Dragonfly CMS v9 ⇒ Gamers Modules & Blocks :: Archives ⇒ eq2 fuel cost calculater :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum Index Modules & Blocks Gamers Modules & Blocks ⇒ Archives

Archived ⇒ eq2 fuel cost calculater


I an an officer for an eq2 guild and if someone needs something crafted, we charge only the fuel (if its rare, they supply the rare). It can be a pain sometimes for the new players to determine how much that fuel cost is so i am developing a simple calculator that they can just go to the guild website and use a simple module to with dropdown menus to figure out the cost.

now the question : would other people be interested in this , if so i can throw it on the forum or the downloads section of dragonfly for others to use for thier guild.

Hereis the code i have so far, it works but the blocks dont want to behave
<?php if (!defined('CPG_NUKE')) { die('You do not have permission to access this file'); } $pagetitle .= 'Crafting'; require_once('header.php'); OpenTable(); <center>Sage </br> <form action="index.php?name=Crafting" method="post"> Level of item : <select name="sage_level"> <option value="48">10 - 19</option> <option value="288">20 - 29</option> <option value="1536">30 - 39</option> <option value="9216">40 - 49</option> <option value="18432">50 - 59</option> <option value="34560">60 - 69</option> <option value="50000">70 - 79</option> </select><br/> Number if items: <select name="sage_number"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> </select><br/> Do these items use a rare component: <select name="sage_rare"> <option value="2">Yes</option> <option value="1">No</option> </select><br/> <input type="submit" name="submit" value="Calculate!"/> </form> <br/> $cost = $_POST['sage_rare'] * ( $_POST['sage_level'] * $_POST['sage_number'] ); if( strlen( $cost ) < 8 ) $cost = str_pad( $cost, 8, '0', STR_PAD_LEFT ); $copper = substr( $cost, -2 ); $silver = substr( $cost, -4, 2 ); $gold = substr( $cost, -6, 2 ); $platinum = substr( $cost, -8, 2 ); if( $copper == '00' ) $copper = ""; else $copper = ltrim( $copper, '0' ) . " copper "; if( $silver == '00' ) $silver = ""; else $silver = ltrim( $silver, '0' ) . " silver "; if( $gold == '00' ) $gold = ""; else $gold = ltrim( $gold, '0' ) . " gold "; if( $platinum == '00' ) $platinum = ""; else $platinum = ltrim( $platinum, '0' ) . " platinum "; $cost = $platinum . $gold . $silver . $copper; if(isset($_POST['sage_level'])) print( "It will cost <b>$cost</b> for ". $_POST['sage_number'] ." spell(s) from our local guild sage" ); </p> </center> CloseTable();

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
5.1.1, 9.2.1


Keep in mind, there is no sanitization of variables ($cost,$copper, etc) so this could be exploited.

You make a bad assumption that the form can 'only' pass certain variables, without 'checking' that those variables are actually contained.

J.
j e r u v y a t y a h o o d o t c o m

Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}


Jeruvy wrote
Keep in mind, there is no sanitization of variables ($cost,$copper, etc) so this could be exploited.


I can't think of a useful exploit in this particular case (the only possible thing I could think of is some sort of hypothetical overflow flaw in PHP itself that occurs when doing an implicit cast from string to integer), but in principle I'm in agreement with Jeruvy - not validating inputs is bad practice, and you don't want to get into that habit no matter how small the risk may seem.

It occurs to me that there's really no need for PHP processing here though, and you could easily re-write this in say, JavaScript (ugh, I know), pop this into a block, and have it do the cost calculations all client-side (no page reloads). It'd make it much more versatile.

It is pitch black. You are likely to be eaten by a grue.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu 12.04, Atom D525/Apache 2.2.22/MySQL 5.5.38/PHP 5.3.10/Dragonfly 9.4.0.0 CVS

All times are UTC