我的网站是这样的: 用户的余额存储在名为currency的列下的数据库中。他赚取足够的钱后赚取货币,然后转到另一页获取账户以换取这些货币。我设置了所有东西,但是一小时后我就烦恼了。如果用户有足够的货币并且他检索了一个帐户,他可以刷新并检索另一个帐户,即使他没有足够的货币我的系统仍然在火狐上给他他的帐户但不在Chrome上(有浏览器我到目前为止已经测试过)我用session,ajax和php来处理交付,这里是代码: 1.在下面的文件中:我检查用户有多少货币并分配一个能力会话,然后在检索帐户时进行检查。用户可以获得货币金额为250或1000或2500的账户,我正在检查他可以在账户中拥有多少货币:
<?php session_start();
unset($_SESSION["ability"]);
$unames = $_SESSION['username'];
$link = mysql_connect( "localhost", "database-username", "database-password");
mysql_select_db("database-name", $link);
$currencyquery = mysql_query("SELECT currency FROM users WHERE username = '$unames'", $link);
while ($row = mysql_fetch_array($currencyquery)) {
$currencyamount = $row['currency'];
}
if ($currencyamount<250){
$_SESSION["ability"]= 'zero';
echo $_SESSION["ability"];
}
elseif ($currencyamount<1000) {
$_SESSION["ability"]= 'one';
echo $_SESSION["ability"];
}
elseif ($currencyamount<2500) {
$_SESSION["ability"]= 'two';
echo $_SESSION["ability"];
}
else {
$_SESSION["ability"]= 'three';
echo $_SESSION["ability"];
}
?>
然后我有jquery文件监听这个php文件,因为它的echos,如果用户有1的能力允许他获得250个货币的账户,如果他有2:1000货币的能力,如果他有3:2500货币的能力。如果他有能力0,他在尝试时不会获得任何帐户,它会提醒他刷新,如果他试图获得两个或更多帐户而不刷新(这是因为我想在页面加载时取消设置会话然后再设置它们,因为能力可能会改变)该脚本还会删除用户从数据库中获得的每个帐户。
$(document).ready(function () {
var ability = 'zero';
var click = 0;
$.ajax({url: "ability.php"}).done(function( html ) {
ability = html
});
$('#currency2500').click(function(){
if (click==0){
if (ability != 'zero') {
function show_account() {
$.ajax({
type: "POST",
url: "select1.php",
data:{action:"showroom"},
success: function (data) {
$('#accountinfo').html(data);
}
});
}
show_account();
click = click + 1;
}
} else if(ability == 'zero') {
alert("You dont have the required amount of currencies.");
} else {
alert('Refresh the page');
}
});
$('#currency250').click(function(){
if(click==0){
if (ability != 'zero') {
var id=$(this).data("id3");
$.ajax({
url:"delete1.php",
method:"POST",
data:{id:id},
dataType:"text",
success:function(data){
show_account();
}
});
}
} else if(ability == 'zero') {
alert("You dont have the required amount of currencies.");
}
});
$('#currency1000').click(function(){
if(click==0){
if (ability != 'zero' && ability != 'one') {
function show_account() {
$.ajax({
type: "POST",
url: "select2.php",
data:{action:"showroom"},
success: function (data) {
$('#accountinfo').html(data);
}
});
}
show_account();
click = click + 1;
}
} else if(ability == "zero" || ability == "one") {
alert("You dont have the required amount of currencies.");
} else {
alert('Refresh the page');
}
});
$('#currency1000').click(function(){
if(click==0){
if (ability != 'zero' && ability != 'one') {
var id=$(this).data("id3");
$.ajax({
url:"delete2.php",
method:"POST",
data:{id:id},
dataType:"text",
success:function(data){
show_account();
}
});
}
} else if(ability == "zero" || ability == "one") {
alert("You dont have the required amount of currencies.");
}
});
$('#currency2500').click(function(){
if(click==0){
if (ability == 'three'){
function show_account() {
$.ajax({
type: "POST",
url: "select3.php",
data:{action:"showroom"},
success: function (data) {
$('#accountinfo').html(data);
}
});
}
show_account();
click = click + 1;
}
} else if(ability != 'three') {
alert("You dont have the required amount of currencies.");
} else {
alert('Refresh the page');
}
});
$('#currency2500').click(function(){
if(click==0){
if (ability == 'three'){
var id=$(this).data("id3");
$.ajax({
url:"delete3.php",
method:"POST",
data:{id:id},
dataType:"text",
success:function(data){
show_account();
}
});
}
} else if(ability != 'three') {
alert("You dont have the required amount of currencies.");
}
});
});
这是用于向用户提供250种货币的帐户的php文件,还有1000,2500的相同值,只更改了250。如果它被jquery调用:
<?php
session_start();
$link = mysqli_connect( 'localhost', 'database-username', 'database-password', 'database' );
$action=$_POST["action"];
if($action=="showroom") {
$query="SELECT * FROM tablename LIMIT 1";
$show = mysqli_query($link, $query) or die("Error");
echo "<p id='paragraph' style='font-size:22px;font-weight: bold;'>Here is your 250 currencies account:</p>";
echo "<table style='position:relative;bottom:30px;' border='2px'><tr><td>Email</td><td>id</td></tr>";
while ($row = mysqli_fetch_array($show)) {
echo "<tr><td>" . $row['email'] . "</td><td>" . $row['id'] . "</td></tr>";
}
echo "</table>";
$unames = $_SESSION['username'];
$query2 = "UPDATE users SET currency=currency-250 WHERE username='$unames'";
$update = mysqli_query($link, $query2);
$link = mysql_connect( "localhost", "database-username", "database-password");
mysql_select_db("database", $link);
$currencyquery = mysql_query("SELECT currency FROM users WHERE username = '$unames'", $link);
while ($row = mysql_fetch_array($currencyquery)) {
$currencyvalue = $row['currency'];
}
unset($_SESSION['currencynumber']);
$_SESSION["currencynumber"]=strval($currencyvalue);
}
&GT;
然后是用户进入的页面:(只有一部分来自)
<?PHP
session_start();
if( !isset($_SESSION['username']) ) {
header ("Location: login.html");
}
<div id="accountinfo"></div>
<input type="button" id="currency2500" value="Get 2500 currencies" />
<input type="button" id="currency1000" value="Get 1000 currencies" />
<input type="button" id="currency250" value="Get 250 currencies" />
所以:如果使用firefox:我可以刷新2-4次,直到我再也无法获得帐户,获得这些帐户后我的余额将为负数。也许有一种方法,如果余额变为负数取消操作并且不向用户显示任何内容?或者如何解决?我正在使用会话来跟踪。