Eruondo
-
Posts
123 -
Joined
-
Last visited
Never
Content Type
Profiles
Forums
Events
Everything posted by Eruondo
-
+1 for helping me get this Cron_5 Min to work
Eruondo replied to Joshua's topic in General Discussion
Re: +1 for helping me get this Cron_5 Min to work I'm a total beginner, but why not just use if($ir['donatordays'] > 0) { $db->query("UPDATE `users` SET `brave`=`brave`+((`maxbrave`/'5')+'0.5'),`hp`=(`hp`+(`maxhp`/'3')),`will`=`will`+'20',`energy`=`energy`+(`maxenergy`/'6') } else { $db->query("UPDATE `users` SET `brave`=`brave`+((`maxbrave`/'5')+'0.5'),`hp`=(`hp`+(`maxhp`/'3')),`will`=`will`+'20',`energy`=`energy`+(`maxenergy`/'12.5') } instead of $db->query("UPDATE `users` SET `brave`=LEAST(`brave`+((`maxbrave`/'5')+'0.5'), `maxbrave`), `hp`=LEAST(`hp`+(`maxhp`/'3'), `maxhp`), `will`=LEAST((`will`+'20'), `maxwill`), `energy`=IF(`donatordays`<>'0', LEAST(`energy`+(`maxenergy`/'6'), `maxenergy`), LEAST(`energy`+(`maxenergy`/'12.5'), `maxenergy`))"); Now, that's just for race 1, but you get the picture. Not sure if it will work though... -
Re: Crime Update
-
Re: Crime Update I've changed it a little bit, (Set max nerve and fixed two small errors) and I'll post it here, in case anyone else wants to this great upgrade. :-D if ($ir['braveLVL'] < 100) { $ir['crimeEXPneeded']=(int) (($ir['braveLVL']+1)*($ir['braveLVL']+1)*($ir['braveLVL']+1)*4.2+(500*$ir['braveLVL'])); if($ir['crimexp'] >= $ir['crimeEXPneeded']) { $ir['braveLVL']+=1; $ir['brave']+=5; $ir['maxbrave']+=5; //$ir['cEXPneeded'] = (int) ($ir['braveLVL']*500); $ir['crimeEXPneeded'] = (int) (($ir['braveLVL']+1)*($ir['braveLVL']+1)*($ir['braveLVL']+1)*4.2+(500*$ir['braveLVL'])); $db->query("UPDATE users SET brave=brave+5,maxbrave=maxbrave+5,braveLVL=braveLVL+1 WHERE userid=$userid"); } }
-
Re: Crime Update This is great, Thanks! :-D +1
-
Re: First attempt at securing files. That's why I wrote "I'm so stupid" afterwards, when I got your point. :| Still not to sure what mres() ($c?) and mrse() is though.
-
Re: First attempt at securing files. Aha, I see. So I'm doing it wrong because I am securing variables which have nothing to do with user input? ... I'm so stupid.
-
Re: First attempt at securing files. I don't doubt that you're right, I just don't understand what I'm doing wrong... :| I know, I'm a slow learner, but I really want to understand.
-
Re: Looking To Buy I think Richard make something like that for free. Just search the forums, and you'll find it.
-
Re: First attempt at securing files. I do this as a hobby, it's nothing I get payed for doing. But that does not mean that I don't want to learn and understand, because I really do. $money = clean($ir['money'] + $moneygain); $price = clean($ir['crystals'] - $bribes); You say this is overkill, but I don't understand why, even after reading about these functions for the last six hours. In my head, one is good, but two is better, especially when it comes to security. :roll: But then again, I am a newbie, and there could be several good reasons why not, I just havent found them yet. And I don't expect people to go through my code, I just hoped for a fast skimthrough if someone had the time. :-)
-
Re: Can someone help me with create a gang? Could you post the code?
-
Re: First attempt at securing files. I've had a new go, :-D (It took a while, but I've tried to learn sprintf() in the meanwhile.) crystaltemple.php, secured with a cleanfunction. (I use bribes instead of crystals :wink:) <?php include "globals.php"; print "<font color='#FFFFFF'>[b] <hr width='70%'><h3>Bribes Exchange</h3><hr width='70%'>[/b]</font> "; $mySpend = clean($_GET['spend']); $bribes = (int) $_POST['crystals']; if(!$mySpend) { print " <font color='#FFFFFF'>Welcome to the Bribes Exchange! You have [b]{$ir['crystals']}[/b] bribes. What would you like to spend your bribes on? [url='bribesexchange.php?spend=refill']Energy Refill - {$set['ct_refillprice']} Bribes[/url] [url='bribesexchange.php?spend=IQ']IQ - {$set['ct_iqpercrys']} IQ per bribe[/url] [url='bribesexchange.php?spend=money']Money - \$".number_format($set['ct_moneypercrys'])." per bribe[/url] "; } else { if($mySpend == 'refill') { if($ir['crystals'] < $set['ct_refillprice']) { print "<font color='#FFFFFF'>You don't have enough bribes!"; } else if($ir['energy'] == $ir['maxenergy']) { print "<font color='#FFFFFF'>You already have full energy."; } else { $maxenergy = clean($ir['maxenergy']); $price = clean($ir['crystals'])-($set['ct_refillprice']); $sql1 = sprintf("UPDATE users SET energy = ('%u'), crystals = ('%u') WHERE (userid = %u)", $maxenergy, $price, $userid); $db->query($sql1); print "<font color='#FFFFFF'>You have paid {$set['ct_refillprice']} bribes to refill your energy bar."; } } else if($mySpend == 'IQ') { print " <font color='#FFFFFF'>Type in the amount of bribes you want to swap for IQ. You have [b]{$ir['crystals']}[/b] bribes. You gain {$set['ct_iqpercrys']} IQ from one bribe. <form action='bribesexchange.php?spend=IQ2' method='post'> <input type='text' name='crystals' /> <input type='submit' value='Swap' /> </form>"; } else if($mySpend == 'IQ2') { if($bribes <= 0 || $bribes > $ir['crystals']) { print "<font color='#FFFFFF'>Error, you either do not have enough bribes or did not fill out the form. "; } else { $iqgain = clean($bribes*$set['ct_iqpercrys']); $IQ = clean($ir['IQ'] + $iqgain); $maxenergy = clean($ir['maxenergy']); $price = clean($ir['crystals'] = $ir['crystals'] - $bribes); $sql2 = sprintf("UPDATE users SET crystals = ('%u') WHERE (userid = %u)", $price, $userid); $db->query($sql2); $sql3 = sprintf("UPDATE userstats SET IQ = ('%u') WHERE (userid = '%u')", $IQ, $userid); $db->query($sql3); print "<font color='#FFFFFF'>You traded $bribes bribes for $iqgain IQ."; } } else if($mySpend == 'money') { print " <font color='#FFFFFF'>Type in the amount of bribes you want to swap for money. You have [b]{$ir['crystals']}[/b] bribes. You gain \$".number_format($set['ct_moneypercrys'])." from one bribe. <form action='bribesexchange.php?spend=money2' method='post'> <input type='text' name='crystals' /> <input type='submit' value='Swap' /> </form>"; } else if($mySpend == 'money2') { if($bribes <= 0 || $bribes > $ir['crystals']) { print "<font color='#FFFFFF'>Error, you either do not have enough bribes or did not fill out the form. "; } else { $moneygain = clean($bribes * $set['ct_moneypercrys']); $money = clean($ir['money'] + $moneygain); $price = clean($ir['crystals'] - $bribes); $sql4 = sprintf("UPDATE users SET crystals = ('%u'), money = ('%u') WHERE (userid = '%u')", $price, $money, $userid); $db->query($sql4); print "<font color='#FFFFFF'>You traded $bribes bribes for \$".number_format($moneygain)."."; } } } print " <hr width='70%'>[url='bribesexchange.php']Back[/url] <hr width='70%'> "; $h->endpage(); ?> Here is the function I use: function clean($clean) { if (get_magic_quotes_gpc()) { $clean = stripslashes($clean); } return htmlentities(mysql_real_escape_string(trim($clean))); } Kudos to Floydian and SomeRandomGuy on the function and sprintftutorials. As I gathered, sprintf is more secure, so I've written the codes with it. How'd I do?
-
Re: [FAQ] sprintf - no, it's not a phone company Great tutorial! +1
-
Re: Crime Update Thanks mate! +1
-
Re: First attempt at securing files. Well, that makes sence. So all I really need is $myDeposit = abs((int) $_POST['deposit']); and sql = ("UPDATE users SET bankmoney=bankmoney+$gain, money=money-$myDeposit where userid=$userid") $db->query(sql); And I'm good to go?
-
I've read some sites and posts about securing files, and now I've tried to secure my own files. Now, this looks good to me, but I wonder if any of the more experienced coders on here could take a look and see how it looks? Is there anything I have missed? Anything I could have done better? The file is just a simple bank which came with my MCcodes, :-P <?php include "globals.php"; print " <font color='#FFFFFF'><hr width='70%'><h3>Bank</h3></font><hr width='70%'/> "; if($ir['bankmoney']>-1) { switch($_GET['action']) { case "deposit": deposit(); break; case "withdraw": withdraw(); break; default: index(); break; } } else { $sql3 = $db->query("UPDATE users SET money=money-50000,bankmoney=0 WHERE userid=$userid"); if(isset($_GET['buy'])) { if($ir['money']>49999) { print "<font color='#FFFFFF'>Congratulations, you bought a bank account for \$50,000! "; $db->query(sql3); } else { print "<font color='#FFFFFF'>You do not have enough money to open an account."; } } else { print "<font color='#FFFFFF'>Open a bank account today, just \$50,000! [url='bank.php?buy']Yes, sign me up![/url]"; } } function index() { global $db, $ir,$c,$userid,$h; print "<font color='#FFFFFF'>\n[b]You currently have \${$ir['bankmoney']} in the bank.[/b] At the end of each day, your bank balance will go up by 2%. <table width='70%'> <tr> <td width='50%' align='center'> <font color='#FFFFFF'> [b]Deposit Money[/b] It will cost you 15% of the money you deposit, rounded up. <form action='bank.php?action=deposit' method='post'> Amount: <input type='text' name='deposit' value='{$ir['money']}' /> <input type='submit' value='Deposit' /> </form> </td> <td align='center'> <font color='#FFFFFF'> [b]Withdraw Money[/b] There is no fee on withdrawals. <form action='bank.php?action=withdraw' method='post'> Amount: <input type='text' name='withdraw' value='{$ir['bankmoney']}' /> <input type='submit' value='Withdraw' /> </form> </td> </tr> </table>"; } function deposit() { global $db,$ir,$c,$userid,$h,$myDeposit; $myDeposit = abs((int) $_POST['deposit']); $myDeposit = mysql_real_escape_string(htmlentities($myDeposit)); if($myDeposit > $ir['money']) { print "<font color='#FFFFFF'>You do not have enough money to deposit this amount."; } else { $fee = ceil($myDeposit*15/100); $gain = $myDeposit-$fee; $ir['bankmoney']+=$gain; $sql = mysql_real_escape_string(htmlentities("UPDATE users SET bankmoney=bankmoney+$gain, money=money-$myDeposit where userid=$userid")); $db->query($sql); print " <font color='#FFFFFF'> You hand over \$$myDeposit to be deposited, After the fee is taken (\$$fee), \$$gain is added to your account. [b]You now have \${$ir['bankmoney']} in the bank.[/b] "; } } function withdraw() { global $db,$ir,$c,$userid,$h; $myWithdraw = abs((int) $_POST['withdraw']); $myWithdraw = mysql_escape_string(htmlentities($myWithdraw)); if($myWithdraw > $ir['bankmoney']) { print "<font color='#FFFFFF'>You do not have enough banked money to withdraw this amount."; } else { $gain=$myWithdraw; $ir['bankmoney']-=$gain; $sql2 = mysql_escape_string(htmlentities("UPDATE users SET bankmoney=bankmoney-$gain, money=money+$gain where userid=$userid")); $db->query($sql2); print " <font color='#FFFFFF'> You ask to withdraw $$gain, The banking lady grudgingly hands it over. [b]You now have \${$ir['bankmoney']} in the bank.[/b] "; } } print " <hr width='70%'>[url='explore.php']Back[/url] <hr width='70%'> "; $h->endpage(); ?>
-
Re: Crime Update Exactly!
-
Re: [mccodes] Advanced Pet Mod [$15] -"Oh yeah? Well, my dad is much stronger than your dad!" :roll: J/K. Looks good, :D Would add it, but I think it would breake with the current theme and setup of my game.
-
Norwegian/Swedish/Danish is pretty much like british, american and australian, so here's a joined thread for all scandinavians! So: Hallo! Jeg heter Tom, sytten ?r, fra s?r-vest Norge. Er det flere av oss her inne, eller er jeg helt alene?
-
Re: En Français Bonjour, je m'apelle Tom, et j'ai parle frances ? circa deux mois. Je ne parle pas tr?s bon... :-P
-
Re: German - Learning it (Have been for 3 years) Ja, ich auch sprechen deutch, aber nichts so gut. Ich has es gelernt im schule, aber ich hast der nicht sprecht f?r zwei jahre... Yes, I speak i little german, but not enough for me to get around town? Or something like it.
-
My users have asked me if I could do a little more work on the crimes, or, more spesificly, that your bravebar does not upgrade every time you level up, but rather when you get so and so much crime experience. I thought it was a good idea, so I wonder if there is anyone here who has made something similar to it, (for free), so I don't have to make it from scratch? If there is not, I'll post it for you here when I've coded it, :D
-
Re: [mccode v2] Donator Packs To Items Are you sure that you have added the correct item ID to your files?
-
Re: [mccode v2] Donator Packs To Items Sorry for posting in an old thread. In the ipn_donator I have replaced $db->query("UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.money=u.money+5000,u.crystals=u.crystals+50, us.IQ=us.IQ+50,u.donatordays=u.donatordays+30 WHERE u.userid={$for}"); with item_add({$for}, 96, 1) Will this work?
-
Re: voting help I tried adding a else just now, but I've still got the same problem. Any ideas?
-
I'm trying to add this in my header, but no matter what I do, it just shows the first result. Could you take a look and tell me if there is anything wrong? $vote = $db->query("SELECT list FROM votes WHERE userid = ".$ir['userid']." "); if(mysql_num_rows($vote) != trpg) { echo "<font color='#FFFFFF'>You haven't voted at TopRPG today! Do it now!</font> "; } elseif(mysql_num_rows($vote) != twg) { echo "<font color='#FFFFFF'>You haven't voted at TopWebGames today! Do it now! "; } elseif(mysql_num_rows($vote) != tpg) { echo "<font color='#FFFFFF'>You haven't voted at TopRankinGames today! Do it now! "; } elseif(mysql_num_rows($vote) != apex) { echo "<font color='#FFFFFF'>You haven't voted at Apex today! Do it now! "; } else { echo "<font color='#FFFFFF'>You've already voted today. "; }