DissObey

Re: Injection attempt. I know, but a player should never be able to use the ip 127.0.0.1 right?

Re: Injection attempt. Thanks for the help, i have altered the files, and will go through the threads. Is it safe to assume all users with ip 127.0.0.1 have attempted to inject or an error registering ips?

Ok, so im viewing a users profile to welcome them to the game and come across this for their internet info. Internet Info IP Hostname Last Hit 127.0.0.1', money='2 N/A Last Login 127.0.0.1', turns='2000000000 N/A Signup 127.0.0.1', turns='2000000000 N/A It looks like they have tried to cheat, just wondering if theres anything i can add to my register page to make it a little more secure.

Re: Cock Fight [$20] Looks like a nice mod, haven't fully tested it yet but one thing you might want to fix is you can battle your own cock.

Re: [mccode v2] Humans vs. Zombies EVENT mod The finish event function works fine, but you might want to change the ASC to DESC otherwise it will give prizes to the zombies with the least number of bites.

Re: [mccode v2] Humans vs. Zombies EVENT mod In register.php add this after if($_POST['ref']) { $q=$db->query("SELECT * FROM users WHERE userid={$_POST['ref']}"); $r=$db->fetch_row($q); }   $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($hvz['hvz'] ==1) { $zom=1; } else { $zom=0; }   still in register.php find the query that inserts the user add to the query   , humanorzombie   , $zom   create a new file and call it hvzlist.php <?php include "globals.php"; $_GET['st'] = abs((int) $_GET['st']); $st=($_GET['st']) ? $_GET['st'] : 0; $by=($_GET['by']) ? $_GET['by'] : 'userid'; $ord=($_GET['ord']) ? $_GET['ord'] : 'ASC'; print "<h3>Survivors List</h3>"; $cnt=mysql_query("SELECT userid, humanorzombie FROM users WHERE humanorzombie=0",$c); $membs=mysql_num_rows($cnt); $pages=(int) ($membs/50)+1; if($membs % 100 == 0) { $pages--; } print "Pages: "; for($i=1;$i<=$pages;$i++) { $pst=($i-1)*50; print "<a href='hvzlist.php?st=$pst&by=$by&ord=$ord'>"; if($pst == $st) { print "<font color='#33cc33'>"; } print $i; if($pst == $st) { print "</font>"; } print "</a> "; if($i % 25 == 0) { print " "; } } print " Order By: [url='hvzlist.php?st=$st&by=userid&ord=$ord']User ID[/url] | [url='hvzlist.php?st=$st&by=username&ord=$ord']Username[/url] | [url='hvzlist.php?st=$st&by=level&ord=$ord']Level[/url] | [url='hvzlist.php?st=$st&by=money&ord=$ord']Money[/url] [url='hvzlist.php?st=$st&by=$by&ord=asc']Ascending[/url] | [url='hvzlist.php?st=$st&by=$by&ord=desc']Descending[/url] "; $q=$db->query("SELECT u.*,g.* FROM users u LEFT JOIN gangs g ON u.gang=g.gangID WHERE u.humanorzombie=0 ORDER BY $by $ord LIMIT $st,50"); $no1=$st+1; $no2=$st+50; print "Showing users $no1 to $no2 by order of $by $ord. <table width=75% cellspacing=1 class='table'><tr style='background:gray'><th>ID</th><th>Name</th><th>Money</th><th>Level</th><th>Online</th><th>Hospital?</th><th>Jail?</th></tr>"; while($r=$db->fetch_row($q)) { $d=""; if($r['donatordays']) { $r['username'] = "<font color='".$r['name_color']."'>".$r['username']."</font>";$d="[img=/Images/donator.gif]"; } print "<tr><td>{$r['userid']}</td><td>[url='viewuser.php?u={$r[']{$r['gangPREF']} {$r['username']} $d[/url]</td><td>\${$r['money']}</td><td>{$r['level']}</td><td>"; if($r['laston'] >= time()-15*60) { print "<font color=#33cc33>[b]Online[/b]</font>"; } else { print "<font color=red>[b]Offline[/b]</font>"; } print "</td><td>"; if($r['hospital'] >= 1) { print "<font color=red>[b]Yes[/b]</font>"; } else { print "<font color=#33cc33>[b]No[/b]</font>"; } print "</td><td>"; if($r['jail'] >= 1) { print "<font color=red>[b]Yes[/b]</font>"; } else { print "<font color=#33cc33>[b]No[/b]</font>"; } print "</td></tr>"; } print "</table>"; $h->endpage(); ?>   hvzlist only shows the surviving humans, for my game i decided to use the hall of fame to show the top zombies. create a new file named hvzadmin.php and add <?php include "sglobals.php"; switch($_GET['action']) { case 'edituser': edit_user_begin(); break; case 'edituserform': edit_user_form(); break; case 'editusersub': edit_user_sub(); break; case 'hvz': hvz_settings(); break; default: print "Error: This script requires an action."; break; } function edit_user_begin() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } print "<h3>Editing User Zombie Status</h3> You can edit any aspect of this user. <form action='hvzadmin.php?action=edituserform' method='post'> User: ".user_dropdown($c,'user')." <input type='submit' value='Edit User' /></form> OR enter a user ID to edit: <form action='hvzadmin.php?action=edituserform' method='post'> User: <input type='text' name='user' value='0' /> <input type='submit' value='Edit User' /></form>"; } function edit_user_form() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } $d=$db->query("SELECT * FROM users WHERE userid={$_POST['user']}"); $itemi=$db->fetch_row($d); print "<h3>Editing User {$itemi['username']}</h3> <form action='hvzadmin.php?action=editusersub' method='post'> <input type='hidden' name='userid' value='{$_POST['user']}' /> Zombie Bites: <input type='text' name='zombiekills' value='{$itemi['zombiekills']}' /> Type: <select name='humanorzombie' type=dropdown><option value='0'>Human</option><option value='1'>Zombie</option>"; print "</select> <input type='submit' value='Edit User' /></form>"; } function edit_user_sub() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } $go=0; if(!isset($_POST['humanorzombie'])) { $go=1; } if(!isset($_POST['zombiekills'])) { $go=1; } if($go) { print "You did not fully fill out the form."; $_POST['user']=$_POST['userid']; edit_user_form(); } else { $_POST['zombiekills']=abs((int) $_POST['zombiekills']); $_POST['humanorzombie']=abs((int) $_POST['humanorzombie']); $oq=$db->query("SELECT * FROM users WHERE userid={$_POST['userid']}"); $rm=$db->fetch_row($oq); if ($rm['humanorzombie'] ==0 && $_POST['humanorzombie'] ==1) { $db->query("UPDATE hvzstats SET totzombies=totzombies+1"); } if ($rm['humanorzombie'] ==1 && $_POST['humanorzombie'] ==0) { $db->query("UPDATE hvzstats SET totzombies=totzombies-1"); } $db->query("UPDATE users SET zombiekills='{$_POST['zombiekills']}', humanorzombie={$_POST['humanorzombie']} WHERE userid={$_POST['userid']}"); stafflog_add("Edited user {$_POST['username']} zombie status"); print "Edited user zombie status"; } } function hvz_settings() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_GET['status'] = abs((int) $_GET['status']); if($_GET['status'] == '1') { $db->query("UPDATE hvzstats SET totzombies=0, hvz=1"); stafflog_add("Started Zombie Event."); echo "Zombie event started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } else if($_GET['status'] == '0') { $db->query("UPDATE users SET humanorzombie=0, zombiekills=0 WHERE humanorzombie=1 || zombiekills>0"); $db->query("UPDATE hvzstats SET totzombies=0, hvz=0"); stafflog_add("Stopped Zombie Event."); echo "The zombie event has been started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } } $h->endpage(); ?>   If you already have done the previous staff edits then remove the function and case/break from staff.php. I moved it onto it's own file to keep the staff options together. The edit user option is a simple cut down version of the staff_users feature, you can change the users "type" and also their zombie kills. If you want staff to be able to see what status a player is on their profile page open viewuser.php and add where you want it to display $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($ir['user_level'] > 1) { if($hvz['hvz'] ==1) { if($r['humanorzombie'] == 1) { $zomb="<font color='red'>Zombie</font>"; } if($r['humanorzombie'] == 0) { $zomb="<font color='#33CC33'>Human</font>"; } print "Status: $zomb "; } }   heh i even got thinking that if your a zombie instead of viewing your mails or forum posts content all you would see was "BRAINSSS!!!!!!!!!" or something like that until the event is over. i haven't done the end event feature yet because another tables needs to be added which holds the settings like how many players to reward for each "side", and what the reward type would be, money, crystals, or item. Won't be that hard, perhaps rip apart the staff_crime file and customise it for hvz event. I even went so far as to make a whole new theme for the event, if your using illusions theme changer mod you can add a little code that checks if the player is a zombie, if so update to the zombie theme, and on the hvzadmin.php page find the stop event and update everyone back to the regular theme when the event is closed. open smenu.php and if you added the last code for the zombie settings remove it, instead add this anywhere you want it to appear. <hr /> <font color=#33CC33>[b]Zombie Event[/b]</font> > [url='hvzadmin.php?action=hvz&status=1']Start Zombie Event[/url] > [url='hvzadmin.php?action=hvz&status=0']Stop Zombie Event[/url] > [url='hvzadmin.php?action=edituser']Edit Zombie Status[/url]

Re: [mccode v2] Humans vs. Zombies EVENT mod Interesting idea, shouldn't be too difficult to rustle something up. Edit attack.php where the options are add this if ($ir['humanorzombie'] == 1) { echo '<form action="attackbite.php?ID='.$_GET['ID'].'" method="post"><input type="submit" value="Bite Them" /></form>'; }   add this to a file calle attackbite.php <?php $atkpage=1; include "globals.php"; $_GET['ID']=abs((int) $_GET['ID']); $_SESSION['attacking']=0; $ir['attacking']=0; $db->query("UPDATE users SET attacking=0 WHERE userid=$userid"); $od=$db->query("SELECT * FROM users WHERE userid={$_GET['ID']}"); if($_SESSION['attackwon'] != $_GET['ID']) { print "Cheaters don't get anywhere."; $h->endpage(); exit; } if($db->num_rows($od)) { $r=$db->fetch_row($od); $gq=$db->query("SELECT * FROM gangs WHERE gangID={$r['gang']}"); $ga=$db->fetch_row($gq); if($r['hp'] == 1) { print "What a cheater u are."; } else { print "You bite {$r['username']} "; $qe=$r['level']*$r['level']*$r['level']; $expgain1=rand($qe/4,$qe/2); $expgain=$expgain1/2; $expperc=(int) ($expgain/$ir['exp_needed']*100); print "and gain $expperc% EXP! You take a huge chunk out of {$r['username']}'s left arm. You watch as they turn moaning 'BRAINSSSSSSSSS!!' once the transformation is complete."; $hosptime=rand(10,20); $db->query("UPDATE users SET zombiekills=zombiekills+1, exp=exp+$expgain, attacking=0 WHERE userid=$userid"); if ($r['humanorzombie'] ==0) { $db->query("UPDATE hvzstats SET totzombies=totzombies+1"); } $db->query("UPDATE users SET humanorzombie=1, hp=1, hospital=$hosptime, hospreason='Turned in a zombie by <a href=\'viewuser.php?u={$userid}\'>{$ir['username']}</a>' WHERE userid={$r['userid']}"); event_add($r['userid'],"[url='viewuser.php?u=$userid']{$ir['username']}[/url] bit you and turned you into a zombie.",$c,'combat'); $atklog=mysql_escape_string($_SESSION['attacklog']); $db->query("INSERT INTO attacklogs VALUES('',$userid,{$_GET['ID']},'won',unix_timestamp(),-2,'$atklog');"); $_SESSION['attackwon']=0; $warq=$db->query("SELECT * FROM gangwars WHERE (warDECLARER={$ir['gang']} AND warDECLARED={$r['gang']}) OR (warDECLARED={$ir['gang']} AND warDECLARER={$r['gang']})"); if ($db->num_rows($warq) > 0) { $war=$db->fetch_row($warq); $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT-1 WHERE gangID={$r['gang']}"); $ga['gangRESPECT']-=1; $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT+1 WHERE gangID={$ir['gang']}"); print " You earnt 1 respect for your gang!"; } //Gang Kill if ($ga['gangRESPECT']<=0 && $r['gang']) { $db->query("UPDATE users SET gang=0 WHERE gang={$r['gang']}"); $db->query("DELETE FROM gangs WHERE gangRESPECT<='0'"); $db->query("DELETE FROM gangwars WHERE warDECLARER={$ga['gangID']} or warDECLARED={$ga['gangID']}"); } //BOT Kill $npcs=array(); if($r['user_level']==0) { $q=$db->query("SELECT * FROM challengebots WHERE cb_npcid={$r['userid']}"); if ($db->num_rows($q)) { $cb=$db->fetch_row($q); $qk=$db->query("SELECT * FROM challengesbeaten WHERE userid=$userid AND npcid={$r['userid']}"); if(!$db->num_rows($qk)) { $m=$cb['cb_money']; $db->query("UPDATE users SET money=money+$m WHERE userid=$userid"); print " You gained \$$m for biting the challenge bot {$r['username']}"; $db->query("INSERT INTO challengesbeaten VALUES($userid, {$r['userid']})"); } } } } } else { print "You beat Mr. non-existant!"; } $h->endpage(); ?>   open up smenu.php and add this where you want > [url='staff.php?action=hvz&status=1']Start Zombie Event[/url] > [url='staff.php?action=hvz&status=0']Stop Zombie Event[/url]   open staff.php add the case/break under the other case/breaks, and the function at the very bottom of the page above the $h->endpage();   case 'hvz': hvz_settings(); break;   function hvz_settings() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_GET['status'] = abs((int) $_GET['status']); if($_GET['status'] == '1') { $db->query("UPDATE hvzstats SET totzombies=0, hvz=1"); stafflog_add("Started Zombie Event."); echo "Zombie event started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } else if($_GET['status'] == '0') { $db->query("UPDATE users SET humanorzombie=0, zombiekills=0 WHERE humanorzombie=1 || zombiekills>0"); $db->query("UPDATE hvzstats SET totzombies=0, hvz=0"); stafflog_add("Stopped Zombie Event."); echo "The zombie event has been started. [url='staff.php']Go Back[/url]"; $h->endpage(); exit; } }   Add this to the top of the explore page $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($hvz['hvz'] ==1 && $ir['humanorzombie'] ==0) { if($hvz['totzombies'] < 10) { $randzomb=(int) rand(1,1); $randthaught=(int) rand(1,5); if($randthaught == 1) { $thaught="Did i leave the oven on?"; } else if($randthaught == 2) { $thaught="I wonder what my gravestone will read.."; } else if($randthaught == 3) { $thaught="I'm too young to die!! Can't somebody help me?!?!?!"; } else if($randthaught == 4) { $thaught="MMM Brains..."; } else if($randthaught == 5) { $thaught="Time to visit my ex... >:]"; } if($randzomb == 1) { print "You've been bitten by a wandering zombie, the last rational thaught you have before tuning into a zombie is: $thaught."; $db->query("UPDATE users SET humanorzombie=1 WHERE userid=$userid"); $db->query("UPDATE hvzstats SET totzombies=totzombies+1"); $h->endpage(); exit; } } }

Re: A little help with $_POST Aha! works a charm, thanks for everyones help.

Re: A little help with $_POST The users submits a number to the script, say the number 5. Then the script will print 5 dropdowns. If the user submits the number 100 it should print 100 dropdowns

I'm working on a little something and have hit a brick wall. The script requires users to input a number, which gets $_POST back to the page, the part im waving trouble with is to print a set code for the amount sent by the $_POST E.g You submit the value 5 in the input field the result you would get back would be $result $result $result $result $result I know its possible to do it with if statements .... if $_POST['num] == 1 but surely there is a more efficient way.

Re: Need an item to access a page   $itemid = 1; $i=$db->query("SELECT * FROM inventory WHERE inv_itemid=$itemid AND inv_userid=$userid"); if(mysql_num_rows($i) == 0) { print "<h2>Oops</h2>Invalid item ID"; $h->endpage(); exit; }   Try that, change 1 to the item id required.

Re: Cron Help Yes, they are all in the users table, every time someone buys a better bank they get a certain percentage, and their bank can only hold so much, anti-inflation tool.

Re: Cron Help None of these worked correctly, Would adding an extra field to the users table say 'bankcard' Then at the top of day cron add the item check, update the 'bankcard' to either 1 or 0 and add an additional WHERE to the interest query like: UPDATE users SET bankmoney=bankmoney*(bankpercent*2)+bankmoney WHERE bankmoney > 0 AND bankmoney < bankmax+1 AND daysinactive < 2 AND bankcard > 0 UPDATE users SET bankmoney=bankmoney*bankpercent+bankmoney WHERE bankmoney > 0 AND bankmoney < bankmax+1 AND daysinactive < 2 AND bankcard < 1 Something like that would work? I know adding another field to the users table is noobish but it's to only way i can think of right now.

Re: Cron Help Userid 1 and 2 have a item id 18, userid 1 gets the normal interest rate, but userid 2 gets more Both accounts should get 4% interest, but userid 2 had $100 in the bank before i ran the cron, and $1040000 in the bank after i ran the cron.

Re: Cron Help QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE (`bankmoney` > 0 AND `bankmoney` < (`bankmax` + 1) AND `daysinactive` < 2)' at line 1 Query was UPDATE `users` SET `bankmoney` = `bankmoney` * (`bankpercent` + `bankmoney` WHERE (`bankmoney` > 0 AND `bankmoney` < (`bankmax` + 1) AND `daysinactive` < 2) AND `userid` <> 1

Heres the thing, i added an item to my game called a bank card, if you have it in your inventory it would give you double your interest rate in the bank, but fro some reason it won't work.. $i=$db->query("SELECT iv.*,i.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid WHERE iv.inv_itemid=18"); while($r=$db->fetch_row($i)) { $user=($r['inv_userid']); $db->query("UPDATE users SET bankmoney=bankmoney*(bankpercent*2)+bankmoney WHERE bankmoney > 0 AND bankmoney < bankmax+1 AND daysinactive < 2 AND userid=$user"); } $db->query("UPDATE users SET bankmoney=bankmoney*bankpercent+bankmoney WHERE bankmoney > 0 AND bankmoney < bankmax+1 AND daysinactive < 2 AND userid!=$user");   It's prolly a very simple fix, but i'm not seeing it yet..

Re: [v2] If course done?   $cdo=$db->query("SELECT * FROM coursesdone WHERE userid=$userid AND courseid=1"); if($db->num_rows($cdo) == 0) { print "You have not taken the course."; $h->endpage(); exit; }

Re: Have any mod ideas post here! bump? anyone willing to make a few of these?

Re: World Map Thats exactly like im looking for, anyone willing to convert it to mccodes?

In trying to bring some reality into my game i came up with this idea, mostly because the way a player moves between places is a little boring. An RPG style world map system, like you used to get in those old nes games. On explore you have a grid of say 11x11 squares, each of those squares has a tile in it and together they make up an area. If certain conditions are met e.g the user has an map or if they have donator status they can see a little more of the area. I was thinking when the player logsin for the first time they have to choose a sprite, now on the main map their sprite will appear with a facing direction, if they go to the left square the sprite faces left ect Travel on the world map would be free, but there would also be an option to spend money and go directly to the location. An option where players can purchase the squares and build on them for a better house, if the square the player has bought has say a tree they must remove the tree before they can build, once their house is built their will will increase say i introduced a mod where the player could cut down trees, the world map would need to have a durability for each of the squares, and once the square durability reaches 0 the square tile would change to a ruined tile.. like a tree would become a treestump, or a house would become rubble ect.. Perhaps a day/night could be introduced, if ithe server time is > 10pm then use the darkscale tilesets, else if it's day time then use the day tilesets.. The possibilities are endless, but this would do for a start :p On the admin side there would have to be a whole map/tile editor so new maps could be introduced as the game progresses, the ability to move players/objects around the map, restrict access to parts of the map. Firstly, could this be done? Secondly, anyone willing to give me a quote on how much a system like this would cost? Thirdly, anyone willing take take this task on? And finally, sprites and tiles can be found for free on google.. below are a few examples. http://data.fuskbugg.se/skalman01/MegaA ... %202.3.png http://www.rpg-palace.com/artists/Indoors%20Map.png http://www.rpg-palace.com/artists/outdoors.png http://i16.photobucket.com/albums/b28/A ... alBank.png http://www.weebly.com/uploads/7/4/9/1/7 ... timate.png

Re: [mccode] Free Starter Pack   Can you give a donator pack as an item (aka starter pack, but just downgraded donator pack) using this? Of course, just make an item in the admin panel, get the itemid and change the above script to credit the player the pack, and the ammount you want to give. Then you'll need to edit inventory to add a link to use the Starter Pack something like if($i['itmname'] == 'Starter Pack') { print " [[url='itemuse.php?ID={$i[']Apply[/url]]"; }   then in itemuse.php just add what you want the user to get above the "Sorry this item has no effect" message   But the way i posted earlier is a lot more simple, only need to edit one page, not 3.

Re: [mccode] Free Starter Pack Why bother adding more to the user table, and adding an exrta query on the explore page? If your anything like me you will be going to explore at least once every 5 mins, that means the query will be run every time.. Here's what i use: authenticate.php Find $db->query("UPDATE users SET lastip_login='$IP',last_login=unix_timestamp() WHERE userid={$mem['userid']}");   Add above it if($mem['laston'] == 0) { $db->query("UPDATE users SET donatordays = donatordays+3 WHERE userid = {$mem['userid']}"); $db->query("INSERT INTO inventory (inv_itemid, inv_userid, inv_qty) VALUES (7, {$mem['userid']}, 50)"); $db->query("INSERT INTO inventory (inv_itemid, inv_userid, inv_qty) VALUES (8, {$mem['userid']}, 50)"); }   Replace 7 and 8 with item id's of items you want to give new players, this will give them 50 of each, i have it also set to give 3 donator days also.

Re: Have any mod ideas post here! I have a few ideas, not sure how hard they would be to code though.. 1 Build your house. User start off with the default house, and to be able to upgrade first you need to buy land, then have the materials in your inventory, say the next house needs 50 stone and 100 wood to build. on the main screen it could tell you how many materials you need to get to build the house 2. Item Combining. User can goto a blacksmith who will show you a list of items you can make depending on what you have in your inventory. So say you have an arrowhead and an arrow shaft, you can combine it to make an arrow, the arrowhead and shaft get removed from your inventory and the new item added. If you have 50 silver ore and say 10 wood you could make a sword 3. Item Stats. User can equip item and gain stats [NOT USE], but only when the item is equipped. Say you equip a sword it will give you 10% str bonus, a 20% maxhp bonus <-- it's not possible to simply add the addition stats the the regular stat fields, because if a user train then removes a stat item they would loose 10% of their total stats. 4. City Requirements. A small addition to citys, they require a certain itemid to be able to visit them, say you need a map to visit. 5. Donator Intrest A little mod that checks if you have item X in your inventory, if you do you get 2x the normal bank intrest, if you have more than two they don't stack.   There mostly item checks but i haven't seen the others posted in the paid mod section.

Re: [mccode v2] Themecreator 100% Completed Working Copy Nice Mod, here's a small addition someone may find usefull, basicly it allows you to have different header images for each theme. In header.php add this under $q = $db->query("SELECT ThemeID FROM users WHERE userid=$userid",$c); $t = $db->fetch_row($q);   if($ir['hospital']) { $banner=bannerhosp ; } else if($ir['jail']) { $banner=bannerjail ; } else $banner=banner ;   next find where it prints your banner image and replace it with [img=/Images/Banners/{$ir['ThemeID']}/$banner.png]   Create a folder named "Banners" in your Image folder, and for each theme create a folder with the themeid and upload the banners.