Faz`

Re: mailbox.php now paying you if you can fix if($ir['noob']) { print "I R NOOB!"; }

Re: Help with auto ipn Sorry to rain on everyone parade but I bought this mod and it worked a treat. There was a bug which informed Cronus of via IM and sent me a fixed copy straight away.

Re: Looking for template May I add I have a high budget. The max is $200. I will only pay that if you have a reputation and your work is exceptional. No stupid offers. Thanks.

Re: Looking for template I can't quite see it? lol.

Re: Looking for template Still no enquiries? I kind of need one, you MUST have examples of previous work. I just don't seem comfortable in paying someone who's never made a template before. Thanks.

Re: Xampp and Mccodes? Yeah, I think you might need to download the latest version of MySQL and PHP, not too sure though.

Re: [mccode v2] Estate Recode May I ask Blue, how far have you come into recoding every file? :P

Re: Donator Gym V2 Lol, just change some of the formulas around, or make some of your own. If you need help with formulas, give me a buzz, I'm pretty good at making a few :)

Re: Cock Fight [$10] You could always convert...

Re: [McCodes v2] 100 Club! Lol no offence, but to be honest I think ANYONE could do that...

Re: [mccode v2] Inventory Recode I am pretty fond of mono district, yes you heard right lol.

Re: Crons I guess the standard one would do. Put the curl www.blah.com/blah in the link area. Then, click what you want and when you want to run it. The standard is really easy to understand.

Re: Crons Woah, why do you have all of those? Wouldn't it be better to have a minute, hour, day and week cron maybe? Go on to the advanced option, then put the curl *link* in. The 5 boxes on the left are where you put numbers, which are displayed before the link. Hope that made sense lol.

Re: Usless comments in threads need to go bye bye You talking to me? I can't see where I used "useless" lol. Maybe you touching people is a good thing, or is it?..

Re: Usless comments in threads need to go bye bye A solution to all our problems would be put Cronus in a cage, then he can stop touching everyone and the world would live in peace and harmony.

Re: Magazine Cover I like it, and the prodigy kick ass!

At times I get very bored, and can't think of any mods, so if you have any you would like making, post up your ideas here. I am not advanced, I wouldn't even call myself intermediate, I'm simply a n00b. But I try, and if I can't do it try harder, so if you have any suggestions, simply add them to this topic, I would be more than happy to try and make them for you.

Re: How to secure a few things! Lol thanks a lot. I guess many more people can learn now, I think they are pretty easy to follow (I know, I'm so modest aren't I? :P) so people can do a bit themselves. Which was the whole purpose of it really :)

Re: How to secure a few things! Lol, this topic is an epic fail i guess. Oh well, at least I tried :P

Re: How to secure a few things! Ah I see, thanks a lot for that, its helped me and will help a lot of people also. Thanks a lot for that!

Right, people are constantly complaining on why their game gets hacked and stuff. So, yesterday, I decided to take a look at security for the first time, and with a bit of help from Anthony (Magictallguy) I think I'm beginning to understand it. Now if I can learn a bit of stuff in one day (3 hours to be precise) then I'm sure anyone else that's learning can too! So, here goes. (I'm not too good at explaining stuff but I'm giving it a go!) Securing Inputs: Now, securing inputs is vital. People can get access to valuable information if you aren't careful. So this is how I would go about it. Take for example $_GET['faz']. Now that on its own can be injected. So take the following steps. If $_GET['faz'] is to be a number, you would secure it by doing this. $_GET['faz'] = abs(@intval($_GET['faz'])); I would add that at the top of the file or in a function if its only on it once. If it was to be a string, I would go about doing it like this: $_GET['faz'] = stripslashes(htmlspecialchars($_GET['faz'])); You would use stripslashes and mysql_real_escape_string because its $_GET, not $_POST which will be explained later on in the post. Now, to secure $_POST you would go about doing it like this: $_POST['faz'] = mysql_real_escape_string(htmlentities($_POST['faz'])); Note I used htmlentities and htmlspecialchars, they both do the same thing, its just up to personal preference, I use htmlentities as I like the word entities and I tend to remember that over htmlspecialchars lol. If $_POST[faz'] is a number, you would do the same as you did with $_GET, as you want it to be a number. $_POST['faz'] = abs(@intval($_POST['faz'])); Now that would make sure it is a number, and I would say it is secure (some advanced programmers may disagree, but hey, I'm a noob and have only been doing this properly for about 2 months now.) Now that is secure, we would look at securing a few queries. I would use sprintf() although it is debatable. Take this query for example: $db->query("SELECT * FROM users WHERE userid = $_GET['faz']"); That could be potentially harmful, if its used in a vital location, so you would secure it, using sprintf(). I would go about doing it like this: $query = sprintf("SELECT * FROM users WHERE (userid = %u)", $_GET['faz']); $db->query($query); You may be wondering what has happened to the userid, but I replaced it with %u, and at the end of the query, use a comma, and put the value there. %d is a signed integer %u is an unsigned integer If you want to know a bit more about those two refer to: http://dev.mysql.com/doc/refman/5.0/en/ ... types.html As you see, in the query appeared $_GET['faz'] but above we secured it, so it is safe from harmful people with nothing better to do. That is when securing $_GET and $_POST and a query. If you want to secure a another type of query used in mccodes, we would go about doing it like this. ("UPDATE users SET money=money-$loss WHERE userid=$userid"); That is insecure, and can be fiddled around with. So we'd sprintf() it, and go about doing it like this. $sprintf = sprintf("UPDATE `users` SET `money` = `money` - %d WHERE (`userid` = $userid)", abs(@intval($loss))); $db->query($sprintf); I would say that is secure, as I said, I'm not too good at explaining, but I tried my best. This is just a guide for some people, I'm sorry if there are any mistakes, errors or typos. As I said, I'm just new so go easy on me. I hope this helps a few people, that is the aim of this topic. Thanks.

Re: hosp time Why the hell would someone pay crystals to increase their hosp time?

Re: [mccode v2] Inventory Recode Anything with recode next to it, expect it to be Bluedevil23's :) I told him that too, but he said he ain't got the time unfortunately.

Re: MCcodes 2.5 - Mono District Although I hate to say it, I quite like the layout, and the users online bit of the game is phenomenal.

Re: help Hmm I dunno, can the gang respect be displayed as a decimal?