Karlos

Re: template engine MCCodes... Game Engine... Bullcrap... PHP & MySQL... No Security... Stay Away From It... :wink:

Re: How to use sprintf? Maybe Try This.. Add to global_func.php: function escape($escape) { $escape = htmlentities(mysql_real_escape_string(trim($escape))); return $escape; }   Put this where query is. <?php $BuyShop = sprintf( "INSERT INTO `usershops` (all field names your inserting into here like this, `usID`, `usUSER` etc) " . "VALUES ('' , ('%u') , '1' , ('%d'), ('%s') , ('%s'), '0' )" , $userid, abs(@intval($_POST['sl'])), escape($_POST['shopname']), escape($_POST['description']) ); $db->query($BuyShop); ?>

Re: [V2] Annoucements Upgrade!   Well At least some people can comment on how well people have done without the critism...As for Floydians annoucement mod i have never seen it so i don't have a clue about it. But thank you anyway..   Thought so :wink:

Re: [V2] Annoucements Upgrade!   Well no-one has a free version avaible like mine and also has a degree of security as 03laceys said and i post purely to give others a chance to have it, not to recieve critism...   Mines nothing special...I made it purely on how i wanted it to be and i did and i like it, and i know not all people will... Whats a mod with no-security?

Re: [V2] Annoucements Upgrade!  

I got bored and i decided to make a slightly better annoucements so you can have a title for the annoucments, urgency level (Low - Urgent), topic type (Wide Range) and posted by...I currently do not have no-screenshots but this is working on Cursed-Islands. If you have any suggestions please post how i could make it better and post bugs so i can fix them aswell. Edit 2 PHP File Add 1 SQL First replace you annoucments.php with this: <?php /* Advanced Annoucements Made By Karlos MCCodes V2 Made On: 11 Dec 2008 */ require_once (DIRNAME(__FILE__) . '/globals.php'); $AnnouceCount = $ir['new_announcements']; $Order = sprintf( "SELECT * FROM " . "`mod_announcements` " . "ORDER BY `annouce_ID` DESC" ); $Selected = $db->query ($Order); ?> <h3>Annoucements</h3> <table width='75%' cellspacing='0' border='1' class='table'> <tr> <th width='30%'> Staff Posted/Topic/Urgency </th> <th width='70%'> Announcement </th> </tr> <?php while($Info = $db->fetch_row($Selected)) { if($AnnouceCount > 0) { $AnnouceCount--; $NewInfo="?-?<font color='#FF000'>[b]New![/b]</font>"; } else { $NewInfo=""; } echo " <tr> <th colspan='2'> {$Info['annouce_NAME']}?-?".date('F j Y, g:i:s a', $Info['annouce_TIME']).$NewInfo." </th> </tr> <td> Topic: {$Info['annouce_TOPIC']} Urgency: {$Info['annouce_URGENCY']} Posted By: {$Info['annouce_POSTED']} </td> <td valign=top> ".nl2br($Info['annouce_TEXT'])." </td> </tr>"; } ?> </table> <?php if($ir['new_announcements']) { $NoAnnoucements = sprintf( "UPDATE `users` SET `new_announcements` = '0' WHERE (`userid` = %u) " , $userid); $db->query($NoAnnoucements); } $h->endpage(); ?> Save it. Open up staff.php and find. function announcements() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } if($_POST['text']) { $db->query("INSERT INTO announcements VALUES('{$_POST['text']}', unix_timestamp())"); $db->query("UPDATE users SET new_announcements=new_announcements+1"); print "Announcement added! > [url='staff.php']Back[/url]"; stafflog_add("Added a new announcement"); } else { print "Adding an announcement... Please try to make sure the announcement is concise and covers everything you want it to.<form action='staff.php?action=announce' method='post'> Announcement text: <textarea name='text' rows='10' cols='60'></textarea> <input type='submit' value='Add Announcement' /></form>"; } } And replace with: function announcements() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { echo '<font color="#FF0000>403 - Unauthorized Access</font>'; $h->endpage(); exit; } if($_POST['TITLE']) { if(strlen($_POST['TITLE']) < 5) { echo 'Sorry, the annoucement title is too short. [url="staff_annouce.php?addannouce"]Back[/url]'; $h->endpage(); exit; } $AddAnnouce = sprintf("INSERT INTO mod_announcements (`annouce_NAME`, `annouce_TEXT`, `annouce_TIME`, `annouce_URGENCY`, `annouce_TOPIC`, `annouce_POSTED`)VALUES ('{$_POST['TITLE']}', '{$_POST['TEXT']}', unix_timestamp(), '{$_POST['URGENCY']}', '{$_POST['TOPIC']}', '{$_POST['POSTED']}')"); $db->query ($AddAnnouce); $db->query("UPDATE users SET `new_announcements` = `new_announcements` + 1"); echo 'Announcement added! > [url="annoucements.php"]View It![/url]'; stafflog_add('Posted A New Annoucement'); $h->endpage(); exit; } else { echo 'Adding an announcement... Please try to make sure the announcement is concise and covers everything you want it to. <form action="staff.php?action=announce" method="post"> Announcement Title:<input type="text" name="TITLE"> Announcement Text: <textarea name="TEXT" rows="10" cols="60"></textarea> Announcement Urgency: <select name="URGENCY" type="dropdown"> <option value="No Ugency">No Ugency</option> <option value="Low">Low</option> <option value="Medium">Medium</option> <option value="High">High</option> <option value="Urgent">Urgent</option> </select> Announcement Topic: <select name="TOPIC" type="dropdown"> <option value="Updates">Updates</option> <option value="General News">General News</option> <option value="Fun">Fun</option> <option value="Warnings!">Warnings!</option> <option value="Design Info">Design Info</option> <option value="Edits">Edits</option> </select> <input type="hidden" name="POSTED" value="'.$ir['username'].'"> <input type="submit" value="Add Announcement!" /> </form>'; } } Save it. And finally add this SQL: DROP TABLE IF EXISTS `mod_announcements`; CREATE TABLE `mod_announcements` ( `annouce_ID` INT(11) NOT NULL auto_increment, `annouce_NAME` VARCHAR(255) NOT NULL DEFAULT '', `annouce_TEXT` TEXT NOT NULL, `annouce_TIME` INT(11) NOT NULL DEFAULT '0', `annouce_URGENCY` enum('No Ugency', 'Low', 'Medium', 'High', 'Urgent') NOT NULL DEFAULT 'No Ugency', `annouce_TOPIC` enum('Updates', 'General News', 'Design Info', 'Fun', 'Warnings!', 'Edits') NOT NULL DEFAULT 'General News', `annouce_POSTED` VARCHAR(255) NOT NULL DEFAULT '', PRIMARY KEY (`annouce_ID`) )ENGINE=MyISAM; And there you have it. Keep updated for add-ons.

Re: [mccode v2] Donator and Non-Donator Lottery maybe not adding the SQL :roll:

Re: [mccodes v2] Player Report   unix_timestamp() ? then you get a time aswell.

Re: [mccodes v2] Player Report   just do global_func.php :wink:

Re: [mccodes v2] Combined Gallery and Comment System [$40.00] This is well worth it..Trust me.. But im not buying it..

Re: How to use sprintf?   $userupdate = sprintf ( "UPDATE `users` SET `example` = `example` + ('%d') WHERE `userid` = ('%u')", 1 , $userid ); mysql_query($userupdate); No Need, Its Hard Coded...If you think about it...     But personally my answer would be... $UserUpdate = sprintf( "UPDATE `users` SET `example` = `example` + 1, WHERE (`userid` = %u)" , $userid); $db->query($UserUpdate);

Re: [mccode v2] Preferences No offence man but i was hoping atleast it was secured....

Re: Calling it a Day :) You shall be missed, hope you decide to come back soon... Merry Christmas.. Happy New Year... And.. Take Care! :)

Re: Organizations & Productions Why not do .zip files? Most if not all computers can extract them.

Re: Organizations & Productions   ALTER TABLE `users` ADD `orpg` INT ( 11 ) NOT NULL DEFAULT '0';

Re: One Big Code! ?> Karlos likes to <? require (mother.php);

Re: WWII Italy - 12 Japan - 21 Great Britain - 53 United States - 17 Soviet Union - 19 France - 18 :roll:

Re: [mccode v2] workin cyberbank   Hmmmm....   Completely unsecure..... :|   Maybe they should check through the code next time.... :-P

Re: [mccode V2] Rate User['s] Make sure you used the correct sql that matches the viewuser line....

Re: [mccode V2] bank interest CAP Nice and simple! :)

Re: [v2]workin cyberbank[v2] Hell no -.-

Re: [v2]workin cyberbank[v2] It because people have custom explores.......Your still using basic i guess :roll:

Re: [v2]workin cyberbank[v2] Wanna help me on mine :roll:   <?php include "globals.php"; include ("includes/sb.php"); if($ir['jail'] or $ir['hospital']) { echo '<font color=red>Error! Explore Is Not Accessible If You Are Either In Hospital Or Jail.</font>'; $h->endpage(); exit(); } $q=$db->query("SELECT u.*,c.* FROM users u LEFT JOIN cities c ON u.location=c.cityid WHERE u.userid=$userid"); $r=$db->fetch_row($q); ?> <link rel='stylesheet' type='text/css' href='style.css'> <h3>[b]You begin exploring <? echo sprintf("%s", $r['cityname']); ?>, and it inspires you to look around more.[/b]</h3> <table border="1" width="85%" class="table" cellspacing="0" cellpadding="2">   That is everything till line 15 :-P + I still son't think its a worthy post :)

Re: [v2]workin cyberbank[v2] Lmao :wink: +1 mate :-P

Re: [v2]workin cyberbank[v2] but HOW will people learn like this? (Notice i empthised the HOW) All you are doing is giving them a working script....Why not tell them how to fixed it....Or even better...Secure the god damn bank :|