DissObey

Re: Injection attempt. I know, but a player should never be able to use the ip 127.0.0.1 right?

Re: Injection attempt. Thanks for the help, i have altered the files, and will go through the threads. Is it safe to assume all users with ip 127.0.0.1 have attempted to inject or an error registering ips?

Ok, so im viewing a users profile to welcome them to the game and come across this for their internet info. Internet Info IP Hostname Last Hit 127.0.0.1', money='2 N/A Last Login 127.0.0.1', turns='2000000000 N/A Signup 127.0.0.1', turns='2000000000 N/A It looks like they have tried to cheat, just wondering if theres anything i can add to my register page to make it a little more secure.

Re: Cock Fight [$20] Looks like a nice mod, haven't fully tested it yet but one thing you might want to fix is you can battle your own cock.

Re: [mccode v2] Humans vs. Zombies EVENT mod The finish event function works fine, but you might want to change the ASC to DESC otherwise it will give prizes to the zombies with the least number of bites.

Re: [mccode v2] Humans vs. Zombies EVENT mod In register.php add this after if($_POST['ref']) { $q=$db->query("SELECT * FROM users WHERE userid={$_POST['ref']}"); $r=$db->fetch_row($q); }   $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($hvz['hvz'] ==1) { $zom=1; } else { $zom=0; }   still in register.php find the query that inserts the user add to the query   , humanorzombie   , $zom   create a new file and call it hvzlist.php <?php include "globals.php"; $_GET['st'] = abs((int) $_GET['st']); $st=($_GET['st']) ? $_GET['st'] : 0; $by=($_GET['by']) ? $_GET['by'] : 'userid'; $ord=($_GET['ord']) ? $_GET['ord'] : 'ASC'; print "<h3>Survivors List</h3>"; $cnt=mysql_query("SELECT userid, humanorzombie FROM users WHERE humanorzombie=0",$c); $membs=mysql_num_rows($cnt); $pages=(int) ($membs/50)+1; if($membs % 100 == 0) { $pages--; } print "Pages: "; for($i=1;$i<=$pages;$i++) { $pst=($i-1)*50; print "<a href='hvzlist.php?st=$pst&by=$by&ord=$ord'>"; if($pst == $st) { print "<font color='#33cc33'>"; } print $i; if($pst == $st) { print "</font>"; } print "</a> "; if($i % 25 == 0) { print " "; } } print " Order By: [url='hvzlist.php?st=$st&by=userid&ord=$ord']User ID[/url] | [url='hvzlist.php?st=$st&by=username&ord=$ord']Username[/url] | [url='hvzlist.php?st=$st&by=level&ord=$ord']Level[/url] | [url='hvzlist.php?st=$st&by=money&ord=$ord']Money[/url] [url='hvzlist.php?st=$st&by=$by&ord=asc']Ascending[/url] | [url='hvzlist.php?st=$st&by=$by&ord=desc']Descending[/url] "; $q=$db->query("SELECT u.*,g.* FROM users u LEFT JOIN gangs g ON u.gang=g.gangID WHERE u.humanorzombie=0 ORDER BY $by $ord LIMIT $st,50"); $no1=$st+1; $no2=$st+50; print "Showing users $no1 to $no2 by order of $by $ord. <table width=75% cellspacing=1 class='table'><tr style='background:gray'><th>ID</th><th>Name</th><th>Money</th><th>Level</th><th>Online</th><th>Hospital?</th><th>Jail?</th></tr>"; while($r=$db->fetch_row($q)) { $d=""; if($r['donatordays']) { $r['username'] = "<font color='".$r['name_color']."'>".$r['username']."</font>";$d="[img=/Images/donator.gif]"; } print "<tr><td>{$r['userid']}</td><td>[url='viewuser.php?u={$r[']{$r['gangPREF']} {$r['username']} $d[/url]</td><td>\${$r['money']}</td><td>{$r['level']}</td><td>"; if($r['laston'] >= time()-15*60) { print "<font color=#33cc33>[b]Online[/b]</font>"; } else { print "<font color=red>[b]Offline[/b]</font>"; } print "</td><td>"; if($r['hospital'] >= 1) { print "<font color=red>[b]Yes[/b]</font>"; } else { print "<font color=#33cc33>[b]No[/b]</font>"; } print "</td><td>"; if($r['jail'] >= 1) { print "<font color=red>[b]Yes[/b]</font>"; } else { print "<font color=#33cc33>[b]No[/b]</font>"; } print "</td></tr>"; } print "</table>"; $h->endpage(); ?>   hvzlist only shows the surviving humans, for my game i decided to use the hall of fame to show the top zombies. create a new file named hvzadmin.php and add <?php include "sglobals.php"; switch($_GET['action']) { case 'edituser': edit_user_begin(); break; case 'edituserform': edit_user_form(); break; case 'editusersub': edit_user_sub(); break; case 'hvz': hvz_settings(); break; default: print "Error: This script requires an action."; break; } function edit_user_begin() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } print "<h3>Editing User Zombie Status</h3> You can edit any aspect of this user. <form action='hvzadmin.php?action=edituserform' method='post'> User: ".user_dropdown($c,'user')." <input type='submit' value='Edit User' /></form> OR enter a user ID to edit: <form action='hvzadmin.php?action=edituserform' method='post'> User: <input type='text' name='user' value='0' /> <input type='submit' value='Edit User' /></form>"; } function edit_user_form() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } $d=$db->query("SELECT * FROM users WHERE userid={$_POST['user']}"); $itemi=$db->fetch_row($d); print "<h3>Editing User {$itemi['username']}</h3> <form action='hvzadmin.php?action=editusersub' method='post'> <input type='hidden' name='userid' value='{$_POST['user']}' /> Zombie Bites: <input type='text' name='zombiekills' value='{$itemi['zombiekills']}' /> Type: <select name='humanorzombie' type=dropdown><option value='0'>Human</option><option value='1'>Zombie</option>"; print "</select> <input type='submit' value='Edit User' /></form>"; } function edit_user_sub() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } $go=0; if(!isset($_POST['humanorzombie'])) { $go=1; } if(!isset($_POST['zombiekills'])) { $go=1; } if($go) { print "You did not fully fill out the form."; $_POST['user']=$_POST['userid']; edit_user_form(); } else { $_POST['zombiekills']=abs((int) $_POST['zombiekills']); $_POST['humanorzombie']=abs((int) $_POST['humanorzombie']); $oq=$db->query("SELECT * FROM users WHERE userid={$_POST['userid']}"); $rm=$db->fetch_row($oq); if ($rm['humanorzombie'] ==0 && $_POST['humanorzombie'] ==1) { $db->query("UPDATE hvzstats SET totzombies=totzombies+1"); } if ($rm['humanorzombie'] ==1 && $_POST['humanorzombie'] ==0) { $db->query("UPDATE hvzstats SET totzombies=totzombies-1"); } $db->query("UPDATE users SET zombiekills='{$_POST['zombiekills']}', humanorzombie={$_POST['humanorzombie']} WHERE userid={$_POST['userid']}"); stafflog_add("Edited user {$_POST['username']} zombie status"); print "Edited user zombie status"; } } function hvz_settings() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_GET['status'] = abs((int) $_GET['status']); if($_GET['status'] == '1') { $db->query("UPDATE hvzstats SET totzombies=0, hvz=1"); stafflog_add("Started Zombie Event."); echo "Zombie event started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } else if($_GET['status'] == '0') { $db->query("UPDATE users SET humanorzombie=0, zombiekills=0 WHERE humanorzombie=1 || zombiekills>0"); $db->query("UPDATE hvzstats SET totzombies=0, hvz=0"); stafflog_add("Stopped Zombie Event."); echo "The zombie event has been started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } } $h->endpage(); ?>   If you already have done the previous staff edits then remove the function and case/break from staff.php. I moved it onto it's own file to keep the staff options together. The edit user option is a simple cut down version of the staff_users feature, you can change the users "type" and also their zombie kills. If you want staff to be able to see what status a player is on their profile page open viewuser.php and add where you want it to display $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($ir['user_level'] > 1) { if($hvz['hvz'] ==1) { if($r['humanorzombie'] == 1) { $zomb="<font color='red'>Zombie</font>"; } if($r['humanorzombie'] == 0) { $zomb="<font color='#33CC33'>Human</font>"; } print "Status: $zomb "; } }   heh i even got thinking that if your a zombie instead of viewing your mails or forum posts content all you would see was "BRAINSSS!!!!!!!!!" or something like that until the event is over. i haven't done the end event feature yet because another tables needs to be added which holds the settings like how many players to reward for each "side", and what the reward type would be, money, crystals, or item. Won't be that hard, perhaps rip apart the staff_crime file and customise it for hvz event. I even went so far as to make a whole new theme for the event, if your using illusions theme changer mod you can add a little code that checks if the player is a zombie, if so update to the zombie theme, and on the hvzadmin.php page find the stop event and update everyone back to the regular theme when the event is closed. open smenu.php and if you added the last code for the zombie settings remove it, instead add this anywhere you want it to appear. <hr /> <font color=#33CC33>[b]Zombie Event[/b]</font> > [url='hvzadmin.php?action=hvz&status=1']Start Zombie Event[/url] > [url='hvzadmin.php?action=hvz&status=0']Stop Zombie Event[/url] > [url='hvzadmin.php?action=edituser']Edit Zombie Status[/url]

Re: [mccode v2] Humans vs. Zombies EVENT mod Interesting idea, shouldn't be too difficult to rustle something up. Edit attack.php where the options are add this if ($ir['humanorzombie'] == 1) { echo '<form action="attackbite.php?ID='.$_GET['ID'].'" method="post"><input type="submit" value="Bite Them" /></form>'; }   add this to a file calle attackbite.php <?php $atkpage=1; include "globals.php"; $_GET['ID']=abs((int) $_GET['ID']); $_SESSION['attacking']=0; $ir['attacking']=0; $db->query("UPDATE users SET attacking=0 WHERE userid=$userid"); $od=$db->query("SELECT * FROM users WHERE userid={$_GET['ID']}"); if($_SESSION['attackwon'] != $_GET['ID']) { print "Cheaters don't get anywhere."; $h->endpage(); exit; } if($db->num_rows($od)) { $r=$db->fetch_row($od); $gq=$db->query("SELECT * FROM gangs WHERE gangID={$r['gang']}"); $ga=$db->fetch_row($gq); if($r['hp'] == 1) { print "What a cheater u are."; } else { print "You bite {$r['username']} "; $qe=$r['level']*$r['level']*$r['level']; $expgain1=rand($qe/4,$qe/2); $expgain=$expgain1/2; $expperc=(int) ($expgain/$ir['exp_needed']*100); print "and gain $expperc% EXP! You take a huge chunk out of {$r['username']}'s left arm. You watch as they turn moaning 'BRAINSSSSSSSSS!!' once the transformation is complete."; $hosptime=rand(10,20); $db->query("UPDATE users SET zombiekills=zombiekills+1, exp=exp+$expgain, attacking=0 WHERE userid=$userid"); if ($r['humanorzombie'] ==0) { $db->query("UPDATE hvzstats SET totzombies=totzombies+1"); } $db->query("UPDATE users SET humanorzombie=1, hp=1, hospital=$hosptime, hospreason='Turned in a zombie by <a href=\'viewuser.php?u={$userid}\'>{$ir['username']}</a>' WHERE userid={$r['userid']}"); event_add($r['userid'],"[url='viewuser.php?u=$userid']{$ir['username']}[/url] bit you and turned you into a zombie.",$c,'combat'); $atklog=mysql_escape_string($_SESSION['attacklog']); $db->query("INSERT INTO attacklogs VALUES('',$userid,{$_GET['ID']},'won',unix_timestamp(),-2,'$atklog');"); $_SESSION['attackwon']=0; $warq=$db->query("SELECT * FROM gangwars WHERE (warDECLARER={$ir['gang']} AND warDECLARED={$r['gang']}) OR (warDECLARED={$ir['gang']} AND warDECLARER={$r['gang']})"); if ($db->num_rows($warq) > 0) { $war=$db->fetch_row($warq); $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT-1 WHERE gangID={$r['gang']}"); $ga['gangRESPECT']-=1; $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT+1 WHERE gangID={$ir['gang']}"); print " You earnt 1 respect for your gang!"; } //Gang Kill if ($ga['gangRESPECT']<=0 && $r['gang']) { $db->query("UPDATE users SET gang=0 WHERE gang={$r['gang']}"); $db->query("DELETE FROM gangs WHERE gangRESPECT<='0'"); $db->query("DELETE FROM gangwars WHERE warDECLARER={$ga['gangID']} or warDECLARED={$ga['gangID']}"); } //BOT Kill $npcs=array(); if($r['user_level']==0) { $q=$db->query("SELECT * FROM challengebots WHERE cb_npcid={$r['userid']}"); if ($db->num_rows($q)) { $cb=$db->fetch_row($q); $qk=$db->query("SELECT * FROM challengesbeaten WHERE userid=$userid AND npcid={$r['userid']}"); if(!$db->num_rows($qk)) { $m=$cb['cb_money']; $db->query("UPDATE users SET money=money+$m WHERE userid=$userid"); print " You gained \$$m for biting the challenge bot {$r['username']}"; $db->query("INSERT INTO challengesbeaten VALUES($userid, {$r['userid']})"); } } } } } else { print "You beat Mr. non-existant!"; } $h->endpage(); ?>   open up smenu.php and add this where you want > [url='staff.php?action=hvz&status=1']Start Zombie Event[/url] > [url='staff.php?action=hvz&status=0']Stop Zombie Event[/url]   open staff.php add the case/break under the other case/breaks, and the function at the very bottom of the page above the $h->endpage();   case 'hvz': hvz_settings(); break;   function hvz_settings() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_GET['status'] = abs((int) $_GET['status']); if($_GET['status'] == '1') { $db->query("UPDATE hvzstats SET totzombies=0, hvz=1"); stafflog_add("Started Zombie Event."); echo "Zombie event started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } else if($_GET['status'] == '0') { $db->query("UPDATE users SET humanorzombie=0, zombiekills=0 WHERE humanorzombie=1 || zombiekills>0"); $db->query("UPDATE hvzstats SET totzombies=0, hvz=0"); stafflog_add("Stopped Zombie Event."); echo "The zombie event has been started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } }   Add this to the top of the explore page $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($hvz['hvz'] ==1 && $ir['humanorzombie'] ==0) { if($hvz['totzombies'] < 10) { $randzomb=(int) rand(1,1); $randthaught=(int) rand(1,5); if($randthaught == 1) { $thaught="Did i leave the oven on?"; } else if($randthaught == 2) { $thaught="I wonder what my gravestone will read.."; } else if($randthaught == 3) { $thaught="I'm too young to die!! Can't somebody help me?!?!?!"; } else if($randthaught == 4) { $thaught="MMM Brains..."; } else if($randthaught == 5) { $thaught="Time to visit my ex... >:]"; } if($randzomb == 1) { print "You've been bitten by a wandering zombie, the last rational thaught you have before tuning into a zombie is: $thaught."; $db->query("UPDATE users SET humanorzombie=1 WHERE userid=$userid"); $db->query("UPDATE hvzstats SET totzombies=totzombies+1"); $h->endpage(); exit; } } }

Re: A little help with $_POST Aha! works a charm, thanks for everyones help.

Re: A little help with $_POST The users submits a number to the script, say the number 5. Then the script will print 5 dropdowns. If the user submits the number 100 it should print 100 dropdowns

I'm working on a little something and have hit a brick wall. The script requires users to input a number, which gets $_POST back to the page, the part im waving trouble with is to print a set code for the amount sent by the $_POST E.g You submit the value 5 in the input field the result you would get back would be $result $result $result $result $result I know its possible to do it with if statements .... if $_POST['num] == 1 but surely there is a more efficient way.

Re: Need an item to access a page   $itemid = 1; $i=$db->query("SELECT * FROM inventory WHERE inv_itemid=$itemid AND inv_userid=$userid"); if(mysql_num_rows($i) == 0) { print "<h2>Oops</h2>Invalid item ID"; $h->endpage(); exit; }   Try that, change 1 to the item id required.

Re: Cron Help Yes, they are all in the users table, every time someone buys a better bank they get a certain percentage, and their bank can only hold so much, anti-inflation tool.

Re: Cron Help None of these worked correctly, Would adding an extra field to the users table say 'bankcard' Then at the top of day cron add the item check, update the 'bankcard' to either 1 or 0 and add an additional WHERE to the interest query like: UPDATE users SET bankmoney=bankmoney*(bankpercent*2)+bankmoney WHERE bankmoney > 0 AND bankmoney < bankmax+1 AND daysinactive < 2 AND bankcard > 0 UPDATE users SET bankmoney=bankmoney*bankpercent+bankmoney WHERE bankmoney > 0 AND bankmoney < bankmax+1 AND daysinactive < 2 AND bankcard < 1 Something like that would work? I know adding another field to the users table is noobish but it's to only way i can think of right now.

Re: Cron Help Userid 1 and 2 have a item id 18, userid 1 gets the normal interest rate, but userid 2 gets more Both accounts should get 4% interest, but userid 2 had $100 in the bank before i ran the cron, and $1040000 in the bank after i ran the cron.

Re: Cron Help QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE (`bankmoney` > 0 AND `bankmoney` < (`bankmax` + 1) AND `daysinactive` < 2)' at line 1 Query was UPDATE `users` SET `bankmoney` = `bankmoney` * (`bankpercent` + `bankmoney` WHERE (`bankmoney` > 0 AND `bankmoney` < (`bankmax` + 1) AND `daysinactive` < 2) AND `userid` <> 1