Home/ Questions/Q 4103884
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T21:01:01+00:00

For some reason when a user comes to my site to play multiplayer the

  • 0

For some reason when a user comes to my site to play multiplayer the call to the php file is sent, but the database never adds a new player or updates their information.

php file is called with the following line of code from a javascript file:

xmlhttp.open('GET',"xml_http_request.php?mod0="+truckHeading+"&mod1="+newhtr[1]+"&mod2="+absRoll+"&lla0="+lla[0]+"&lla1="+lla[1]+"&lla2="+lla[2]+"&pid="+rCC+"&rangeCheck="+rangeCheck+"&ranger="+ranger+"&namely="+namely+"&message="+message+"&unLoader=false", true);

Here’s the php code:

<?php
require("db1.php"); //for using live public database
//require("db.php"); //for using local database

$inserter=0;

//assign pid if have not already
$pid=$_GET['pid'];
if($pid=='false'){
  $inserter=1;
  $query="SELECT id FROM positioner";
  $result=mysql_query($query);
  $num_rows=mysql_num_rows($result);
  $i=1;
  while($row=@mysql_fetch_assoc($result)){
    if($i!=$row['id']){ $pid=$i;break; } //take first available id
    $i++;
  }
  if($pid=='false'){ $pid=$num_rows+1; }  //if no hole in id list, take next one higher
  mysql_free_result($result);
}

$unLoader=$_GET['unLoader'];

if($unLoader=='true'){
  $ddb=dbq("DELETE FROM positioner WHERE id = '".$pid."' LIMIT 1;");
}else{

  $dbMi=$_GET['dbMi'];

  $mod0=$_GET['mod0'];
  $mod1=$_GET['mod1'];
  $mod2=$_GET['mod2'];

  $lla0=$_GET['lla0'];
  $lla1=$_GET['lla1'];
  $lla2=$_GET['lla2'];

  $rangeCheck=$_GET['rangeCheck'];
  $namely=addslashes($_GET['namely']);
  if($namely==''){ $namely='x'; }
  $message=addslashes($_GET['message']);

  $rangeCheck='true';
  //only check range every x number of ticks (50, ~3 seconds)?
  // , $rangeCheck is true first time
  if($rangeCheck=='true'){
    $ranger=array();
    //get lat lon of all for determining who is in range
    $query="SELECT id, lla0, lla1 FROM positioner WHERE id != '".$pid."' ";
    $result=mysql_query($query);

    //if distance < 10000, put id in ranger array
    while($row=@mysql_fetch_assoc($result)){
      //leave rangeCheck off for now
      //$di=dister($row['lla0'],$row['lla1'],$lla0,$lla1);
      //if($di<10000){
      $ranger[]=$row['id'];
    //}
    }
    mysql_free_result($result);
    if(count($ranger)==0){
      $rangerS=''; 
    }else{
      $rangerS=implode(",", $ranger);
    }

    //between rangeChecks get ranger array from js
  }else{
    $rangerS=$_GET['ranger'];  // $rangerS: string(for inserting) 
    $ranger=explode(",",$rangerS); // $ranger: array(for looping)
  }

  //insert new row first time
  if($inserter==1){
    $idb=dbq("INSERT positioner (id,mod0,mod1,mod2,lla0,lla1,lla2,ranger,namely,message,model) 
      VALUES ('".$pid."', '".$mod0."', '".$mod1."', '".$mod2."', '".$lla0."', '".$lla1."', '".$lla2."', '".$rangerS."', '".$namely."', '".$message."', '".$dbMi."');");

  }else{
    //update the database with current model data and result of range check
    $udb=dbq("UPDATE positioner SET mod0 = '".$mod0."', mod1 = '".$mod1."', mod2 = '".$mod2."', lla0 = '".$lla0."', lla1 = '".$lla1."', lla2 = '".$lla2."', ranger = '".$rangerS."', namely = '".$namely."', message = '".$message."', model = '".$dbMi."' WHERE id = '".$pid."' LIMIT 1;");
  }

  header("Content-type: text/xml");
  echo '<markers>';
  echo '<marker ranger="'.$rangerS.'" pid="'.$pid.'" />';

  //loop through a number of times equal to number of id's in ranger array
  foreach($ranger as $rang){
    $query="SELECT mod0, mod1, mod2, lla0, lla1, lla2, namely, message, model FROM positioner WHERE id = '".$rang."' ";
    $result=mysql_query($query);
    while ($row=@mysql_fetch_assoc($result)){

      echo '<marker mod0="'.$row['mod0'].'" />';       
      echo '<marker mod1="'.$row['mod1'].'" />'; 
      echo '<marker mod2="'.$row['mod2'].'" />'; 
      echo '<marker lla0="'.$row['lla0'].'" />';     
      echo '<marker lla1="'.$row['lla1'].'" />'; 
      echo '<marker lla2="'.$row['lla2'].'" />'; 
      echo '<marker namely="'.rawurlencode(stripslashes($row['namely'])).'" />';
      echo '<marker message="'.rawurlencode(stripslashes($row['message'])).'" />';
      echo '<marker dbMi="'.$row['model'].'" />';  
    }
  }

  echo '</markers>';

} //end if unLoader

//function for calculating distance between latlon pairs, for range check
/* not necessary for only a few visitors
function dister($lat1,$lon1,$lat2,$lon2){
  $R=6378100;
  $lat1*=pi()/180; 
  $lon1*=pi()/180;
  $lat2*=pi()/180; 
  $lon2*=pi()/180;
  $dLat=$lat2-$lat1;
  $dLon=$lon2-$lon1;
  $a=sin($dLat/2)*sin($dLat/2)
    +cos($lat1)*cos($lat2)*
    sin($dLon/2)*sin($dLon/2);
  $c=2*atan2(sqrt($a),sqrt(1-$a));
  $di=$R*$c;
  $di=round($di,6); 
  return $di;        
}
*/
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Some notes.

    • The “assign pid if have not already” block is tragic. You’re grabbing the entire contents of the table, and then row-by-row checking to see if you found the right one. The code blindly assumes that the row count is going to match the id column when picking what the next pid should be. The proper thing to do (for MySQL) would be using an auto-increment column so that you don’t need to worry about that mess.
    • Your DELETE FROM query contains an SQL Injection vulnerability. If pid is not the string 'false', it will never be validated. Someone can destroy the entire positioner table. How do you protect against it? Well…
    • You’re using addslashes. This isn’t a code smell, it’s a code stench. addslashes has never, ever at any time in the entire history of computing been the correct thing to use*. I think you’re looking for a real database escaping mechanism. Because you’re using the atrocious “mysql” interface, you want mysql_real_escape_string.
    • lla1 and lla2? Those are the best and most descriptive names for columns you could come up with? I’m going to assume those are latitude/longitude pairs.
    • Once again, you have SQL injection in that SELECT.
    • And in that INSERT, you are possibly blindly trusting $rangerS. SQL Injection ahoy!
    • And in the UPDATE.
    • I’d also like to rant briefly about string 'true' and string 'false', but those are coming from bad Javascript. Consider having them submitted as 1 and 0 instead. Also, please, please consider using a modern Javascript library like jQuery instead of rolling your own Ajax bits. It will save you time and stress.

    I think the core problem here is actually the initial pid check. I’m going to bet that you’re always getting a new or incorrect pid back from the table, because the id is unlikely to perfectly match the row count. Then you’re doing a blind no-error-check INSERT with the “new” pid, but if your indexes are designed properly, this will fail with a duplicate key error. Therefore, no updates. But this is just speculation. Other than the vulnerabilities here, I’m not sure I completely understand what’s happening, and I’m not spotting anything obviously incorrect.

    There’s another possible problem here. I’m going to assume that pid means player ID from the context. Your code is blindly trusting that the request is coming from the player that owns that pid, but anyone can just make a request here with any valid pid and make moves for people as a result. I’m not sure you intended that.

    * Okay, maybe someone found addslashes useful once or twice…

    • 0