Dave

Re: Game Security My record of hacking peoples site after i get access is null, So thats why i offered to help expecting just to be allowed in (Like i do with most people i help some just ask for my word which im happy to give). But this guy was saying its just an email and so on, So i refused because if he wanted it to be secured that badly and wanted some form of legal documentation to prove that i or the person who does the work is not going to "destory" his site (I never actually saw the document), Is well pointless and incrediably annoying, Just makes me wonder sometimes why i offer to help people for free then they ask for me to sign a legal contract?

Hey, Well i was incrediably bored and decided to re-code a file, I ended up doing lucky boxes which was originally quite simple but had a few bugs such as it going from say "First outcome" to "Fourth outcome" thats been fixed. I also added the option for admin's to change how many times a user has opened a box in a day along with other little things like images for each one and updating some of the text. Anymore suggestions of what i could do with this code? <?php require_once('globals.php'); function Stop() { global $h; echo ' > [url="lucky.php"]Back[/url]'; $h->endpage(); exit(); } ## Settings ## define('__BOXCOST__', 1000); //The cost to open a Lucky Box. define('__BOXDAY__', 5); //The amount of times a user can open boxes a day! Anymore then 9 and you will get some issues. ## End Of settings ## print "<h3>Lucky Boxes</h3><hr />"; if($_GET['modify'] AND $ir['user_level'] == 2) { if($_POST['boxes'] OR $_SESSION['user_edit']) { if(!ctype_digit($_POST['boxes'])) { echo 'The amount of boxes opened must be numeric!'; Stop(); } $check = $db->query('SELECT userid, username, boxes_opened FROM users WHERE userid='.$_SESSION['user_edit']); if(!$db->num_rows($check)) { echo 'The user you are trying to update dosen\'t exist!'; Stop(); } $user = mysql_fetch_object($check); if($user->boxes_opened == $_POST['boxes']) { echo 'There is no point in updating a users boxes opened with the same amount?'; Stop(); } $db->query('UPDATE users SET boxes_opened='.$_POST['boxes'].' WHERE userid='.$_SESSION['user_edit']); echo $user->username.'\'s account has been updated with '.$_POST['boxes'].' boxes opened today'; unset($_SESSION['user_edit']); Stop(); } if($_POST['user']) { $_POST['user'] = htmlentities(mysql_real_escape_string($_POST['user'])); $check = $db->query('SELECT userid, username, boxes_opened FROM users WHERE userid='.$_POST['user']); if(!$db->num_rows($check)) { echo 'We cannot find that user'; Stop(); } $user = mysql_fetch_object($check); $_SESSION['user_edit'] = $user->userid; echo '<h3>Lucky stats for [url="viewuser.php?u='.$user->userid.'"]'.$user->username.'[/url] ['.$user->userid.']</h3> <form action="lucky.php?modify=1" method="post"> Boxes Opened Today: <input type="text" name="boxes" value="'.$user->boxes_opened.'" size="'.count($user->boxes_opened).'" /> <input type="submit" value="Update" /> </form> <hr />'; } else { echo '<h3>Modify a users box opens</h3> If you wish to give a users more chances of opening boxes or just want to see how many times a user has opened the boxes you can check here!<hr /> <form action="lucky.php?modify=1" method="post"> '.user_dropdown($c, 'user').' <input type="submit" value="Submit" /> </form> <hr />'; } } elseif($_GET['open']) { if($ir['boxes_opened'] >= __BOXDAY__) { echo 'Sorry, you have already opened '.__BOXDAY__.' boxes today. Come back tomorrow.'; Stop(); } if($ir['money'] < __BOXCOST__) { echo 'Sorry, it costs '.money_formatter(__BOXCOST__).' to open a box. Come back when you have enough.'; Stop(); } $num = mt_rand(1, 5); $db->query('UPDATE users SET boxes_opened=boxes_opened+1, money=money-'.__BOXCOST__.' WHERE userid='.$userid); $ir['money']-=__BOXCOST__; $_SESSION['num']++; $word = array('First', 'Second', 'Third', 'Fourth', 'Fifth', 'Sixth', 'Seventh', 'Eighth', 'Ninth', 'Tenth'); $numbers = array('1', '2', '3', '4', '5', '6', '7', '8', '9', '10'); $images = array( '1' => 'http://community.gemtradenet.com/2008/07/15/crystals.jpg', '2' => 'http://www.thewashingtonnote.com/archives/dollars%20pic.jpg', '3' => 'http://www.moonbattery.com/archives/money_down_drain.jpg', '4' => 'http://www.lindashauntedhalloween.net/twf_spirit/tumbleweed.gif', '5' => 'http://www.lindashauntedhalloween.net/twf_spirit/tumbleweed.gif'); // Modify these each one matches a case below. $outcome = str_replace($numbers, $word, $_SESSION['num']); switch($num) { case 1: $tokens = (mt_rand(1,3)*$ir['level']); echo '[img='.$images[$num].'] '; echo $outcome.' outcome - You gain '.$tokens.' crystals! <font color="green">+ '.$tokens.' crystals</font>'; $db->query("UPDATE users SET crystals=crystals+{$tokens} WHERE userid={$userid}"); break; case 2: $money = (mt_rand(330, 3300)*$ir['level']); echo '[img='.$images[$num].'] '; echo $outcome.' outcome - You gain '.money_formatter($money).' <font color="green">+ '.money_formatter($money).'</font>'; $db->query("UPDATE users SET money=money+{$money} WHERE userid={$userid}"); break; case 3: $stole = min(mt_rand($ir['money']/10, $ir['money']/5), 5000); echo '[img='.$images[$num].'] '; echo $outcome.' outcome - You lost '.money_formatter($stole).' <font color="red">- '.money_formatter($stole).'</font>'; $db->query("UPDATE users SET money=money-{$stole} WHERE userid={$userid}"); break; case 4: echo '[img='.$images[$num].'] '; echo $outcome.' outcome - You neither gain or loose anything'; break; case 5: echo '[img='.$images[$num].'] '; echo $outcome.' outcome - You neither gain or loose anything'; break; } echo '<hr /> [url="lucky.php?open=1"]Open Another[/url] [url="explore.php"]Back to Town[/url]'; } else { $_SESSION['num'] = 0; echo 'A man comes up to you and whispers, "I have magical boxes, I let you open one for '.money_formatter(__BOXCOST__).'. You can open a maximum of '.__BOXDAY__.' a day. Deal or no deal?"<hr /> [url="lucky.php?open=1"]Okay, open one.[/url] [url="explore.php"]No thanks.[/url] '; if($ir['user_level'] == 2) { echo '<hr /><h3>Admin Options</h3><hr /> [url="lucky.php?modify=1"]Modify a users box opens[/url]'; } } $h->endpage(); ?>

Re: Please review this game Put the ad's in iFrames, Makes the site load faster (Hopefully) 1000 Post for SkyFuse!

Re: [Review] Avalon One of the first games i've liked :) (Not offence to the rest of you game creators but i'm incrediably picky)

Re: Game Security I don't know but i refuse to have to sign a legal contract when i offer to freely secure someones game.

Re: Need file back Well if your on cPanel there is a recycling bin where the deleted file will be, Otherwise contact your host and pray they do daily backup's and just get the file and re-upload it.

Re: Game Security He wants you to sign a legal contract or something simular (A Legally binding email) which i refused due to the fact that i offered to do the work for free. So if you dont like Legal documentation avoid trying to do this job.

Re: [MMCODES V2] HACKING ATTEMPTS LOGGED Someone trying to view staff.php isn't technically a "hacking attempt", You should really make this mod check if for instance if $_GET['ID'] is numeric and if not then record them as "trying" to "hack" your site.

Re: How Would I do this? Firstly you will probably want to use mt_rand i beleive its quicker then the standard rand And to use a mt_rand in a if statement i beleive it would be something like <?php if(mt_rand(1,100) == 50) { //Do w/e } ?>

Re: Could i steal 10 seconds of your life to help me? Thanks First thing lets talk security lol $ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; Bad $ip = $_SERVER['REMOTE_ADDR']; Better ;D and after quickly looking over your register i see no problems and for the inventory.php error we're gonna need to know whats on line 25ish - 30 ish to fix that problem and its probably a good idea to post your halloffame.php aswell.

Re: Game Security [email protected] Ill do it for free if you wish for me to. and yes i cannot guarentee your game to be "unhackable" but ill make sure ill patch all the spots I know of. My reputation isn't the best but there are good people on here who will tell you that im not going to "h4xx0r" your game or anything :).

Re: Shops (Upgraded a bit) Nope random images of Google I used random images of Google for the purpose of testing and quickness of the creation of the mod, It was created on a test site which will never be released as a game so there is no need for "proper shops" to be created.

Re: Shops (Upgraded a bit) Woops forgot about the SQL's ALTER TABLE shops ADD shopDONATE enum('1', '0') NOT NULL default'0'; ALTER TABLE shops ADD shopIMAGE text NOT NULL;

Re: Shops (Upgraded a bit) First thing that came into my head :P Thanks =D Haha not really but thanks

Hey, I got a bit bored and decided to do a partial recode of the shop system! I may recode some more of it and make it better later on. Features: New Look Able to add Donator and Non-Donator shops. Shop images Screenshots: (I do have a random taste in the pictures, When a shop is for donators only it doesn't actually turn green I just did that to show you that you can then see the new shop.) This has been tested once very quickly so not 100% sure there are no bugs. <?php include "globals.php"; //Edit these options define('__NO_SHOP_IMAGE__', 'http://swemat01.sweblend.se/smallpics/default.jpg'); //Change this to the image you want to be displayed if the shop has no image. Dimensions 150x150 echo '<style type="text/css"> .shop { background: white; } .shop td { background: lightgrey; border: 1px grey solid; } .shop th { background: lightgrey; border: 1px grey solid; } </style>'; $_GET['shop'] = abs((int) $_GET['shop']); if(!$_GET['shop']) { print "You begin looking through town and you see a few shops. "; if(!$ir['donatordays']) { $shopDONATE = "shopDONATE='0' AND"; } else { $donate=""; } $q=$db->query("SELECT shopID, shopNAME, shopDESCRIPTION, shopLOCATION, shopDONATE, shopIMAGE FROM shops WHERE ".$shopDONATE." shopLOCATION={$ir['location']}") or die(mysql_error()); print "<table width=80% cellspacing=3 cellpadding=0 border=0 class='shop'>"; if(!mysql_num_rows($q)) { echo '<tr><td>There are no shops here.</td></tr>'; } $tr = 0; while($r=$db->fetch_row($q)) { $tr++; echo '<td width="50%"> <div style="background: #999999;padding: 5px;margin: 5px;">'.$r['shopNAME'].'</div> <div style="padding: 0px 15px 5px 15px;text-align: center;">'; if(@getimagesize($r['shopIMAGE'])) { echo '[img='.$r['shopIMAGE'].']'; } else { echo '[img='.__NO_SHOP_IMAGE__.']'; } echo ' '.$r['shopDESCRIPTION'].' > [url="shops.php?shop='.abs((int) $r['shopID']).'"]Enter Shop[/url] < </div> </td>'; if($tr == 2) { echo '</tr><tr>'; $tr=0; } } print "</table>"; } else { $sd=$db->query("SELECT * FROM shops WHERE shopID={$_GET['shop']}"); if($db->num_rows($sd)) { $shopdata=$db->fetch_row($sd); if($shopdata['shopLOCATION'] == $ir['location']) { if($shopdata['shopDONATE'] AND !$ir['donatordays']) //If the shop is for donators but the user isn't a donator { echo 'You cannot access this shop, This shop is for donators only!'; //Tell them there not allowed in $h->endpage(); //Show the nice footer exit; //Cease operation of the script } print "Browsing items at [b]{$shopdata['shopNAME']}...[/b] <table cellspacing=1 width='100%' class='table'><tr><th>Item</th><th>Description</th><th>Price</th><th>Sell Price</th><th>Buy</th></tr>"; $qtwo=$db->query("SELECT si.*,i.*,it.* FROM shopitems si LEFT JOIN items i ON si.sitemITEMID=i.itmid LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid WHERE si.sitemSHOP={$_GET['shop']} ORDER BY i.itmtype ASC, i.itmbuyprice ASC, i.itmname ASC"); $lt=""; if(!mysql_num_rows($qtwo)) { echo '<tr><td colspan="5"><center>There are currently no items able to be purchased in this shop</td></tr>'; } while($r=$db->fetch_row($qtwo)) { if($lt!=$r['itmtypename']) { $lt=$r['itmtypename']; print "\n<tr style='background: gray;'><th colspan=5>{$lt}</th></tr>"; } print "\n<tr><td>{$r['itmname']}</td><td>{$r['itmdesc']}</td><td>\${$r['itmbuyprice']}</td><td>\${$r['itmsellprice']}</td><td><form action='itembuy.php?ID={$r['itmid']}' method='post'>Qty: <input type='text' name='qty' value='1' /><input type='submit' value='Buy' /></form></td></tr>"; } print "</table> [url='shops.php']Back[/url]"; } else { print "You are trying to access a shop in another city!"; } } else { print "You are trying to access an invalid shop!"; } } $h->endpage(); ?> <?php include "sglobals.php"; if($ir['user_level'] > 2) { die("403"); } //This contains shop stuffs switch($_GET['action']) { case 'newshop': new_shop_form(); break; case 'newshopsub': new_shop_submit(); break; case 'newstock': new_stock_form(); break; case 'newstocksub': new_stock_submit(); break; case 'delshop': delshop(); break; default: print "Error: This script requires an action."; break; } function new_shop_form() { global $db,$ir,$c,$h; print "<h3>Adding a New Shop</h3> <form action='staff_shops.php?action=newshopsub' method='post'> <table width='60%' cellspacing='1' class='table'> <tr><th>Shop Name:</th><td> <input type='text' name='sn' value='' /></td></tr> <tr><th>Shop Desc:</th><td> <input type='text' name='sd' value='' /></td></tr> <tr><th>Shop Location:</th><td> ".location_dropdown($c,"sl")."</td></tr> <tr><th>Shop for donators:</th><td> <input type='checkbox' name='donate'></td></tr> <tr><th>Shop Image</th><td> <input type='text' name='image'></td></tr> <tr><th colspan='2'><input type='submit' value='Create Shop' /></th></tr></table></form>"; } function new_shop_submit() { global $db,$ir,$c,$h; if(!isset($_POST['sn']) || !isset($_POST['sd'])) { print "You missed a field, go back and try again. [url='staff_shops.php?action=newshop']> Back[/url]"; } else { $sn=$_POST['sn']; $sd=$_POST['sd']; if(!getimagesize($_POST['image'])) { echo 'We cannot find that image please try again'; $h->endpage(); exit; } $img = $_POST['image']; if($_POST['donate']) { $d="1"; } else { $d="0"; } $db->query("INSERT INTO shops (shopID, shopLOCATION, shopNAME, shopDESCRIPTION, shopDONATE, shopIMAGE) VALUES('',{$_POST['sl']},'$sn','$sd','$d','$img')"); print "The $sn Shop was successfully added to the game."; stafflog_add("Added Shop $sn"); } } function new_stock_form() { global $db,$ir,$c,$h; print "<h3>Adding an item to a shop</h3> <form action='staff_shops.php?action=newstocksub' method='post'> Shop: ".shop_dropdown($c,"shop")." Item: ".item_dropdown($c,"item")." <input type='submit' value='Add Item To Shop' /></form>"; } function new_stock_submit() { global $db,$ir,$c,$h; $db->query("INSERT INTO shopitems VALUES('',{$_POST['shop']},{$_POST['item']})"); print "Item ID {$_POST['item']} was successfully added to shop ID {$_POST['shop']}"; stafflog_add("Added Item ID {$_POST['item']} to shop ID {$_POST['shop']}"); } function delshop() { global $db, $ir, $c, $h; if($_POST['shop']) { $sn=$db->fetch_single($db->query("SELECT shopNAME FROM shops WHERE shopID={$_POST['shop']}")); $db->query("DELETE FROM shops WHERE shopID={$_POST['shop']}"); $db->query("DELETE FROM shopitems WHERE sitemSHOP={$_POST['shop']}"); print "Shop {$sn} Deleted."; stafflog_add("Deleted Shop $sn"); } else { print "<h3>Delete Shop</h3><hr /> Deleting a shop will remove it from the game permanently. Be sure.<form action='staff_shops.php?action=delshop' method='post'> Shop: ".shop_dropdown($c, "shop")." <input type='submit' value='Delete Shop' /></form>"; } } $h->endpage(); ?>

Re: Register That's not a fix @ just makes it so it dosen't return an error! The actual problem is with whatever is after $q so post the bit which looks like "$q=mysql_query......"

Re: [Any]Zyzamic Network Just wondering did you get some inspiration from our name SkyFuse?

Re: [REVIEW] Deadly Ghetto. Well according to my sources the game got hacked and they just decided to completely de-face the game (Meaning just delete everything).

Re: THIS OR THAT? Linux O.o Only a crazy man would say windows Email or Text Messaging ?

Re: Little Error { die("You have already sent this user a proposal! [url='index.php']Back[/url] "); } else { $uq=$db->query("SELECT * FROM users WHERE userid=".$_GET[iD]); if($db->num_rows($uq) == 0) { die("I'm sorry a user doesn't exist with that ID!"); } if($_POST['reason'] and $_POST['user'] and $_POST['propose']) { $_POST['reason']=str_replace(row("<",">","/n"), row("",""," "), $_POST['reason']); $_POST['reason']=$_POST['reason']." [b]$ir[username] proposed to you with a [b]$_POST[propose][/b]!"; Hopefully

Re: Toughest Developer Puzzle Ever Okay the nintendo one :P http://www.jeffblankenburg.com/tdpe/nintendoentertainmentsystem.js and http://www.jeffblankenburg.com/tdpe/contra.js Kind of a translation in a way to work out the letters and what order to click them in. The combination is Up Up Down Down Left Right Left Right B A Now for some weird Mario level!

Re: Little Error It's saying there is no function called row()..... Yet on that line there is no function being called with the name of row(), So you really need to post atleast 10 lines.

Re: FlashChat 4.7 Auto Login? Wrong, viewsource show's the hidden field's. @ chaoswar4u, the password field for flashchat is only for admin's therefor, remove the password bit and it will only use the username.. Simple as That. The password entry is needed as I plan to have flashchat intergrated to my username / password field. Hence why I require a method to keep these details hidden. I'm not sure how secure it would be but sessions could be a good idea? Cant be seen via view source and in Flash chat just convert all session data into get or post?

Re: Operation: Jarhead I didn't ask for you to compare our game with Prison Struggle, we've already resolved all issues with them in an orderly manner, This post is for a review of Operation: Jarhead and not to compare it with another site which has a similar style.

Hello, I'd like some reviews for SkyFuse's first game from some developers! Please make any criticism constructive and not just flaming. http://operationjarhead.com/ We've been open for about a month and have managed to attract just over 1,000 members and made a reasonable profit so we are hoping that the game will continue to grow whilst we work on our other projects.