Graal Forums

Graal Forums (https://forums.graalonline.com/forums/index.php)
-   Code Gallery (https://forums.graalonline.com/forums/forumdisplay.php?f=179)
-   -   Graal Stock Market (https://forums.graalonline.com/forums/showthread.php?t=134267716)

Gunderak 01-02-2013 03:12 PM
Graal Stock Market
 
2 Attachment(s)
Today I present you with a fully functional mini stock market.
Each player starts with $1,000 virtual cash (clientr.stockcash).
You can then purchase stocks (defined in the DBNPC "Stocks").
When the NYSE stock market is open, the stocks will update every second.
Whilst the NYSE market is closed players can still purchase stocks and sell, but won't make any profit or loss.
The configuration is pretty simple.
In the DBNPC "Stocks", just add the stock name and symbol to the array.
Then upload the weapon script and add it to whoever.
All code can be found in the attached file, Stocks.zip.
It's important the DBNPC is named "Stocks".
The code may not be the best way to do it all but it works and is fairly secure.
To purchase a stock, select it on the left and then change the quantity with the up/down buttons and click buy.
Selling, select it on the right hand side and click sell.

Edit:
v1.2
Updated code to provide live stock data when market is closed.
Fixed a few bugs.
Fixed a possible exploit.
v1.3
Added charts.

papajchris 01-02-2013 06:00 PM
Really cool. I think something like this would be a far better way to gamble than bet flipping on Era.

Hezzy002 01-02-2013 08:20 PM
Let me know when this goes live, I already found 3 exploits just looking through the code once-over. Can't wait to break your server.

BboyEatsbacon 01-02-2013 08:53 PM
Quote:
Originally Posted by Hezzy002 (Post 1711410)
Let me know when this goes live, I already found 3 exploits just looking through the code once-over. Can't wait to break your server.
Why not suggest ways to patch this rather than being a **** about it?

Hezzy002 01-02-2013 09:39 PM
because i dont like gunderak!!

BboyEatsbacon 01-03-2013 12:50 AM
Quote:
Originally Posted by Hezzy002 (Post 1711416)
because i dont like gunderak!!
Oh, proceed then.

Gunderak 01-03-2013 04:27 AM
Hezzy just **** off.
You're so cool, you'll hack virtual currency in a game.
And how do you suppose to hack it, it's all server side.
Might make even more checks just to piss you off.

Hezzy002 01-03-2013 04:29 AM
kiss me gunderak

Gunderak 01-03-2013 04:46 AM
Just piss off.
I coded it to be a bit of fun.
Not for people like yourself to just offer negativity towards it.
If you have something useful to say, feel free. Otherwise, go crawl back under that rock of yours.

Tricxta 01-03-2013 05:56 AM
You know... it'd be "way cool" if you made your own independent system and base stocks off in game businesses. Then determine stock price via items sold each day or whatever, amount of stocks available and demand for that stock.

Also I notice you don't have divdends implemented, always room for an update!

Gunderak 01-03-2013 06:01 AM
I was considering making my own stocks, I did to some degree, But it failed.
And basing it off items wouldn't really work, seeming you'd have to code it in your self.
So it would work for one server only really.
And dividends, eh, I mean I suppose you could make it pay out every hour of online time or something, I don't know. Can't really make it annually lol.

Gunderak 01-03-2013 06:03 AM
This was my initial attempt at making fake stocks.
Instead of having to wait t'ill the real stock market is open.
PHP Code:
function onCreated(){
  onTimeout();
  this.stocks = {
    {"Graalordinates", -212},
    {"PlayerKillCo", -53},
    {"UnixmadBreadFund", -710},
    {"BrokeLenders", -613},
    {"Gold", -123},
    {"Silver", -0.512},
    {"Oil", -2.615},
    {"Facebook", -418},
    {"Google", -314},
    {"Yahoo", -211},
  };
}
function onTimeout(){
  for(0this.stocks.size(); ++){
    temp.stock this.stocks[i][0];
    temp.min this.stocks[i][1];
    temp.max this.stocks[i][2];
    temp.amnt random(minmax);
    if(this.stock_price.(@stock) < amnt){
      this.stock_price.(@stock) += random(0.010.02);
    }
    if(this.stock_price.(@stock) > amnt){
      this.stock_price.(@stock) -= random(0.010.02);
    }
    temp.min this.stock_price.(@stock) < 0;
    this.stock_price.(@stock) = this.stock_price.(@stock[0]).substring(0, (min?5:4));
  }
  settimer(5);

BlueMelon 01-03-2013 04:59 PM
PHP Code:
  if(params[0] == "Buy"){
    temp.rate Stocks.stock_price.(@params[1]);
    temp.amnt params[2];
    temp.price amnt*rate;
    if(clientr.stockcash >= price){
      clientr.stockcash -= price;
      clientr.stocks.(@int(random(1,9999999)))= {params[1], rateamnt};
      clientr.stockcash clientr.stockcash.substring(0clientr.stockcash.pos(".") + 3);
    }
  }
  if(params[0] == "Sell"){
    temp.rate Stocks.stock_price.(@params[1]);
    for(temp.getstringkeys("clientr.stocks.")){
      temp.amnt clientr.stocks.(@i)[2];
      temp.price amnt*rate;
      temp.checkname clientr.stocks.(@i)[0];
      if(checkname == params[1]){
        temp.checkrate clientr.stocks.(@i)[1];
        if(checkrate.pos(params[2]) >= 0){
          temp.checkquantity clientr.stocks.(@i)[2];
          if(checkquantity == params[3]){;
            if(clientr.stocks.(@i) == null) return;
            clientr.stocks.(@i) = null;
            clientr.stockcash += price;
            return;
          }
        }
      }
    }
  } 
No validation? Huge security holes... What if params[1] or params[2] was negative?
clientr.stockcash -= -(price);

See where I'm going?

Hezzy002 01-03-2013 05:26 PM
not only that but stocks are stupid

James 01-03-2013 05:28 PM
lol ^

ff7chocoboknight 01-03-2013 06:09 PM
Dsider trollin' the nerds. lol

Gunderak 01-03-2013 11:07 PM
Quote:
Originally Posted by BlueMelon (Post 1711462)
PHP Code:
  if(params[0] == "Buy"){
    temp.rate Stocks.stock_price.(@params[1]);
    temp.amnt params[2];
    temp.price amnt*rate;
    if(clientr.stockcash >= price){
      clientr.stockcash -= price;
      clientr.stocks.(@int(random(1,9999999)))= {params[1], rateamnt};
      clientr.stockcash clientr.stockcash.substring(0clientr.stockcash.pos(".") + 3);
    }
  }
  if(params[0] == "Sell"){
    temp.rate Stocks.stock_price.(@params[1]);
    for(temp.getstringkeys("clientr.stocks.")){
      temp.amnt clientr.stocks.(@i)[2];
      temp.price amnt*rate;
      temp.checkname clientr.stocks.(@i)[0];
      if(checkname == params[1]){
        temp.checkrate clientr.stocks.(@i)[1];
        if(checkrate.pos(params[2]) >= 0){
          temp.checkquantity clientr.stocks.(@i)[2];
          if(checkquantity == params[3]){;
            if(clientr.stocks.(@i) == null) return;
            clientr.stocks.(@i) = null;
            clientr.stockcash += price;
            return;
          }
        }
      }
    }
  } 
No validation? Huge security holes... What if params[1] or params[2] was negative?
clientr.stockcash -= -(price);

See where I'm going?
No validation?
It checks with the database NPC.
And I haven't thought about if stocks are that negative.
Generally people don't buy negative stocks..
And it does check if your money is greater than or equal to the stock you're buying.
And the priced is taken from the DB NPC.

BlueMelon 01-03-2013 11:58 PM
Validation as in, are you getting the right input? What if the triggers value (from clientside) was modified to send a negative value in the trigger? (Happened on era, that's why I'm saying this)

DustyPorViva 01-04-2013 12:03 AM
Checking for things like negative input is something you really need to get into a habit of doing. That kind of **** is what will let a player walk away from a bank with a free million dollars/gralats.

smirt362 01-04-2013 12:38 AM
Quote:
Originally Posted by DustyPorViva (Post 1711506)
Checking for things like negative input is something you really need to get into a habit of doing. That kind of **** is what will let a player walk away from a bank with a free million dollars/gralats.
Delteria's banking system was like this

Hezzy002 01-04-2013 01:02 AM
Quote:
Originally Posted by Gunderak (Post 1711500)
No validation?
It checks with the database NPC.
And I haven't thought about if stocks are that negative.
Generally people don't buy negative stocks..
And it does check if your money is greater than or equal to the stock you're buying.
And the priced is taken from the DB NPC.
-rep for being retarded

Gunderak 01-04-2013 03:16 AM
The value can't be negative. As you can't buy - stocks.
I'll add an extra check anyway..

xXziroXx 01-04-2013 03:50 AM
Quote:
Originally Posted by Gunderak (Post 1711515)
The value can't be negative. As you can't buy - stocks.
I'll add an extra check anyway..
You have t o realize that any clientsided code can be altered with various memory editors and whatnot, thus, anyone with the knowledge and enough free time on their hands can modify the trigger and send a negative value with it. ALWAYS make sure things are as they should be on clientside AND serverside.

BlueMelon 01-04-2013 03:51 AM
Quote:
Originally Posted by Gunderak (Post 1711515)
The value can't be negative. As you can't buy - stocks.
I'll add an extra check anyway..
Since you are sending the values FROM client-side, TO server-side, they can be edited before sending the values. The trigger params can be edited by anyone who knows how. Always do serverside validation, making sure you have the correct values...


All times are GMT +2. The time now is 11:04 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.