furn355

It was too my understanding, if someone is using say : include "globals.php"; I could make a text file which included the insides of global.php on another server which would also contain a function of some variety to achieve my means, then run something like : http://domain/index.php?page=http://domain2/code.txt where his script would then run? :S No?

Okay so the rumour is include () is not secure. What are the alternatives I should be using? and why?

Sounds very interesting mate. Can't wait too see it.

  Post apocolyptic. just thinking of a mod for the community. Pm sent with some game details if you want too check it out.

Rework a decent fishing mod maybe, something that involves, rods, lines, reels and baits all as variables in catching fish

Open up your config.php file, There is a long code at the bottom you will need this.

Open up PHPMYADMIN Find the table `gangwars` & count the columns in it. Your trying to insert 4 fields, 4 is either too many or too few, edit accordingly.

Fixed thanks to djkanna :thumbsup: :thumbsup: :thumbsup:

Fixed.

Thanks for the help :thumbsup:

I was deleting it and replacing it with a new item (but same ID) What would you suggest I do for the fix?

OKay so i created a new item system for my game and im having a bit of trouble with the staff edit item function: I am getting this error: QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Query was DELETE FROM items WHERE itmid= And i dont understand why it is not picking up the ID, any help would be appreciated :)   function edit_item_begin() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 2) { die("403"); } print "<h3>Editing Item</h3> <h2>WARNING! Do not edit any of the edibles!!!</h2> You can edit any aspect of this item. <form action='staff_items.php?action=edititemform' method='post'> Item: ".item_dropdown($c,'item')." <input type='submit' value='Edit Item' /></form>"; } function edit_item_form() { global $db,$ir,$c,$h; if($ir['user_level'] > 2) { die("403"); } $d=$db->query("SELECT * FROM items WHERE itmid={$_POST['item']}"); $itemi=$db->fetch_row($d); print "<h3>Editing Item</h3> <form action='staff_items.php?action=edititemsub' method='post'> Item Name: <input type='text' name='itmname' value='' /> Item Desc.: <input type='text' name='itmdesc' value='' /> Item Type: ".itemtype_dropdown($c,'itmtype')." Item Buyable: <input type='checkbox' name='itmbuyable' checked='checked' /> Item Price: <input type='text' name='itmbuyprice' /> Item Sell Value: <input type='text' name='itmsellprice' /> <hr /> [b]Stat Boosts[/b]<hr /> Item Strength Boost: <input type='text' name='strength_boost' value='0' /> Item Defense Boost:<input type='text' name='defense_boost' value ='0' /> Item Speed Boost:<input type='text' name='speed_boost' value ='0' /> Items Image: (*include full location. /images/pichere.jpg)<input type='text' name='itmpic' value='' /><hr /> <input type='submit' value='Edit Item' /></form>"; } function edit_item_sub() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 2) { die("403"); } if(!isset($_POST['itmname']) || !isset($_POST['itmdesc']) || !isset($_POST['itmtype']) || !isset($_POST['itmbuyprice']) || !isset($_POST['itmsellprice'])) { print "You missed one or more of the fields. Please go back and try again. [url='staff_items.php?action=edititem']> Back[/url]"; $h->endpage(); exit; } $itmname=$_POST['itmname']; $itmdesc=$_POST['itmdesc']; $itmname=$db->escape($_POST['itmname']); $itmdesc=$db->escape($_POST['itmdesc']); $speed_boost=$db->escape($_POST['speed_boost']); $defense_boost=$db->escape($_POST['defense_boost']); $strength_boost=$db->escape($_POST['strength_boost']); if($_POST['itmbuyable'] == 'on') { $itmbuy=1; } else { $itmbuy=0; } $db->query("DELETE FROM items WHERE itmid={$_POST['itmid']}",$c); $m=$db->query("INSERT INTO items VALUES('{$_POST['itmid']}',,{$_POST['itmtype']},'$itmname','$itmdesc',{$_POST['itmbuyprice']},{$_POST['itmsellprice']},'($itmbuy ? $itmbuy : 0)','$speed_boost','$defense_boost','$strength_boost','{$_POST['itmpic']}','0','0','0','0','0','0')"); print "The {$_POST['itmname']} Item was edited successfully."; stafflog_add("Edited item {$_POST['itmname']}"); }

look in your config.php file =] The curl code is within.

I wrote it out again demonstrating how to search for NPC's.

Skip that.

So i'm still learning my way around queries and the such. I created something that works for my new attack system. Only thing is its about 50 lines when it could probably be 4 :P Any help optimizing would be greatly appreciated!! Thanks in advance so the code:   // I use this to get each of the equipped items data! $attkweapon = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_primary']})"); $wep = mysql_fetch_array($attkweapon); $attkarmor = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_armor']})"); $arm = mysql_fetch_array($attkarmor); $attkoffhand = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_offhand']})"); $off = mysql_fetch_array($attkoffhand); $attkhead = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_head']})"); $head = mysql_fetch_array($attkhead); $attkmedal = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_medal']})"); $med = mysql_fetch_array($attkmedal); $attkattachment = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_attachment']})"); $att = mysql_fetch_array($attkattachment); $attklegs = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_legs']})"); $leg = mysql_fetch_array($attklegs); $attkfeet = $db->query("SELECT i.* FROM items i WHERE i.itmid IN({$ir['equip_feet']})"); $feet = mysql_fetch_array($attkfeet);   AND i print it out like this for now The item name: the strength, defense and speed boosts. (all to be rearranged once the code is optimized!)   ".$wep['itmname']." ".$wep['strength_boost']." ".$wep['defense_boost']." ".$wep['speed_boost']." ".$arm['itmname']." ".$arm['strength_boost']." ".$arm['defense_boost']." ".$arm['speed_boost']." ".$off['itmname']." ".$off['strength_boost']." ".$off['defense_boost']." ".$off['speed_boost']." ".$head['itmname']." ".$head['strength_boost']." ".$head['defense_boost']." ".$head['speed_boost']." ".$med['itmname']." ".$med['strength_boost']." ".$med['defense_boost']." ".$med['speed_boost']." ".$att['itmname']." ".$att['strength_boost']." ".$att['defense_boost']." ".$att['speed_boost']." ".$leg['itmname']." ".$leg['strength_boost']." ".$leg['defense_boost']." ".$leg['speed_boost']." ".$feet['itmname']." ".$feet['strength_boost']." ".$feet['defense_boost']." ".$feet['speed_boost']."   ALso if $wep['itmname'] was == 0 How would i get it to print out "fists"

-- Thanks everyone who has sent me a pm or added me, i have now got several coders all coming up with a price/ waiting for my feedback. I will update you all as soon as my decision has been made.No more applicants please --         Hi i was wondering if any of you was interested in some paid work, i have mailed some people in person already. I have a game based off the mccodes v2 script, and i need some fixes and minor edits of existing code to be done. I would like to do it on time work, i.e i pay you per hour, but if its easier for you to do it price work ( i tell you what i want you give me the price) that works just aswell. Money is not an issue, im willing to pay. ANd one mod i have an idea im expecting it to head into triple figures :) Get back to me on the email address ([email protected]) , or add me on msn, the latter being prefferable. Don't be offended if i ask for links to mods/work already carried out, it's just i havent noticed you as much around the mccodes forums. thanks Dev

Re: [v2] New Header Dude still teh Smenu doesnt work properly, i followed it to a T withmy custom header (same files just different pictures) and still the smenu isnt working I ran it on the uneditted original mccodes v2 and still teh smenu wasnt working properly Anyone have a fix?

Re: secure what have you done to secure the variables? Is it a question of "is this script secure" or i haven't really checked this script " can someone secure it for me?"

Re: [v2] New Header @Cod Phoenix Could you pm me and send me more details on it as i'm having a similar problem all the others in this thread described with my custom header

I want a certain aspects of a mod im working on to be only available to users ID 1 and 2 I tried   if($_GET['activate'] && $userid == 1&2) But it just removes the options completely for user id 1. i know if($_GET['activate'] && $userid == 1) works but i would like it so id 2 can see said aspects aswell. ANy help is much appreciated

Re: Attempted css mod. Okay i got the two user bits all sorted hopefully. Just need help with the admin panel now :mrgreen:

Re: Attempted css mod. This thread was more for the css than the security im a bit better of with that than i am with css

Re: Attempted css mod. Security comes last whilst its on a closed server with only me having access to it. i want to get everything running, i will then do my best to secure it, including the aboves Ask a couple of people to have a look around see if they can find any exploits and if they do, get back to the drawing board. And thanks for that link it has been bookmarked,

Re: Attempted css mod. Lol dont worry about that for the minute, the game is on a closed server, finishing things like that is what im doing at the end, so any ideas what the hell is up with my css? I cant see it :-(