Major Additions - Casino (w/ 10 player poker)

The Gameroom is the follow up to this, and expands on its features. This mod will no longer be supported, Gameroom is here: https://vborg.vbsupport.ru/showthread.php?t=219483

This is a casino addition for vBulletin, so far containing video poker, blackjack, Slots, a lottery, Let 'em Ride, Roulette and a betting pool.

It can use it's own cash as well as cash fields from other products for easy integration. Cash bonuses are also awarded for various actions (posting, starting threads, etc.), you can alter the bonus values through the admincp.

Each of the 10 games can be turned on or off through the control panel, and the casino can be restricted by user group.

I'd consider this a test run, everything should work, but some of the template's and all of the phrasing are not done yet.

Screenshots are attached.

If you want to see a demo, it's live at http://vbgaming.org, it does require registration though as it needs a userid to attach your money too Bug reports and requests can also be posted there, and will probably have less chance of getting buried in this rather massive thread. If you are having a problem, please look there. If it is one that others have been having, there will likely be a solution there (as well as in this thread, just harder to find here)

v 0.90 (Jan 6)
- Fixed a bug in lottery odds calculation that was casuing problems with the jackpot.
- Completed Phrasing of all games & admincp
- Removed card flicker some people experienced in Texas Hold'em
- Removed unused table limit setting from Video Poker settings
- Handled a DB error that occasionally came out of the slots game
- Sports Pool groups are now edited through the game, not the admincp
- Blackjack: Dealer checks for blackjack on A or 10
- Blackjack: Added Five card charlie rule
- Texas Hold'em: poker mod groups can now use the command "/kick username" to kick people out of the game. If a hand is in progress it counts as a forced fold, not returning their share of the pot.
- Blackjack - Fixed bug on bet amount when splitting more then once on a hand

v 0.91 (Jan 13)
- Added missing field for holdem mod groups to settings table
- Removed 0.90 test code of drawin same numbers in lottery
- Piped all the ajax files through casino.php, this should solve some of the conflicts people where having (ex. mkportal)
- Added missing link to add / edit groups in sports pool
- Fixed extra \'s in chatbox some users where getting
- Added a reset cash button in the ACP
- Fixed a bug where the blackjack_dealt table wasn't getting cleared properly
- Fixed "Most Lost" stat calculation


v 0.92 (Feb 18)
- Fixed Default Cash not saving
- Texas Hold'em no longer shows hand after folding
- Texas Hold'em buttons should not reappear after clicking if a request was in progress when they where clicked
- Fixed some of the reinstall issues people have been having

This is pretty minor, working on some major changes to the Texas Hold'em game that are taking longer then I planned due to other things coming up.

Known issues:
- The same player attempting to play more then one instance of the same game at the same time will cause errors.

To update overwrite all of the old files and import the product, revert any modified (casino) templates and don't forget the files in other folders Also some of the images have changed, those need uploaded again. (as well as the includes and admincp files) You DO NOT need to uninstall the previous version to upgrade, this will cause problems. Just overwrite existing files and import the product again, allowing overwrite.

**Make sure you overwrite ALL existing files and revert ALL casino templates**

[Raptor]

one of our members discovered a bug that allows any member to steal money from someone elses account using the donate cash function because it just relies on a simply GET request in the form of

Code:

casino.php?recipients=fusen&amount=100&do=donate&donate=Donate

you can force users to give cash by simply abusing the fact the a forum allows html.

by using a

Code:

<img src="casino.php?blahblah" height="0" width="0">

no one can see what's happening but every visit will force a donate through as long as the page viewer has enough cash.

to do a simple fix simply make the donate check code make sure that the form was sent via POST and not GET, still because the forum allows for HTML you could get past this still be creating a hidden form that is automatically submitted on pageload that can then force a POST request.

I'd say the safest securist method would be to create a hash inside the form in a hidden variable that is something like your username salted with a random word that is checked on the donate processing bit.

I can confirm this backdoor is there - as I discovered this particular member stealing $1000's from others' accounts.

Please fix asap

[ArchangelX]

Thanks for the help Andrew!

[Andrew Green]

Quote:

Originally Posted by Raptor

you can force users to give cash by simply abusing the fact the a forum allows html.

I can make that change, but I'm gonna be honest. If your allowing members to post html, you got far bigger security risks then stealing cash...

I would very, very strongly recommend you turn html posting off before something more important then casino cash gets swiped.

[larrydavidow]

The texasholdem_modgroups record was missing from the casino_settings table so when I added the usergroup for moderation of Texas Holdem, it was not updating the field in the CP. After adding the record to the table, I'm still not able to /kick people out of Texas Holdem. I'm guessing some code is missing too.

[Raptor]

Quote:

Originally Posted by Andrew Green

I can make that change, but I'm gonna be honest. If your allowing members to post html, you got far bigger security risks then stealing cash...

I would very, very strongly recommend you turn html posting off before something more important then casino cash gets swiped.

what about being able to embed code such as youtube videos? its a popular feature.

id appreciate the change anyway - thanks

[rwilkins108]

embedding youtube videos? there's so many mods and bbcodde additions that do that, if youtube videos are your only reason for allowing html, then u really should look into those here on vb.org! Also, jelsoft themselves (the company that makes vBulletin) warns against allowing html in posts...

[Andrew Green]

Quote:

Originally Posted by Raptor

what about being able to embed code such as youtube videos? its a popular feature.

id appreciate the change anyway - thanks

Then you'd want to set up a bbcode to do the embedding, or use the auto media embeding product. If you let them embed youtube videos, then they can also embed things a lot more malicious. Only a matter of time before someone starts hijacking accounts or worse.

[larrydavidow]

Andrew,

Any ideas why that /kick feature is not working in Texas Holdem? I posted a little earlier about the texasholdem_modgroups record missing from the table and wondered if this is possibly due to some code missing from the release.

[Andrew Green]

haven't had a chance to think about it, works for me on my sites. You have the usergroupid set up properly? Does it show anything when you type it in in the chat box?

[Aeolian]

Thanks Freesteyelz