Djkanna

<?php include_once (DIRNAME(__FILE__). '/globals.php'); // XSS Prevention function NoXSS($Var) { return (get_magic_quotes_gpc()) ? htmlspecialchars($Var) : addslashes(htmlspecialchars($Var)); } $_GET['act'] = isset($_GET['act']) && ctype_alpha($_GET['act']) ? trim($_GET['act']) : 'Index'; switch ($_GET['act']) { case 'SexChange': SexChange(); break; case 'PassChange': PassChange(); break; case 'NameChange': NameChange(); break; case 'DPChange': DPChange(); break; case 'ForumSig': ForumSig(); break; case 'ProfileSig': ProfileSig(); break; default: Index(); break; } if (!in_array($_GET['act'], array('Index', 'SexChange', 'PassChange', 'NameChange', 'DPChange', 'ForumSig'))) { Error('Invalid Command!'); } // Index Function function Index() { echo '<h3 style="text-decoration: underline;">Your Preferences</h3> [url="prefs.php?act=SexChange"]Sex Change[/url] [url="prefs.php?act=PassChange"]Password Change[/url] [url="prefs.php?act=NameChange"]Username Change[/url] [url="prefs.php?act=DPChange"]Display Picture Change[/url] [url="prefs.php?act=ForumSig"]Forum Info Change[/url] [url="prefs.php?act=ProfileSig"]Profile Sig Change[/url] '; } // Sex Change Function function SexChange() { global $ir, $db, $h; $NewGender = ($ir['gender'] == 'Male') ? 'Female' : 'Male'; if (isset($_POST['NewGender'])) { $db->query(sprintf("UPDATE `users` SET `gender`='%s' WHERE `userid`='%d'", $_POST['NewGender'], $ir['userid'])); echo sprintf("You Are Now A %s", $_POST['NewGender']); $h->endpage(); exit; } else { echo '<h3 style="text-decoration: underline;">Sex Change</h3> <form action="prefs.php?act=SexChange" method="post">'; echo sprintf("<input type='hidden' name='NewGender' value='%s' />", $NewGender); echo sprintf("You Are Currently A Are %s, Are You Sure You Want To Become A %s? ", $ir['gender'], $NewGender); echo '<input type="submit" value="Yes!" /> </form>'; } } // Password Change Function function PassChange() { global $ir, $db, $c; $Info = $db->fetch_row($db->query(sprintf("SELECT `userid`, `userpass`, `login_name` FROM `users` WHERE `userid`='%d'", $ir['userid']))); if (isset($_POST['OldPass'], $_POST['NewPass1'])) { if ($_POST['NewPass1'] == '') { echo 'Error! You Entered No Password '; } else if (md5($_POST['OldPass']) != $Info['userpass']) { echo 'Error! The Current Password Is Inncorrect! '; } else { $db->query(sprintf("UPDATE `users` SET `userpass`='%s' WHERE `userid`='%d'", md5($_POST['NewPass1']), $ir['userid'])); echo 'Your Password Has Been Updated! Your New Password Is: [i]'.$_POST['NewPass1'].'[/i] Keep This Password Safe And Don\'t Tell Anyone It. > [url="index.php"]Home[/url]'; } } else { echo '<h3 style="text-decoration: underline;">Password Change</h3> <form action="prefs.php?act=PassChange" method="post"> Current Password: <input type="password" name="OldPass" /> New Password: <input type="password" name="NewPass1" /> <input type="submit" value="Change Password!" /> </form>'; } } // Name Change Function function NameChange() { global $ir, $db; if (isset($_POST['NewName'])) { $CheckLog = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `login_name`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); $CheckGame = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `username`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); if (trim($_POST['NewName']) == '') { echo 'Error! You Did Not Enter A New Name '; } else if ($CheckLog) { echo 'Error! This Name Is In Use '; } else if ($CheckGame) { echo 'Error! This Name Is In Use '; } else if (strlen($_POST['NewName']) < '4') { echo 'Error! This Name Is Too Short'; } else if (strlen($_POST['NewName']) > '15') { echo 'Error! This Name Is Too Long'; } else { $_POST['NewName'] = str_replace(array("<", ">", "'", ";"), array("", "", "", ""), $_POST['NewName']); $db->query(sprintf("UPDATE `users` SET `username`='%s' WHERE `userid`='%d'", $_POST['NewName'], $ir['userid'])); echo 'You Have Changed Your Username'; } } else { echo '<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. <form action="prefs.php?act=NameChange" method="post"> New Name: <input type="text" name="NewName" /> <input type="submit" value="Change Name" /> </form>'; } } // Display Picture Change Function function DPChange() { global $ir, $db; $Pic = $db->query(sprintf("SELECT `display_pic` FROM `users` WHERE `userid`='%d'", $ir['userid'])); if (isset($_POST['NewPic'])) { if ($_POST['NewPic'] == '') { echo 'You Did Not Enter An Image'; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { print "You are trying to upload an invalid image"; } else { $_POST['NewPic'] = str_replace(array("<", ">", "'", ";", ".php", ".html", ".js"), array("", "", "", "", "", "", ""), $_POST['NewPic']); $db->query(sprintf("UPDATE `users` SET `display_pic`='%s' WHERE `userid`='%d'", $_POST['NewPic'], $ir['userid'])); echo 'Picture Changed'; } } } else { echo '<h3>Pic Change</h3> Please note that this must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="prefs.php?act=DPChange" method="post">'; echo sprintf("New Pic: <input type='text' name='NewPic' value='%s' /> ", $Pic['display_pic']); echo ' <input type="submit" value="Change Picture" /> </form>'; } } // Forum Info Change Function function ForumSig() { global $ir, $db; if (isset($_POST['NewFSig'])) { $db->query(sprintf("UPDATE `users` SET `forums_avatar`='%s', `forums_signature`='%s' WHERE `userid`='%d'", NoXSS($_POST['FPic']), NoXSS($_POST['NewFSig']), $ir['userid'])); echo 'Forum Info Updated'; } else { echo '<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="prefs.php?act=ForumSig" method="post">'; echo sprintf("Avatar: <input type='text' name='NewFPic' value='%s' /> ", $ir['forums_avatar']); echo sprintf("Signature (you may use BBcode): <textarea rows='10' cols='50' name='NewFSig'>%s</textarea> ", $ir['forums_signature']); echo '<input type="submit" value="Change Info" /> </form>'; } } // Profile Sig Change Function function ProfileSig() { global $ir, $db; if (isset($_POST['NewPSig'])) { $db->query(sprintf("UPDATE `users` SET `sig`='%s' WHERE `userid`='%d'", NoXSS($_POST['NewPSig']), $ir['userid'])); echo 'Profile Sig Updated'; } else { echo '<h3>Profile Sig</h3> <form action="prefs.php?act=ProfileSig" method="post">'; echo 'Signature (you may use BBcode): '; echo sprintf("<textarea rows='10' cols='50' name='NewPSig'>%s</textarea> ", $ir['sig']); echo '<input type="submit" value="Change Profile Sig" /> </form>'; } } $h->endpage( ); ?> May work :)

Okay I didn't understand this that well but I think I've got it < I think :) function do_pic_change() { global $db, $h, $userid; $image = getimagesize("".$_POST['newpic'].""); if($_POST['newpic'] == "") { echo "Sorry it seems like you haven't inputed anything please go back and try again. [url='preferences.php?action=picchange']Back[/url]"; } elseif(!$image) { echo "Um yeah you didn't actually think that would work did you?"; } else { $db->query(sprintf("UPDATE users SET display_pic='%s' WHERE(userid=%u)", $db->escape($_POST['newpic']), $userid)); echo "Display picture has been changed"; $h->endpage(); exit; } } It doesn't seem to allow anything but a image file so I think that's a good start to defeating the Admin Hi-Jack. :) Thanks DJK

Sounds like an awesome idea but projects like revamps hardly ever stick. I will help as much as I can :)

Your leaving :thumbdown: Well good luck with college and everything bud ;) EDIT: I cannot spell -.-

Somebody got touchy there :P Yeah it does tell you the error right there plain as day. I'm sorry but I agree with Danny on this one.

Um no he hasn't you can simply remove the format function from the script and replace it with stripslashes(htmlspecialchars()) or none that's up to you but if I remember correctly your the one that didn't read the instructions then complained that you got the function error. So before you even try to disrespect other's mods/work, how about do it yourself and read a manual instead of asking for things on a silver platter (This is in reference to the ammount of stuff he has asked for). Or perhaps spending a few bucks, dollars, pounds, euros whatever on a coder to do it for you instead of wanting the stuff free. I think I've gone off topic. Um yeah you can NOT secure your site/game with just a few lines of code, you need to go through every file and manually secure it, which if you know what your doing and have the time doesn't really take long, (Not speaking from experience as I'm only just learning the basics but from what I've been told). Moderators: If you feel I've stepped over the line with the whole Nicholas thing then remove it I don't mind or care :P DJK :whistling:

Re: [v2] New Header I've tested this in IE and Firefox and works fine (including the staff section). :|

Re: [v2] New Header Before I get a bad name (not like it's not allready happened). All I did was fix one tiny error, so it would actually work. Would of fixed it all but the OP kept begging for it there and then -.- I may fix it if I can be bothered to do so :P Also he did not make the template I think its a free one which has copyright limitations so I would look into that before you use it as I notice the copyright bar doesn't show. For the concern of images, Convert them all to Png and change them over as for some reason the GiF ones that are packed in the file are pretty screwed up. Djkanna

Re: [mccodes] Advanced Pet Mod [$15] I have nothing to say which is unusual for me -.- :| Strange thing is I would expect this to be secured a little at the least Anyhow Good luck with the sales :wink:

Re: why doesn't this work? Check in your header.php file That its including smenu.php under the staff function instead of mainmenu.php Djkanna

Re: Looking for email verification mod V1 Meh... Code Off!!! Between Crazy T and Cronus, Who will win ? Find out after this short break.. Djkanna's bitch fight underground is brought to you by an unnamed source Meh.. I had to post it I was bored :P

Re: Looking for email verification mod V1 No offence but it seems you got your panties in a twist there Cronus What do you expect him to do its Crazy T Hes.......... CRAZY!!! :roll:

Re: Crack The Safe ($2) 'Meh .. you know Crazy T can be mean... Especially to people who are new Muhahahahahahahaha :evil: Nah I'm joking Good Luck with your sales :wink:

Re: Looking for email verification mod V1 I ain't got nothing to say :| And Cronus it took you a while to fix the Paper mod :roll: But at least its possibly done not tested yet Crazy T's a troller haha Whats a troller :P

Re: [MC Codes V2] Captcha ($1) Bought it for you Sniko :P

Re: [Mccodes V2] Player Mood Nice work Sniko +1 WooP :P

Re: [V2]New Explore Try this <?php /////////////////////////////////////////////////// // pPase keep this notice ## ## McCodes version = 2 // // Coder of Explore bar = Danny696 ## ## you MAY edit it freely // // it will not show to the game members ## ##All we ask is that you keep this Notice intact // ################################################### include(DIRNAME(__FILE__) . '/globals.php'); $tresder=(int) rand(100,999); if($ir['jail']) { echo("Some Features Are Not Shown As Your In Jail"); } else if($ir['hospital']) { echo("Some Fetures Are Not Shown As Your In Hopsital"); } if($ir['jail']) { echo "[b]You begin exploring {$r['cityname']}, you look for some usefull things.[/b] <table width=75%><tr height=100><td valign=top> <u>Town Market</u> [url='shops.php']Shops[/url] [url='itemmarket.php']Item Market[/url] "; echo " <u>Work Places</u> [url='job.php']Work[/url] [url='education.php']Prision School[/url] "; echo " <u>Dark Side</u> [url='gangcentral.php']Gangs[/url] [url='gangwars.php']Gang Wars[/url] [url='fedjail.php']Federal Jail[/url] "; echo "<td valign=top> <u>Statistics Dept</u> [url='userlist.php']All Users[/url] [url='vdonators.php']The Best Players[/url] [url='stafflist.php']{$set['game_name']} Staff[/url] [url='halloffame.php']Ledgends of {$set['game_name']}[/url] [url='stats.php']Game Stats[/url] [url='usersonline.php']Users Online[/url]</td>"; echo "<td valign=top> <u>Catalogs</u> [url='itempedia.php']Item Catalog[/url] [url='jobpedia.php']Job Catalog[/url] [url='shoppedia.php']Shop Listings[/url] "; echo "<td valign=top> <u>Mysterious</u> [url='polling.php']Cast Your Vote Today[/url] [url='notepad.php']Personal Notepad[/url]"; if($ir['donatordays'] >= 1) { echo " <td valign=top> <u>Donators Only</u> [url='ddreward.php']Daily Donator Reward[/url] [url='crystalgym.php']Crystal Gym[/url] [url='dshop.php']Donator Shop[/url] "; echo "</td></tr></table> This is your referal link: http://{$domain}/register.php?REF=$userid Every signup from this link earns you ten valuable crystals!"; } else if($ir['hospital']) { echo "[b]You begin exploring {$r['cityname']}, you look for some usefull things.[/b] <table width=75%><tr height=100><td valign=top> <u>Town Market</u> [url='shops.php']Hospital Shops[/url] "; echo" <u>Work Places</u> [url='job.php']Hospital Jobs[/url] [url='education.php']Hospital School[/url] "; echo" <u>Dark Side</u> [url='gangwars.php']Gang Wars[/url] [url='fedjail.php']Federal Jail[/url] "; echo "<td valign=top> <u>Statistics Dept</u> [url='userlist.php']All Users[/url] [url='vdonators.php']The Best Players[/url] [url='stafflist.php']{$set['game_name']} Staff[/url] [url='halloffame.php']Ledgends of {$set['game_name']}[/url] [url='stats.php']Game Stats[/url] [url='usersonline.php']Users Online[/url]</td>"; echo "<td valign=top> <u>Catalogs</u> [url='itempedia.php']Item Catalog[/url] [url='jobpedia.php']Job Catalog[/url] [url='shoppedia.php']Shop Listings[/url] "; echo "<td valign=top> <u>Mysterious</u> [url='polling.php']Cast Your Vote Today[/url] [url='notepad.php']Personal Notepad[/url]"; echo "</td></tr></table> This is your referal link: http://{$domain}/register.php?REF=$userid Every signup from this link earns you ten valuable crystals!"; } else if($ir['jail'] | ($ir['hospital'] == 0)) { echo "[b]You begin exploring {$r['cityname']}, you look for some usefull things.[/b] <table width=75%><tr height=100><td valign=top> <u>Town Market</u> [url='shops.php']Shops[/url] [url='itemmarket.php']Item Market[/url] [url='auctions.php']Auction Market[/url] [url='cmarket.php']Crystal Market[/url]</td> <u>For The Players [b]With[b] Lots Of Money</u> [url='airport.php']Airport[/url] [url='estate.php']Housing[/url] [url='bank.php']City Bank[/url] [url='investmentbank.php']Investment Bank[/url] "; echo " <u>Fun And Games</u> [url='carnival.php']Carnival[/url] [url='slotsmachine.php?tresde=$tresder']Slots Machine[/url] [url='roulette.php?tresde=$tresder']Roulette[/url] [url='lucky.php']Lucky Boxes[/url] [url='crystal5050.php']Crystal Chance[/url] [url='money5050.php']Money Chance[/url] [url='horsing.php']Horse Racing[/url] "; echo "<u>Work Places</u> [url='job.php']Work[/url] [url='education.php']School[/url] "; echo "<u>Dark Side</u> [url='gangcentral.php']Gangs[/url] [url='gangwars.php']Gang Wars[/url] [url='fedjail.php']Federal Jail[/url] "; echo "<td valign=top> <u>Statistics Dept</u> [url='userlist.php']All Users[/url] [url='vdonators.php']The Best Players[/url] [url='stafflist.php']{$set['game_name']} Staff[/url] [url='halloffame.php']Ledgends of {$set['game_name']}[/url] [url='stats.php']Game Stats[/url] [url='usersonline.php']Users Online[/url]</td>"; echo "<td valign=top> <u>Catalogs</u> [url='itempedia.php']Item Catalog[/url] [url='jobpedia.php']Job Catalog[/url] [url='shoppedia.php']Shop Listings[/url] "; echo "<td valign=top> <u>Mysterious</u> [url='polling.php']Cast Your Vote Today[/url] [url='ctemple.php']Crystal Temple[/url] [url='mine.php']Mine Shaft[/url] [url='street.php']Search The Streets[/url] [url='battletent.php']Battle Tent[/url] [url='notepad.php']Personal Notepad[/url]"; if($ir['donatordays'] >= 1) { echo " <td valign=top> <u>Donators Only</u> [url='ddreward.php']Daily Donator Reward[/url] [url='crystalgym.php']Crystal Gym[/url] [url='dshop.php']Donator Shop[/url] "; } echo "</td></tr></table> This is your referal link: http://{$domain}/register.php?REF=$userid Every signup from this link earns you ten valuable crystals!"; $h->endpage(); } } ?>

Re: [mccode v2] Tag Mod (Complete) I could understand him :P Hey people I've just added the mod but there's one little problem and its the sql it won't let me add it in because its the wrong one can someone post the right one (please - should be there ) I know it was a pointless post , Though I'd make my presence known. Nice mod seems like a cool idea

Re: [McCodes V2] Assassinate user (donator only) This should work <?php global $db,$c,$ir,$userid, $set; $adomain=$_SERVER['HTTP_HOST']; $hc=$set['hospital_count']; $jc=$set['jail_count']; $ec=$ir['new_events']; $mc=$ir['new_mail']; $var2['num_users_on'] = mysql_query("SELECT userid FROM users WHERE laston >= UNIX_TIMESTAMP()-900", $c); $var['num_users_on'] = mysql_num_rows($var2['num_users_on']); print " <div align=left width='170'> <table cellspacing=1 width='170' class=table> <tr> <td>[img=top.png]</td> </tr> <tr> <td background='middle.png'><div align='center'>"; if($ir['hospital']) { print "[url='hospital.php']Hospital ($hc)[/url] [url='inventory.php']Inventory[/url] "; } elseif($ir['jail']) { print "[url='jail.php']Jail ($jc)[/url] "; } else { print "[url='index.php']Home[/url] [url='inventory.php']Inventory[/url] "; } if($ec > 0) { print "[url='events.php']Events ($ec)[/url] "; } else { print "[url='events.php']Events (0)[/url] "; } if($mc > 0) { print "[url='mailbox.php']Mailbox ($mc)[/url] "; } else { print "[url='mailbox.php']Mailbox (0)[/url] "; } if($ir['jail'] and !$ir['hospital']) { print "[url='gym.php']Jail Gym[/url] [url='hospital.php']Hospital ($hc)[/url] "; } else if (!$ir['hospital']) { print "[url='explore.php']Explore[/url] [url='gym.php']Gym[/url] [url='criminal.php']Missions[/url] [url='job.php']Your Rank[/url] [url='education.php']Training Courses[/url] [url='hospital.php']Hospital ($hc)[/url] [url='jail.php']Jail ($jc)[/url] "; } else { print "[url='jail.php']Jail ($jc)[/url] "; } print "[url='forums.php']Forums[/url] "; if($ir['new_announcements']) { print "[url='ann.php']Announcements ({$ir['new_announcements']})[/url] "; } else { print "[url='ann.php']Announcements (0)[/url] "; } print " [url='bank.php']Bank[/url] [url='newspaper.php']Newspaper[/url] [url='search.php']Search[/url] "; if ($ir['level'] >= 100) { print "<hr>[b]100 Club![/b] [url='100clubforum.php']Forum[/url] [url='100clubchat.php']Chat[/url] [url='100clubshop.php']Shop[/url] <hr>"; } if(!$ir['jail'] && $ir['gang']) { print "[url='yourgang.php']Your Squad[/url] "; } print "[url='viewuser.php?u={$r[']{$r['username']}[/url] ($la $unit) "; if($ir['donatordays']) { print "<hr /> [b]Donators Only[/b] [url='friendslist.php']Friends List[/url] [url='blacklist.php']Black List[/url] [url='assassinateuser.php']Assassinate User[/url]"; } print "<hr /> [url='preferences.php']Preferences[/url] [url='preport.php']Player Report[/url] [url='helptutorial.php']Help Tutorial[/url] [url='gamerules.php']Game Rules[/url] [url='viewuser.php?u={$ir[']My Profile[/url] [url='logout.php']Logout[/url] Time is now "; echo date ('F j, Y')." ".date('g:i:s a'); print "</td> </tr> <tr> <td>[img=bottom.png]</td> </tr> </table>"; ?>

Re: [Mccodes V2] Item Sell Update [Javascript!] Very nice Iam +1

Re: Newspaper Upgrade [Mccodes V2] Lol sorry mate , my prt sc button isn't working

Re: Newspaper Upgrade [Mccodes V2] Another error in staff news just a misspelt link ;) <?php //made by sniko //no re-selling include "sglobals.php"; if($ir['user_level'] > 2) { echo '<font color="#ff0000">[b]Error![/b]</font>'; $h->endpage(); exit; } $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : ""; switch($_GET['action']) { case "news": news(); break; case "confirm": confirm(); break; default: print "<font color='#ff0000'>[b]Error! This script requires an action.[/b]</font>"; break; } function news() { global $db, $ir, $c, $h, $userid; print "<h3>Altering Newspaper's Content</h3><hr /> <form action='staff_news.php?action=confirm' method='POST'> Newspaper's Content: <input type='text' name='news_TITLE' value='{$r['news_TITLE']}'> Newspaper's Subtitle: <input type='text' name='news_SUBTITLE' value='{$r['news_SUBTITLE']}'> Newspaper's Left Content: <input type='text' name='news_LEFT' value='{$r['news_LEFT']}'> Newspaper's Centered Content: <input type='text' name='news_CENTER' value='{$r['news_CENTER']}'> Newspaper's Right Content: <input type='text' name='news_RIGHT' value='{$r['news_RIGHT']}'> <input type='submit' value='Add'></form>"; } function confirm() { global $db, $ir, $c, $h, $userid; if($ir['user_level'] != 2) { die("403"); } $db->query("INSERT INTO `newspaper` VALUES ('', '{$_POST['news_TITLE']}', '{$_POST['news_SUBTITLE']}', '{$_POST['news_LEFT']}', '{$_POST['news_CENTER']}', '{$_POST['news_RIGHT']}')"); print "The newspaper has been updated!!."; stafflog_add("Updated newspaper"); } $h->endpage(); ?> Also i think tables are messed up on in newspaper for some reason it wont allow me to take a screeny so ill improvise lol the local paper ( job )(thecity)(home)(gym) [example ] [2nd example ] [3rd example ][eg...][eg...]

Re: Newspaper Upgrade [Mccodes V2] The two }'s at the end produced an error <?php //made by sniko include "globals.php"; print "<h3>The Local Newspaper</h3>"; $newsinfo = sprintf("SELECT news_TITLE,news_SUBTITLE,news_LEFT,news_CENTER,news_RIGHT FROM newspaper"); $getinfo = mysql_query($newsinfo); echo "<table background=#c0c0c0>"; echo "<tr>"; echo "<th>[url='job.php']Job[/url]</th>"; echo "<th>[url='explore.php']The City[/url]</font></th>"; echo "<th>[url='index.php']Home[/url]</font></th>"; echo "<th>[url='gym.php']Gym[/url]</th>"; echo "</tr>"; while ($info = mysql_fetch_array($getinfo)) { echo "<tr>"; echo "<td width=100%>".$info['news_TITLE']."</td><tr>"; echo "<td>".$info['news_SUBTITLE']."</td><tr>"; echo "<td valign='top'>".$info['news_LEFT']."</td>"; echo "<td valign='top'>".$info['news_CENTER']."</td>"; echo "<td valign='top'>".$info['news_RIGHT']."</td>"; echo "</tr>"; } echo "</table>"; $h->endpage(); ?> fixed it lol nice work sniko

Re: [MCCODES V2] User Holidays script Sounds like a good idea mate :wink:

Re: Dogdy bussines Haha thought pokemon went out of fashion a few years back