Hi Stackers,
I'm having a small problem with my PHP Code. It's a Crack the vault game, not finished. However, there is a problem. I Have the variable $needednumber, which I need to check if the user has another try or not, based on the selection which is saved in the variable $vaultselection.
When echoen the $needednumber Variable, I don't get any result, that's why I think that he isn't correctly checking. I've set myself to 0 Tries, however, it still passes the check.
What am I doing wrong?
vault.php
// Activate only when SET
if(isset($_POST['crack_vault'])){
// Get our cracker user id.
$cracker = $user['id'];
$cracktries = $user['try_vault'];
// Get the Vault selection
$vaultselection = $_GET['vaultoptions'];
echo $vaultselection;
// Check how many tries the cracker needs
if($vaultselection = "mainvault"){
$needednumber = "1";
}else if($vaultselection == "bonusvault"){
$needednumber = "2";
}
// Check if the cracker may try a crack, or else Continue
if($cracktries < $needednumber){
$error = "<div class='geenTeamlid' style='margin-bottom: 5px;'>Sorry, het is je <strong>niet</strong> gelukt iets uit de kluis te kraken!</div>";
}else{
// Get our beloved cracker his/her data.
$vault_type = htmlentities($_POST['vault_picker']);
$vaultnumber_one = htmlentities($_POST['vault_1']);
$vaultnumber_two = htmlentities($_POST['vault_2']);
$vaultnumber_three = htmlentities($_POST['vault_3']);
$vaultnumber_four = htmlentities($_POST['vault_4']);
// Get one string of four values. The final Vaultnumber.
$vaultnumbers = array($vaultnumber_one, $vaultnumber_two, $vaultnumber_three, $vaultnumber_fout);
$vaultnumber = implode("|", $vaultnumbers);
// Let us check this shit. Can we find a match?
if($vaultselection = "mainvault"){
$check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."' AND vault = 'normal')");
}else if($vaultselection = "bonusvault"){
$check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."')");
}
// Get a final number as result. YES!
$prizecount = mysql_num_rows($check_codes);
// Show the user the result!
if($prizecount < 1){
$error = "<div class='geenTeamlid' style='margin-bottom: 5px;'>Jij hebt ".$cracktries." || Jij hebt nodig " .$needednumber. " || Jij koos " .$vaultselection. ".</div>";
}else if($prizecount < 2){
}
// End the if enough cracks check.
}
// End the set when someone posted a thing!
}
As pointed out by Marvin,
if($vaultselection == "mainvault"){
$needednumber = "1";
} elseif($vaultselection == "bonusvault"){
$needednumber = "2";
} else {
# missing? security issue as $_GET data is easily manipulated
# Setting this to 3 for could example would cause an SQL error
$vaultselection = "mainvault";
$needednumber = "1";
}
And..
if($vaultselection == "mainvault"){
$check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."' AND vault = 'normal')");
} elseif($vaultselection == "bonusvault") {
$check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."')");
} else {
die('unknown vault selection');
}
Without the == you are setting the variable and that will always be true so only the first statement will be used.
Also what I pointed out in the else comments, always expect that the data a user sends you will be invalid. Using the else statement you can prevent further script execution or correct the data forcing default settings.
you need to determine if vaultoptions is being set and if not - assign it a value that can be used.Also you are using $_GET for some of of hte code and $_POST for other part - is this correct? or should it be one or the other throughout?
if(isset($_GET['vaultoptions'])){
$vaultselection = $_GET['vaultoptions'];}
else{ $vaultselection = "Not Selected";}
echo $vaultselection;
and then in your comparisons - you need to use the compare "==" rather than the assign "=" operator.
if($vaultselection == "mainvault"){
$needednumber = "1";
}else if($vaultselection == "bonusvault"){
$needednumber = "2";
}