logged in <br><br> <A href='login.php'>Login</a>";
exit;
}
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);
include_once 'statpanel.php';
?>
</div>
<div id="table">
<?php
$counter = 0;
$class = $playerinfo3['pclass'];
$level = $playerinfo3['level'];
$pllocation=$playerinfo3['location'];
$inninfo="SELECT * from locations where location='$pllocation' AND type='armorshop'";
$inninfo2=mysql_query($inninfo) or die("could not get player stats!");
$inninfo3=mysql_fetch_array($inninfo2);
$shoplevel = $inninfo3['level'];
if (isset($_GET['bought']))
{
$bypass = 1;
$id=$_GET['id'];
$playerid = $playerinfo3['id'];
$class = $playerinfo3['pclass'];
$level = $playerinfo3['level'];
$iteminfo="SELECT * from armor where id='$id'";
$iteminfo2=mysql_query($iteminfo) or die("could not get item stats!");
$iteminfo3=mysql_fetch_array($iteminfo2);
if ($playerinfo3['gold'] < $iteminfo3['price'])
{
echo "You do not have enough Gold for this purchase!";
echo "<center><a href='index.php'>Go Back</center>";
exit;
}
if ($playerinfo3['pclass'] != $iteminfo3['class'] && $iteminfo3['class'] != "any")
{
echo "You are not the right class for this item!";
echo "<center><a href='index.php'>Go Back</center>";
exit;
}
if ($playerinfo3['level'] < $iteminfo3['level'])
{
echo "You are not high enough level to use this item!";
echo "<center><a href='index.php'>Go Back</center>";
exit;
}
$name = $iteminfo3['name'];
$rating = $iteminfo3['rating'];
$wlevel = $iteminfo3['level'];
$location = $iteminfo3['location'];
$randid = rand(1000,999999999);
$percentage = $iteminfo3[price] / 100;
$price = $iteminfo3[price] * $percentage;
$newprice = $price + $iteminfo3[price];
$newprice = (int)$newprice;
$itembought = "INSERT into playerarmor(pid, name, rating, level, randid,price,class,location) VALUES ('$playerid','$name','$rating','$wlevel','$randid','$newprice','$class','$location')";
mysql_query($itembought) or die("could not insert weapon into backpack");
$updateplayer="update players set gold=gold-'$newprice' where name='$player'";
mysql_query($updateplayer) or die("Could not update player");
echo $name . " Purchased";
echo $inninfo3['exitgreet'] . "<br>";
echo "<a href='index.php'>Go Back</center>";
}
if ($bypass != 1)
{
echo "<center>" . $inninfo3['greeting'] . "<br>";
echo "<small>";
print "<center>";
print "<table border='0' width='70%' cellspacing='20'>";
print "<tr><td width='25%' valign='top'>";
print "</td>";
print "<td valign='top' width='75%'>";
$invinfo="SELECT * from armor where class = '$class' AND level <= '$level' AND level <= '$shoplevel' || class='any'";
$invinfo2=mysql_query($invinfo) or die("could not select anything from the store.");
print "<table border='1' bordercolor='white' bgcolor='#ffffff'>";
print "<tr><td>Name<font color='ffffff'>________________</td><td>Rating<font color='ffffff'>______</td><td>Location<font color='ffffff'>______</td><td>Price<font color='ffffff'>______</td><td><font color='ffffff'>________________</td></tr>";
while($invinfo3=mysql_fetch_array($invinfo2))
{
$counter = 1;
/////////////////////new for video 18//////////////////////
$percentage = $inninfo3[price] / 100;
$price = $invinfo3[price] * $percentage;
$newprice = $price + $invinfo3[price];
$newprice = (int)$newprice;
print "<tr><td>$invinfo3[name]</td><td>$invinfo3[rating]</td><td>$invinfo3[location]</td><td>$newprice</td><td><A href='armorshop.php?id=$invinfo3[id]&bought=1'>Buy Armor</td></tr>";
}
print "</table>";
print "</td></tr></table>";
print "</center>";
echo "</small>";
if ($counter == 0)
{
echo "<center>There is nothing in the store at this time.<br>";
echo "<a href='index.php'>Go Back</center>";
exit;
}
echo "<center><a href='index.php'>NeverMind</center></a>";
}
?>
</div>
Code: Select all
<?php
include 'connect.php';
?>
<?php
$player=$_POST['player'];
$password=$_POST['password'];
$pass2=$_POST['pass2'];
$player=strip_tags($player);
$email=$_POST['email'];
$email=strip_tags($email);
$classchoice=$_POST['classchoice'];
if ($email == "")
{
echo "You didn't enter a email address!<br>";
echo " <A href='register.php'>Go back</a>";
exit;
}
if ($password==$pass2)
{
$isplayer="SELECT * from players where name='$player'";
$isplayer2=mysql_query($isplayer) or die("Could not query players table");
$isplayer3=mysql_fetch_array($isplayer2);
if(!$_POST['password'] || !$_POST['pass2'])
{
print "You did not enter a password<br>";
echo " <A href='register.php'>Go back</a>";
exit;
}
else if($isplayer3 || strlen($player)>21 || strlen($player)<1)
{
print "There is already a player of that name or the name you specified is over 16 letters or less than 1 letter";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
else
{
$isaddress="SELECT * from players where email='$email'";
$isaddress2=mysql_query($isaddress) or die("not able to query for password");
$isaddress3=mysql_fetch_array($isaddress2);
if($isaddress3)
{
print "There is already a player with that e-mail address";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
else
{
$password=md5($password);
//////////////////////////////new for video 9//////////////
$classquery="SELECT * from classes where name='$classchoice'";
$classquery2=mysql_query($classquery) or die("Could not query classes");
$classquery3=mysql_fetch_array($classquery2);
$SQL = "INSERT into players(name, password, email, level, exper, attack, defense, hpoints, maxhp, spoints, maxspoints,pclass) VALUES ('$player','$password','$email','1','0','$classquery3[attack]','$classquery3[defense]','$classquery3[hpoints]','$classquery3[hpoints]','$classquery3[spoints]','$classquery3[spoints]','$classquery3[name]')";
mysql_query($SQL) or die("could not register");
print "Thank you for registering!";
}
}
}
else
{
print "Your password didn't match or you did not enter a password";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
echo " <A href='login.php'>Login Page</a><br>";
?>
Code: Select all
<?php
$db = mysql_connect("localhost","root","") or die("Could not connect to db");
if(!$db)
die("no db");
if(!mysql_select_db("tutorial",$db))
die("No Database Selected");
?>Code: Select all
<?php
include 'connect.php';
?>
<?php
$player=$_POST['player'];
$password=$_POST['password'];
$pass2=$_POST['pass2'];
$player=strip_tags($player);
$email=$_POST['email'];
$email=strip_tags($email);
$classchoice=$_POST['classchoice'];
if ($email == "")
{
echo "You didn't enter a email address!<br>";
echo " <A href='register.php'>Go back</a>";
exit;
}
if ($password==$pass2)
{
$isplayer="SELECT * from players where name='$player'";
$isplayer2=mysql_query($isplayer) or die("Could not query players table");
$isplayer3=mysql_fetch_array($isplayer2);
if(!$_POST['password'] || !$_POST['pass2'])
{
print "You did not enter a password<br>";
echo " <A href='register.php'>Go back</a>";
exit;
}
else if($isplayer3 || strlen($player)>21 || strlen($player)<1)
{
print "There is already a player of that name or the name you specified is over 16 letters or less than 1 letter";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
else
{
$isaddress="SELECT * from players where email='$email'";
$isaddress2=mysql_query($isaddress) or die("not able to query for password");
$isaddress3=mysql_fetch_array($isaddress2);
if($isaddress3)
{
print "There is already a player with that e-mail address";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
else
{
$password=md5($password);
//////////////////////////////new for video 9//////////////
$classquery="SELECT * from classes where name='$classchoice'";
$classquery2=mysql_query($classquery) or die("Could not query classes");
$classquery3=mysql_fetch_array($classquery2);
$SQL = "INSERT into players(name, password, email, level, exper, attack, defense, hpoints, maxhp, spoints, maxspoints,pclass) VALUES ('$player','$password','$email','1','0','$classquery3[attack]','$classquery3[defense]','$classquery3[hpoints]','$classquery3[hpoints]','$classquery3[spoints]','$classquery3[spoints]','$classquery3[name]')";
mysql_query($SQL) or die("could not register");
print "Thank you for registering!";
}
}
}
else
{
print "Your password didn't match or you did not enter a password";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
echo " <A href='login.php'>Login Page</a><br>";
?>
). In the end, I have to agree only to sit, listen and watch, because my code is "too done". It would help more, if the code would be as partial as you copy in the specific video. 