Karlos

Re: Session_id() Question? Well thank you for the reply. I am also moving away from MC Codes and having ago at my own, where I also use tokens to prevent against CSRF. Would you recommend using session_id(); in my own scripts?

Re: [MC Codes V2] Protection ($1) Note: New price! From $5 to $1!

Re: Who is your fave bands on this list of a poll :-o Linkin Park (L)

Re: Best Band Out of them.. Slipknot.. Out of everyone.. Bon Jovi :-P

Re: FlameSpark - Test us now in BETA! It is indeed POG1.

Re: Crack the Safe True, I'm going to look into cookies though.. See if they are better to use. :-)

Re: Crack the Safe I wasn't really saying anything negative, I said they could of been coded better and provided an example...

Re: Crack the Safe   Haven't had a great look into cookies yet, I'll have a look later, thanks! :wink:   I gathered what POG1 was saying Alan.. I'm getting used to having a few files which do the logic for me, and returns me to a page where I display it. But you can't do that through a variable, however in this case, you can. :-P   How about you stop claiming other peoples work, you idiot. :lol:

Re: Crack the Safe I didn't think the coding on either one was great, so I recoded it, nothing is great... Just a quick recode so not the best it could be.. All credits go to carlg   <?php include_once ('globals.php'); echo '<h3>Guess The Code</h3>'; if ($ir['guess'] >= 10) { echo '<p style="color: #FF0000;">Error!</p><p style="color: #FF0000;">You have already attempted this 10 times.</p>'; die($h->endpage()); } if (isset($_POST['n1'])) { if (!ctype_digit($_POST['n1']) || !ctype_digit($_POST['n2']) || !ctype_digit($_POST['n3']) || !ctype_digit($_POST['n4'])) { $_SESSION['Error'] = 'You have inputted an invalid character.'; die(header('Location: guess.php')); } if (strlen($_POST['n1']) != 1 || strlen($_POST['n2']) != 1 || strlen($_POST['n3']) != 1 || strlen($_POST['n4']) != 1) { $_SESSION['Error'] = 'You number is an invalid one.'; die(header('Location: guess.php')); } $Join = $_POST['n1'] . $_POST['n2'] . $_POST['n3'] . $_POST['n4']; $Code = mt_rand(1000, 9999); //$Code = 1337; // Want the code to stay fixed? Add you code here. if ($Join == $Code) { $db->query("UPDATE `users` SET `money`=`money`+1200000 WHERE `userid`=".$userid); $db->query("UPDATE `users` SET `guess`=`guess`+1 WHERE `userid`=".$userid); $_SESSION['Success'] = 'Congrats! You success guessed the correct number!'; } else { $_SESSION['Error'] = 'Sorry, you guessed wrong, please try again.'; $db->query("UPDATE `users` SET `guess`=`guess`+1 WHERE `userid`=".$userid); } $db->query("SELECT `guess` FROM `users` WHERE `userid`=".$ir['userid']); if (isset($_SESSION['Success'])) { echo '<p style="color: #0D961F;">',$_SESSION['Success'],'</p>'; unset($_SESSION['Success']); } if (isset($_SESSION['Error'])) { echo '<p style="color: #FF0000;">',$_SESSION['Error'],'</p>'; unset($_SESSION['Error']); } echo 'Do you thing you are lucky enough to guess this code. If you guess the code correctly you shall win $1,200,000 dollars just for guessing 4 numbers correctly! You have used ',$ir['guess'],' of 10 guesses <form action="guess.php" method="post">'; foreach (array('n1', 'n2', 'n3', 'n4') as $Name) { echo '<select name="',$Name,'">'; for ($i=1; $i<10; ++$i) { echo '<option value="',$i,'">',$i,'</option>'; } echo '</select>'; } echo '<input type="submit" value="Submit" /> </form>'; $h->endpage(); ?>   Sql: UPDATE `users` SET `guess` TINYINT(1) UNSIGNED NOT NULL DEFAULT 0;   Cron: $db->query("UPDATE `users` SET `guess`=0 WHERE `guess`>0");

Re: Crack the Safe I believe someone has already made this mod... :| Edit: I guess I was correct.. ^_^ http://criminalexistence.com/ceforums/i ... ic=17350.0

Re: [V2] Saved Events Isn't UNION() used for SELECT queries only?

Re: [MC Codes V2] Captcha ($1) Sold Out!

Re: [MC Codes V2] Captcha ($1) Copies Left: 1

Re: [MCCODES V2] File Creator and Editor ingame Note: This is not a flame, just personal opinion. I personally feel this mod is a bad idea, just think.. If they get hold of it, they can do serious damage to your site. Also you annoy one of your coders, and he decides to turn against you? Your quite literally fuxed. Why not give them a limited ftp account? :roll: Anyway.. Here's a couple of ideas.. Make it accessible to only a few admins, not all?   if (!in_array($ir['userid'], array(1, 2, 3))) { echo '<p style="color: #FF0000;">Error, invalid user id.</p>'; die(headers::endpage()); }   Make them have to enter a special pass before they can access the add/edit/delete screen..   $Pass = 'AccessMe'; if (isset($_POST['Pass'])) { if ($_POST['Pass'] != $Pass) { echo '<p style="color: #FF0000;">Error, invalid password.</p>'; die(headers::endpage()); } die(header('Location: file_location.php')); } else { // Form Here.. }

Re: PHP Question   I got to a new place! Upstairs and a brand new comfortable chair :wink:

Re: Total Time Logged In! Total time logged in: 19 days, 18 hours and 33 minutes.

Basically, I give each user a different session_id() when they login, and regenerates every 15 mins. However, I was wondering if I could use session_id() as a security measure. I'm not entirely sure if this is a good way to use it, or if i'm using some bits which aren't needed at all, or am I doing it the wrong way?   // Function whichs uses session_id() function Delete() { global $db, $ir; // $db = Database class || $ir = query for getting users info. if (isset($_GET['Id'], $_GET['Auth'])) { if ($_GET['Id'] && $_GET['Auth'] == session_id() && session_id() == $ir['sId']) { $db->query("DELETE FROM `events` WHERE `evID`=".$_GET['Id']." AND `evUSER`=".$ir['userid']); $_SESSION['dResult'] = 'Event Deleted'; } else { Error('An error occured while deleting the selected event.'); } } else { Error('An error occured.'); } } // Link to function. echo '[url="events.php?act=Delete&Id=',$r['evID'],'&Auth=',session_id(),'"]Delete[/url] ';

Re: Database class for PHP 5+ and MySQL (Help)   public function __destruct() { $this->ConnectStatus = false; return mysql_close($this->Connect); }   If I got it right? Should be, never used it though :-P

Re: Database class for PHP 5+ and MySQL (Help) How ever, that is a valid point, but if you filter the data which in inputed, before entering it into the database, I would personally make sure it's a whole number :-)

Well I a total noice when it comes to OOP, so I was wondering if anyone could give me any tips, idea's or constructive critism. <?php if (!defined('Access')) { die('Forbidden Access.'); } Class Database { protected $Connect, $ConnectStatus = false; public $TotalQueries, $Affected = null; public function __construct($Host, $User, $Pass, $Database) { $this->Connect = @mysql_connect($Host, $User, $Pass); if (!is_resource($this->Connect)) { $this->ConnectStatus = false; die('Cannot Connect To The MySQL Server.'); } else if (!@mysql_select_db($Database, $this->Connect)) { mysql_close($this->Connect); $this->ConnectStatus = false; die('Cannot Select The Defined MySQL Database.'); } else { $this->ConnectStatus = true; } } public function isConnected() { return $this->ConnectStatus; } public function doEscape($Var) { if (get_magic_quotes_gpc()) { $Var = stripslashes($Var); } return mysql_real_escape_string($Var, $this->Connect); } public function doQuery($Sql) { $Query = @mysql_query($Sql, $this->Connect); if ($Query === false) { return $this->raiseError(); } ++$this->TotalQueries; $this->Affected = @mysql_affected_rows($this->Connect); return $Query; } public function affectedRows() { return mysql_affected_rows($this->Connect); } public function numRows($Sql){ return mysql_num_rows($Sql); } public function insertId() { return mysql_insert_id($this->Connect); } public function doDisconnect() { $this->ConnectStatus = false; return mysql_close($this->Connect); } } ?>

Re: Fatal error: Cannot redeclare andyyt_2005 Can you add me on msn please: [email protected]

Re: FlameSpark - Test us now in BETA! Same... In firefox 3.5 you have to use custom privacy settings.. :-)

Re: Attempted css mod.   Should always be done, no matter the conditions.

Re: Advanced Bug Report System He changed the file names, links and the sql basically.. Oh, and a few words.

Re: Advanced Bug Report System What happened to not giving me credit? As they were my codes -.-