Eruondo

Correct me if I'm wrong, but from looking at it, it seems it would work fine with just the regular iteminfo.php...

Thanks. :D

Can be seen working on http://www.thedarkestfate.com/encyclopedia.php Username: Demo1 Password: demo

I did not make this, I found it on the forums somewhere a while ago, and then I edited it to fit my needs, and added a little extra, as the pages function and such. Use it however you want, just don't sell it or anything like that. If you want to change how many displayed items there are per page, just edit the $rowsPerPage variable. Default is 30. Here is the code. Save as encyclopedia.php   <?php include "globals.php"; print " <font color='#FFFFFF'><hr width='95%'><h3>Item Encyclopedia</h3></font><hr width='95%'/>"; $sql1 = $db->query("SELECT * FROM items"); $count = $db->num_rows($sql1); $rowsPerPage = 30; $numrows = $db->num_rows($sql1); $pageNum = 1; if(isset($_GET['page'])) { $pageNum = $_GET['page']; } $offset = ($pageNum - 1) * $rowsPerPage; $maxPage = ceil($numrows/$rowsPerPage); print" <table width='95%' cellspacing='1' border='0'> <tr> <td width='15%'> [b]Item Type[/b] </td> <td width='15%'> [b]Item Name[/b] </td> <td width='40%'> [b]Description[/b] </td> <td> [b]Buy Price[/b] </td> <td> [b]Sell Price[/b] </td> <td> [b]Owned by:[/b] </td> </tr>"; $q=$db->query("SELECT i.*,it.itmtypename FROM items i JOIN itemtypes it ON i.itmtype=it.itmtypeid ORDER BY i.itmtype,i.itmbuyprice ASC LIMIT $offset, $rowsPerPage"); $cn=0; while($p=$db->fetch_row($q)) { $d=$db->query("SELECT inv_userid FROM inventory where inv_itemid={$p['itmid']} GROUP BY inv_userid"); $r=$db->num_rows($d); $cn++; $buy = number_format($p['itmbuyprice']); $sell = number_format($p['itmsellprice']); print" <tr> <td> {$p['itmtypename']} </td> <td> [url='iteminfo.php?ID={$p[']{$p['itmname']}[/url] </td> <td> {$p['itmdesc']} </td> <td> \$$buy </td> <td> \$$sell </td> <td> $r players </td> </tr>"; } print " <tr> <td align='center' colspan='6'> [b]Pages: [/b]"; for($page = 1; $page <= $maxPage; $page++) { $nav .= "[url='encyclopedia.php?page={$page}']$page, [/url]"; } print " $nav </td> </tr> </table>"; print " <hr width='95%'>[url='index.php']Back[/url] <hr width='95%'>"; $h->endpage(); ?>   Enjoy! Might also add what it does: It creates a list of all the items you have on your game, with name, description, buy and sell price, and how many users own it.

I'm trying to make a little upgrade to the forums so that you recieve a notification if someone posts in a thread you've posted in, but I've got no idea on how to do it. I'm not asking you take make it for me, but if someone could be so kind as to point me in the general direction of what I should do to accomplish this, that would be most appreciated. I though about perhaps adding a field to the database called new_posts or something, and then just updating that field every time someone posts in a thread you've posted in, but I'm not quite sure on how to do that last part. Thanks! Eruondo.

Thanks both of you, that worked, :) Sorry, I forgot to answer, :P

I'm trying to write a little snippet of code, and I've encountered a problem. What I'm trying to do, is to put a variable with a value inside the $_GET, e.g:   $b = 1; $c = $_GET['data{$b}'];   And later I use a while loop to auto increment $b + 1 for so and so many times. My problem is, I can't get this to work! It simply doesn't read the variable, no matter what I try. Does anyone have any suggestions on how to fix this? Thank you very much.

This is v2, yes. Do you get an error?

Just put this in the mail_view and outbox function.   $sql2 = $db->query("SELECT * FROM mail WHERE mail_id = {$_GET['ID']}"); $sql1 = $db->fetch_row($sql2); if ($sql1['mail_from'] != $userid && $sql1['mail_to'] != $userid) { die("Error. This is not your mail."); }

Google analytics FTW?

$m=$db->query("SELECT * FROM users WHERE userid={$r['married']}"); I think that would be where the error lies. Is $r['married'] set?

No, it's get. But that code from jon182 fixed it, so thanks! Case closed, :P

I'm trying to do a form, and in that form, I've put in a little snippet to ensure that my users actually have written something in the fields. I've used these two codes, if ($_GET['header'] == 0) { die( "You did not fill out all forms."); } and if (!isset($_GET['header'])) { print "You did not fill out all forms."; } Bu neither of them works! The first code activates no matter what I write in the header field, and the second one never does... I'm sincerely stuck, and would greately appriciate any help! What am I doing wrong? I'm betting it's something really stupid and easy.

I think he's referring to this bit: mysql_query("INSERT INTO ammunition VALUES('{$add['itmid']}','100')",$c)

Any chance of this mod getting released for free anytime soon? Probably not, but I had to ask, :pinch:

Thanks Dayo, but I went with the "refresh and nothing happens" idea. Eruondo.

I'm still working on making my game secure, and at the same time, unexploitable for users. So, on that matter, does anyone know how I would go about making it so that if my users refreshed, e.g. during a fight, they would loose the fight? I'm sure you know what I mean. I've tried both searching the forums and google, but as I've mentioned earlier - Search Incompetence FTW. Anyhows, if anyone would be so kind as to supply me with a link or something, I'd appreciate it! Regards, Eruondo.

Nice one! Are you selling it, giving it away, what?

Zero-Affect: Is that not exactly what this code will prevent? Or perhaps I misunderstood you. Anyhows, I tried uploading a .php file, and some other things which were not images, and I got the die("")'s I wanted to, ^^.

All pictures must be externally hosted, so they can't upload them. Am I still vulnerable to a shell attack then? Regards, Eruondo.

I've been patching up securityholes, and doing great! (I think.) But, one question though: Does anyone know if this will work?   function do_pic_change() { global $db,$ir,$c,$userid,$h; $url=getimagesize($_POST['newpic']); if($_POST['newpic'] == "") { print "<font color='#FFFFFF'>You did not enter a new picture. "; } elseif(!is_array($url)) { $default_image =”…/directoryFolder/junal.jpg”; } else { Do stuff } }   Edit: I might add that it is a snippet I found from mdshare, and it is to prevent session hijacking from inserting code into images.

Thanks people! Now, I've replaced this with what I should replace it with, but I really can't figure out what it does, even with the help of the PHP manual. =/. $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];   As for the other links, Immortalthug and Zero-affect, I'm looking into them now. That thread you posted was really helpful, curt200518, :) rpmb: If I turn off my error reporting, how will I be able to tell what's wrong without going through every single file on my server? :P Thanks everyone, you have been really helpful. This is a great place to ask for help. Eruondo.

Thanks! I tried searching the forum, but all I found was topics where people asked how to do it, none that actually described how to do it. Search-incompetence FTW. To everyone else: Thank you for all the good tips! I've begun reading up on the links and topics you've suggested. Regards, Eruondo.

Aww.. Crap. Still, thanks though.

Well, perhaps patch is the wrong word. I'm looking for a little information like: "There's a hack at cmarket.php and here is how you fix it:" I went through all my files, securing them manually, but it turns out I did it wrong, so I'll have to do it again. That's kind of why I would like to see if anyone had any information about that. Regards, Eruondo.