View Single Post
  #17  
Old 01-03-2013, 11:07 PM
Gunderak Gunderak is offline
Coder
Gunderak's Avatar
Join Date: Jun 2011
Location: Australia
Posts: 795
Gunderak is on a distinguished road
Send a message via Skype™ to Gunderak
Quote:
Originally Posted by BlueMelon View Post
Graal Script Code:
  if(params[0] == "Buy"){
    
temp.rate Stocks.stock_price.(@params[1]);
    
temp.amnt params[2];
    
temp.price amnt*rate;
    if(
clientr.stockcash >= price){
      
clientr.stockcash -= price;
      
clientr.stocks.(@int(random(1,9999999)))= {params[1], rateamnt};
      
clientr.stockcash clientr.stockcash.substring(0clientr.stockcash.pos(".") + 3);
    }
  }
  if(
params[0] == "Sell"){
    
temp.rate Stocks.stock_price.(@params[1]);
    for(
temp.getstringkeys("clientr.stocks.")){
      
temp.amnt clientr.stocks.(@i)[2];
      
temp.price amnt*rate;
      
temp.checkname clientr.stocks.(@i)[0];
      if(
checkname == params[1]){
        
temp.checkrate clientr.stocks.(@i)[1];
        if(
checkrate.pos(params[2]) >= 0){
          
temp.checkquantity clientr.stocks.(@i)[2];
          if(
checkquantity == params[3]){;
            if(
clientr.stocks.(@i) == null) return;
            
clientr.stocks.(@i) = null;
            
clientr.stockcash += price;
            return;
          }
        }
      }
    }
  } 
No validation? Huge security holes... What if params[1] or params[2] was negative?
clientr.stockcash -= -(price);

See where I'm going?
No validation?
It checks with the database NPC.
And I haven't thought about if stocks are that negative.
Generally people don't buy negative stocks..
And it does check if your money is greater than or equal to the stock you're buying.
And the priced is taken from the DB NPC.
__________________

Gund for president.

Remote PM {P*}x (Graal813044) from eraiphone -> Stefan: I hav 1 qustion
*Gunderak: he hav 1
*Gunderak: qustion

Last edited by Gunderak; 01-03-2013 at 11:41 PM..
Reply With Quote