DragonPrime - LoGD Resource Community
Welcome Guest
  • Good morning, Guest.
    Please log in, or register.
  • January 19, 2018, 05:07:49 AM
Home Forums News Downloads Login Register Advanced Search
* * *
DragonPrime Menu
Login
 
 
Resource Pages
Search

Pages: [1] 2   Go Down
  Print  
Author Topic: [bug] Infinite doubling of gold through pvp.  (Read 7522 times)
0 Members and 1 Guest are viewing this topic.
Peanut_Butter_Wolf
Guest
« on: March 10, 2004, 10:30:32 PM »

Stumbled onto a fairly big bug that could be abused on any server. I posted it on sourceforge, but failed to recieve a reply. Maybe you guys could help me brainstorm for a way to squash it.

What happens is: Player A puts all of his gold onhand and logs out, while player  B pvps him. Just as player B is about to win, player A logs back in and banks his gold. And they both wind up with the cash. Then they switch and repeat, doubling each of their gold each pvp.

I have a few thoughts of my own on how to solve this but they arent the greatest. Thought i'd ask here as well Wink

Thanks guys,

- pbw
Logged
lonnyl
Guest
« Reply #1 on: March 11, 2004, 05:27:56 AM »

Maybe a db field for someone who is currently being attacked and a hold page at login that holds them there until the battle is over.... or even better a flag on the nav for deposit and withdrawl that if the inbattle field is false or  ==0 the navs show up.....   propably the best solution is the flag on the deposit and/and or withdrawl button.... or how about a check in the pvp file that checks and if gold in hand is 0 after the battle it takes the money from the bank.  So many possibilities.
Logged
strider
Guest
« Reply #2 on: March 11, 2004, 10:13:48 AM »

I ran across this one several and another problem several times. I've talked with JT and MightE about here. . . here's the fix that we came up with but it still seems a bit buggy to me. . . Take a look and tell me if it helps. Lets see where we can go from here.


Quote
Ok, I have a solution to this coded up.


From:
Subject: You were successful in The Fields
Sent: 2004-01-23 21:05:45

Marquis  MightyE attacked you in The Fields, but you were victorious!

You would have received 25 experience and 0 gold, however it seems you lost it all while fighting the dragon!

The code goes in to pvp.php where you replace these four lines:
                systemmail($badguy[acctid],"`2You were successful in $killedin`2","`^".$session[user][name]."`2 attacked you in $killedin`2, but you were victorious!`n`nAs a result, you received `^".round($session[user][experience]*getsetting("pvpdefgain",10)/100,0)."`2 experience and `^".$session[user][gold]."`2 gold!`0");
                addnews("`%".$session[user][name]."`5 has been slain when ".($session[user][sex]?"she":"he")." attacked $badguy[creaturename] in $killedin`5.`n$taunt");
                $sql = "UPDATE accounts SET gold=gold+".(int)$session[user][gold].", experience=experience+".round($session[user][experience]*getsetting("pvpdefgain",10)/100,0)." WHERE acctid=".(int)$badguy[acctid]."";
                db_query($sql);

which are found under if ($defeat){

with these lines:
            if ($row['level'] < $badguy['creaturelevel']){
                //if the player has leveled DOWN some how from when we started attacking them, let's assume they DK'd, and these rewards are way too rich for them.
                output("`cThis player has leveled down!!!`c");
                systemmail($badguy[acctid],"`2You were successful in $killedin`2","`^".$session[user][name]."`2 attacked you in $killedin`2, but you were victorious!`n`nYou would have received `^".round($session[user][experience]*getsetting("pvpdefgain",10)/100,0)."`2 experience and `^".$session[user][gold]."`2 gold, `\$however it seems you lost it all while fighting the dragon!`0");
                addnews("`%".$session[user][name]."`5 has been slain when ".($session[user][sex]?"she":"he")." attacked $badguy[creaturename] in $killedin`5.`n$taunt");
            }else{
                systemmail($badguy[acctid],"`2You were successful in $killedin`2","`^".$session[user][name]."`2 attacked you in $killedin`2, but you were victorious!`n`nAs a result, you received `^".round($session[user][experience]*getsetting("pvpdefgain",10)/100,0)."`2 experience and `^".$session[user][gold]."`2 gold!`0");
                addnews("`%".$session[user][name]."`5 has been slain when ".($session[user][sex]?"she":"he")." attacked $badguy[creaturename] in $killedin`5.`n$taunt");
                $sql = "UPDATE accounts SET gold=gold+".(int)$session[user][gold].", experience=experience+".round($session[user][experience]*getsetting("pvpdefgain",10)/100,0)." WHERE acctid=".(int)$badguy[acctid]."";
                db_query($sql);
            }

What this does is give the attackee, who would have received more money and exp than is good for them 0 gold and 0 exp, and explain it in an almost roleplay way.  Indeed, this makes sense, since ideally the player would have had to fight their attacker before they encountered the dragon, and would not have been able to take on both the dragon and another player at the same time.

JT, I'll be chucking this on CVS, but I figured Strider would like to be able to throw the code in to his files.

-e

S t r i d e r ( sypher art ) wrote:

On my server, you can buy turns, but they got to level 8 from the  auto-challange immediately after the higher level character suicided on  them. One master after another challenged. Then they finished to a DK  by purchasing turns, (which is something that's about to get limited).

It seems they've already tried it on a couple of other servers, making  the ability to jump up to Level 8 on just about all of them.

Maybe in the badguy array, we should nullify the fight if the level is  different (ie from 15 to 1). Since this cheat requires the attacker to  suicide themselves on the other player (probably also sold all their  weapons for Level 1 weapons aside from weakening themselves in the  forest), let them suicide but remove the benefit to the defender for  winning. So in effect, they gain nothing and their comrade is, as they  wanted to be, dead.

-strider

On Friday, January 23, 2004, at 05:41  PM, MightyE wrote:

Hmm, this sounds possible.  It does require a high DK player to  suicide on a low DK player (which I guess they do by hurting  themselves in the forest).  I'm not sure how they get level 8 straight  away, the first time they hit the village, they'll be challenged by  their master, unless auto-challenge is off.  If the high DK player had  a bunch of gold going in to the fight, they'll dump it all on the  newly low level player, and this'll let them gear up easy.
It sounds like Strider's server lets you purchase new game days for  gold, so with all this gold, you can get a bunch of turns.

The solution is to store the level of the player you're attacking in  the badguy array, and check at victory to see if it's lower than you  started, and if so, alter the reward (maybe also giving back a pvp  fight and giving 0 exp 0 gold).

-e

JT wrote:

Hrmmmm. Thoughts?  Unfortunately we have no way to really check this  other than storing off the pvp defenders DK before and after the  fight and not rewarding if they differ.

- --JT

- --  [--------------------------------------------------------------------- ----]
[ Practice random kindness and senseless acts of beauty.                   ]
[ It's hard to seize the day when you must first grapple with the  morning ]
[--------------------------------------------------------------------- ----]

- ---------- Forwarded message ----------
Date: Wed, 23 Jan 2002 15:45:41 -0800
From: S t r i d e r
To: JT
Subject: Wierd DK Ability

Heya JT, I've had my users come up with a way to make a Dragon Kill  in one day that smells like a very fishy flaw. Lucky for me, they all  started to report it the day they discovered it, but I wanted to  bring it to your attention. Perhaps forward it to Eric as well and  let me know your thoughts on it... It's described below.

LUN = 42 DK player
ElE = 20 DK player

"LUN suggested this in order for me to obtain my 1 day dk and to  report it to you along with his suggestion for preventing it.  i was  able to do a 1 day dk due to being pvp'd during the time i was making  the dk.
basically, elessa went to the fields, LUN initiated pvp but didn't  follow through.  elessa logs back in and makes a dk.  LUN then  completes the pvp suicide which gave elessa enough exp to make level  8 automatically and he gave me gold which enabled me to purchase 100  turns.  i chose my fights carefully up to level 12, then i was  suicided on by others to provide the boost to level 15.
the way to prevent this again is if a player DKs while another player  is in PvP with them, the attacking player gets an automatic victory  with 0 gold and 0 EXP to show for it.
therefore, no gems were sold to provide gold to purchase equipment or  turns."

Any thoughts?
- -Strider

Logged
Elessa
Faerie
Mod God
*****
Offline Offline

Posts: 3598


short, sweet and to the point


View Profile
« Reply #3 on: March 11, 2004, 10:37:58 AM »

helps that ye have honest players on thy site, lord strider, does it not?

the bug that remains after the fix implemented from luine and i reporting the means of obtaining a 1 day dk is that it penalizes any level player who successfully defends themselves in pvp combat.  no one regardless of level obtains any experience points or gold for winning the pvp initiated by another.  this is especially unfair to the lower ranked players who struggle to make their way up.  to login and see that you have been successful but receive no reward in points is rather disheartening.

the fix needs to be directed towards level 15 players who are in a position to perform the dk, thus preventing the 1 day action.
Logged

Uuma ma ten rashwe, ta tuluva a lle

Play the latest beta version here on LoGD DragonPrime - Axebridge
MightyE
Global Moderator
Captain of the Guard
*****
Offline Offline

Posts: 104


Game Creator MIGHTYE


View Profile
« Reply #4 on: March 11, 2004, 01:15:33 PM »

Currently, we're giving you the lesser of how much gold the user has when the fight is finished, and how much gold the user had when the fight started.  I don't recall when this got added in.  

You can add this in for yourself if you don't have it under the $victory section of pvp.php :

        $sql = "SELECT gold FROM accounts WHERE acctid='".(int)$badguy['acctid']."'";
        $result = db_query($sql);
        $row = db_fetch_assoc($result);
        $badguy['creaturegold']=((int)$row['gold']>(int)$badguy['creaturegold']?(int)$badguy['creaturegold']:(int)$row['gold']);

Just chuck that in before the $mailmessage = line, and this 'sploit poofs.
Logged
Peanut_Butter_Wolf
Guest
« Reply #5 on: March 11, 2004, 01:47:37 PM »

I actually already had those couple of lines in pvp.php.

I just tried pasting your suggestion anyways MightyE to be sure, and the player challenging still won my banked gold while I kept it.

- pbw

Logged
strider
Guest
« Reply #6 on: March 11, 2004, 11:09:52 PM »

I still haven't found a satisfactory solution to this problem. Right now I have a lot of it disabled until I do.

Logged
Peanut_Butter_Wolf
Guest
« Reply #7 on: March 11, 2004, 11:14:54 PM »

Same, my server is fairly pvp heavy.. as i've added ranking based on it, but for now i've set it to only two per day.

One idea i was thinking of, which is just a temporary one till we come up with better; is to allow negative gold. So if they bank while being pvp'ed, it's still taken from them.

Or possibly something like what you posted regarding dks strider. Where if the gold is less than what they say, then the winner would win nothing. Not the most fair, but again.. a temporary solution till we brainstorm something better.
Logged
strider
Guest
« Reply #8 on: March 11, 2004, 11:23:53 PM »

That's pretty much the only solution I have so far. What we need is a way to check durng the fight if the "offline" condition of the player changes, but this is not going to be possible as this all static PHP. All the people have to do is tell each other when they're on or off, then not make a move until the other is finished with their battle.

::thinks::

Hmmm... there's an idea.
Maybe we can make a flag that turns on when a character is "engaged" then disallow them to deposit into the bank while "engaged"

We'll also have to have the attacking party linked somehow and when they time out, that "engaged" flag has to go away or else the victim will never be allowed to use the bank.

The problem with this idea is it makes a very nasty exploit to attack others, then never make a move, therefore preventing them from being able to use the bank.
Logged
Peanut_Butter_Wolf
Guest
« Reply #9 on: March 11, 2004, 11:35:28 PM »

hmm.. I like that idea, add a field in accounts.. that when you're pvp'ed gets set to 1, which disallows bank usage. Then when the battle is over it gets set to 0. Simple to do, though as you said strider, could be only swapping one exploit for another.

Though the person stalling couldn't really sit in the fight all that long without either making a move every so oft or timing out. I'd say the latter exploit is much less dangerous than the infinite doubling of gold.

It's better than the other ideas we had anyways.
Logged
lonnyl
Guest
« Reply #10 on: March 12, 2004, 05:51:01 AM »

or a re-read of the attackee's gold after the fight.... to set the gold that the attacker gets..... this was if gold is deposited.... no gold is won..... or a re-read of gold after the fight and if it is less than it began... take the gold from the attackee's bank account.  
Logged
strider
Guest
« Reply #11 on: March 12, 2004, 06:40:01 PM »

hmm.. I like that idea, add a field in accounts.. that when you're pvp'ed gets set to 1, which disallows bank usage. Then when the battle is over it gets set to 0. Simple to do, though as you said strider, could be only swapping one exploit for another.

Though the person stalling couldn't really sit in the fight all that long without either making a move every so oft or timing out. I'd say the latter exploit is much less dangerous than the infinite doubling of gold.

It's better than the other ideas we had anyways.

I'll agree that it's the lessor of two evils. . . As for the checking of gold. . . how do you answer for the legit swaping of gold and how do you compare it to [badguy][gold]?

Logged
Peanut_Butter_Wolf
Guest
« Reply #12 on: March 12, 2004, 07:09:16 PM »

I've been messing around with it a bunch today.. Still failing to come up with a solution i'm happy with however. =P

Regarding adding a field to accounts table, if that's the best we can do for the time being.. We wont need to check badguy gold at all, simply add a value of 1 to the field when pvp begins, and when mail is sent at end of the battle have it set back to zero.
Then just have an if statement in bank.php if  field > 0 a little output displays showing why they cant bank for the time being.

Having a rough time coming up with something better, but if all else fails we can just add that in. I'll upload it tonight for people if we dont figure out something else.

-pbw
« Last Edit: March 12, 2004, 07:13:25 PM by Peanut_Butter_Wolf » Logged
Peanut_Butter_Wolf
Guest
« Reply #13 on: March 12, 2004, 09:39:48 PM »

I have an -okay- setup now, decided to give up for now on the more practical solution =P

Did the bank, the db and removing the field entry after battle. I  just need to figure out the best spot to add the entry to badguy account field. So that it is added immediately when the fight begins, with no room for abuse.

Also, would you say this is proper syntax to use for adding?

Quote
$sql = "UPDATE accounts SET nobank=1 WHERE acctid='".(int)$badguy['acctid']."'";

Logged
Kendaer
Guest
« Reply #14 on: March 13, 2004, 11:05:38 AM »

I'll agree that it's the lessor of two evils. . . As for the checking of gold. . . how do you answer for the legit swaping of gold and how do you compare it to [badguy][gold]?



You do realize that under your proposal here that I could VERY easily start a fight with someone and then close the browser and thus lock them out of the bank until I happened to come back even though I time out, etc since the fight never 'finishes' and I will resume it (due to the way the code works) when I next log in?

This is a very bad idea.  I believe that this bug is actually smashed in 0.9.8 btw due to changes we've made there but I haven't had time to actually test it and verify it.  If either of you two would like to do so, please pop onto logd-beta.dragoncat.net and see if you can trigger it.  logd-beta is my private beta server where I can try things out before inflicting them on my players so you can feel free to mess around there.. It has infinite new days to make it easier for players to try out numerous things quickly.
Logged
Pages: [1] 2   Go Up
  Print  
 
Jump to:  


*
DragonPrime Notices
Play LoGD on Dragonprime

Support Us
No funds raised yet this year
Your help is greatly appreciated!
Recent Topics
DragonPrime LoGD
Who's Online
31 Guests, 1 User
CheloXL
Home Forums News Downloads Login Register Advanced Search