Dual Authentication

A

admin

Administrator
Staff member
I have a website that is an online league for Madden 2002. I set up a script to report games, which the winner of the game does. The problem is that anyone can report a game without even being played. So I would need some sort of dual authentication where the winner reports the game and the loser authenticates it.

The problem with this method is that if the loser is a poor sport and doesn't authenticate the game played, then the game doesn't get reported.

So I need something SIMPLE to authenticate the game....

any suggestions?

Here is the script:

<?php
require('variables.php');
require('variablesdb.php');
require('meta.php');
require('header.php');
require('leftmenu.php');
require('main1.php');
?>
<p align="right" class="text"><font size="3">Report</font></p>
<p align="left" class="text">
<?php

$date = date("M d, Y");

if ($submit) {
$db = mysql_connect($databaseserver, $databaseuser, $databasepass);
mysql_select_db($databasename,$db);
if ($report == "winner") {
$reportname = "$winnername";
}
else {
$reportname = "$losername";
}
$sql="SELECT * FROM $playerstable WHERE name = '$reportname'";
$result=mysql_query($sql,$db);
$row = mysql_fetch_array($result);
$name = $row["name"];
$passworddb = $row["passworddb"];

if ($passworddb == "$passworduser") {

$db = mysql_connect($databaseserver, $databaseuser, $databasepass);
mysql_select_db($databasename,$db);
$sql="SELECT * FROM $gamestable WHERE winner = '$winnername' and loser = '$losername' and date = '$date'";
$result=mysql_query($sql,$db);
$oneway = mysql_num_rows($result);
$db = mysql_connect($databaseserver, $databaseuser, $databasepass);
mysql_select_db($databasename,$db);
$sql="SELECT * FROM $gamestable WHERE winner = '$losername' and loser = '$winnername' and date = '$date'";
$result=mysql_query($sql,$db);
$otherway = mysql_num_rows($result);
$num = $oneway + $otherway;
if ($num < $gamesmaxday) {
if ($winnername == $losername) {
echo "You can't play against yourself";
}
else {
// process form
$db = mysql_connect($databaseserver, $databaseuser, $databasepass);
mysql_select_db($databasename,$db);

$sql = "UPDATE $playerstable SET wins = wins, losses= losses + 1, totalwins = totalwins, totallosses= totallosses + 1, points = points + $pointsloss, totalpoints = totalpoints + $pointsloss, games = games + 1, totalgames = totalgames + 1, streakwins = 0, streaklosses = streaklosses + 1 WHERE name='$losername'";
$result = mysql_query($sql);
$sql = "UPDATE $playerstable SET wins = wins + 1, losses= losses, totalwins = totalwins + 1, totallosses= totallosses, points = points + $pointswin, totalpoints = totalpoints + $pointswin, games = games + 1, totalgames = totalgames + 1, streakwins = streakwins + 1, streaklosses = 0 WHERE name='$winnername'";
$result = mysql_query($sql);
$sql = "INSERT INTO $gamestable (winner, loser, date) VALUES ('$winnername', '$losername', '$date')";
$result = mysql_query($sql);

echo "Thank you! Information entered.";
}
}
else {
echo "You can't play more than $gamesmaxday games per day against the same player!";
}
}
else {
echo "Incorrect password. Try again.";
}
}
else {
// display form
?>

<form method="post" action="<?php echo $PHP_SELF?>">


<center>
<table border="0" cellpadding="0" width="100%">
<tr>
<td width="12%">

<p class="text">Winner:</p></td>
<td width="88%"><select size="1" name="winnername" style="background-color: <?php echo"$color1" ?>; border: 1 solid <?php echo"$color3" ?>" class="text">
<?php
$db = mysql_connect($databaseserver, $databaseuser, $databasepass);
mysql_select_db($databasename,$db);

$sortby = "name ASC";
$sql="SELECT * FROM $playerstable ORDER BY $sortby";
$result=mysql_query($sql,$db);

$num = mysql_num_rows($result);
$cur = 1;


echo "<ol>";

while ($num >= $cur) {

$row = mysql_fetch_array($result);

$name = $row["name"];

?>
<option><?php echo "$name" ?></option>
<?php

$cur++;
}

echo "</ol>";

?>
</select></td>
</tr>
<tr>
<td width="12%">
<p class="text">Loser:</p></td>
<td width="88%"><select size="1" name="losername" style="background-color: <?php echo"$color1" ?>; border: 1 solid <?php echo"$color3" ?>" class="text">
<?php
$db = mysql_connect($databaseserver, $databaseuser, $databasepass);
mysql_select_db($databasename,$db);

$sortby = "name ASC";
$sql="SELECT * FROM $playerstable ORDER BY $sortby";
$result=mysql_query($sql,$db);

$num = mysql_num_rows($result);
$cur = 1;


echo "<ol>";

while ($num >= $cur) {

$row = mysql_fetch_array($result);

$name = $row["name"];

?>
<option><?php echo "$name" ?></option>
<?php

$cur++;
}

echo "</ol>";

?>
</select></td>
</tr>
<tr>
<td width="12%">
<p class="text">Password:</p></td>
<td width="88%"><input type="password" name="passworduser" style="background-color: <?php echo"$color1" ?>; border: 1 solid <?php echo"$color3" ?>" class="text"></td>
</tr>
</table>
</center>

<p> <input type="Submit" name="submit" value=http://www.phpbuilder.com/board/archive/index.php/"Submit" style="background-color: <?php echo"$color1" ?>; border: 1 solid <?php echo"$color3" ?>" class="text">

</form>

<?php

}

?>
<?php
require('main2.php');
require('footer.php');
?>
 
You must log in or register to reply here.
Back
Top