Quote:
Originally Posted by BlueMelon
PHP Code:
if(params[0] == "Buy"){ temp.rate = Stocks.stock_price.(@params[1]); temp.amnt = params[2]; temp.price = amnt*rate; if(clientr.stockcash >= price){ clientr.stockcash -= price; clientr.stocks.(@int(random(1,9999999)))= {params[1], rate, amnt}; clientr.stockcash = clientr.stockcash.substring(0, clientr.stockcash.pos(".") + 3); } } if(params[0] == "Sell"){ temp.rate = Stocks.stock_price.(@params[1]); for(temp.i : getstringkeys("clientr.stocks.")){ temp.amnt = clientr.stocks.(@i)[2]; temp.price = amnt*rate; temp.checkname = clientr.stocks.(@i)[0]; if(checkname == params[1]){ temp.checkrate = clientr.stocks.(@i)[1]; if(checkrate.pos(params[2]) >= 0){ temp.checkquantity = clientr.stocks.(@i)[2]; if(checkquantity == params[3]){; if(clientr.stocks.(@i) == null) return; clientr.stocks.(@i) = null; clientr.stockcash += price; return; } } } } }
No validation? Huge security holes... What if params[1] or params[2] was negative?
clientr.stockcash -= -(price);
See where I'm going?
|
No validation?
It checks with the database NPC.
And I haven't thought about if stocks are that negative.
Generally people don't buy negative stocks..
And it does check if your money is greater than or equal to the stock you're buying.
And the priced is taken from the DB NPC.