Dominion

There is a `bugs` table. I'm unsure of what the module name is that deals with it.

That's true for now, but I'm assuming it's an option Vbulletin has that allows you to set who can create articles. At the moment there aren't all that many tutorials being posted.

Something like this? http://makewebgames.io/content.php

http://makewebgames.io/showthread.php/43531-Peter-Leaman-Web-Design-PSD-Conversion-Integration-More

Ignore the v2 capchta it means copying over a lot of junk from v2. Just just a simple one for example - http://www.abeautifulsite.net/blog/2011/01/a-simple-php-captcha-script/ and for registration I would recommend http://www.google.com/recaptcha

Well... ok http://makewebgames.io/showthread.php/40170-Verify-Addon-TornCity-Style

and the problem is what? What error is your browser giving you?

Jquery has an amazing site... http://api.jquery.com/on/ http://api.jquery.com/ready/

How can we do that without knowing the problem?

Was just an example. >.<

Small games are more likely to be unlicensed, underfunded, have less experienced mangers/owners, and of course have smaller player base. There are more venerable to player loss and sometimes it’s a single programmer who could lose interest. Everyone starts somewhere. :p

I'm sure the lines of your engine have changed? Small things like that change all the time.

The actual conversation was to come up with a "quick fix" without redoing the majority of the system. Restrictive would be fine for a quick fix. I think we all ended up agree that a correctly implement fix wouldn’t be “quick” by any standard.   This is the exact problem we were talking about patching (yes mccodes there is still a bug...), and I can imagine someone found it a few years ago. I don’t believe any of us actually run mcc based games so it was just us discussing potential fixes for the sake of discussion. I’ve used eval() before with PHP but with purely math based exploit fixes (3rd party source code to ensure security), and in general I try to avoid it. I’ll probably look into this kind of system next time I can’t. :)

This started out as a "fix what's there" conversation. The more we talk about it the more work is added, and the easier it would be to redo the entire thing. You're solution should be enforced on docrime.php. In staff_crime.php (the original file we were trying to create a quick check for...) we could simply enforce a structure e.g. 8 * WILL / LEVEL + 4 explode() and check to ensure (against an array) each part is a number, operation(+/*-) or a set word (LEVEL,WILL etc) It's late here so I can't give a better response then that tonight. Thank you very much for answering, and I'll probably come back to this (if not redo the whole system anyway) tomorrow. Might even be the first thing I've ever done for mcc...

First off thank you very much for replying, and in such detail. I always look forward to seeing you post.   True with most things of this nature where programming is concerned and something more people need to remember. Your particular solution is one we discussed (splitting the values and evaluation individually), although not in such detail, and if it was purely a math based operation using only numbers from the user input would have made perfect sense as a patch. Unfortunately we were stumped by mccodes somewhat free ability to use ANYTHING user based as part of the math for example - 5*WILL/EXP+6-LEVEL Should in theory be a valid input. Checking this is... stupidly long. I think there are also several other user specific stats you could use. With this in mind it would have taken us less time to recreate the system then to patch the current one, and in my opinion is why eval() simply shouldn't be used here. One alternative was to simply use a base sum (e.g. x*exp/$number) and substitute the values in. No need for eval(), and does the same thing... well actually you lose a little flexibility that you didn't need anyway.

Well there is nothing wrong with this method I would like to give you some advice. I wouldn't keep adding things into the user table. For this you could create a Jobs table and store job done, when(timestamp), and remove the cron completely. might be something to think about?

If you're doing things like - if(!$_GET['SOMETHING']) {   You should be getting an error like this - Most people who don't use isset/array_key_exists tend to have error reporting off.

There is nothing "evil" about using Eval, and if used properly it's a powerful tool. I simply feel it's not being used properly here at all.

Could you give us a link or an example of what you're talking about?

Depends if you're working with NULL values or not. If you want something to be valid as NULL then isset() isn't acceptable.   $array = array('key1' => 'YAY', 'key2' => NULL); var_dump(isset($array['key1'])); // true var_dump(array_key_exists('key1', $array)); // true var_dump(isset($array['key2'])); // false var_dump(array_key_exists('key2', $array)); // true

How is that a change log? For example have you changed how the passwords are encrypted? At best it's an incomplete new feature list...

Ians-engine-with-Daves-help.co.uk should clearly win...

This is looking good. What has actually changed from the last version, although I can see changes per file I don't see a full change log. Is there one?

Assuming this is purely for the maths, and the problems are that everything is currently allowed why are you blacklisting things? Check for numbers, and key words (e.g. WILL) via a whitelist and block everything else. I don't understand why you're checking for words like CREATE via a blacklist. That aside I think DJK was right, eval() shouldn't be used here.

It's been a while since I've looked at MCC, how is Eval being used? Is it just for the maths (e.g. (will*0.8/$level) ) ?