rulerofzu

  I hadnt looked at the redemption file tbh.

Why put this into the users table? Why are you calling userstats??

LMAO The idea is....that you can give your players a discount. So Happy xmas we are running 20% discount on all items on the donator page

Isnt this a repost of the mod you was selling a few months ago?

GANGS.............. Need i say more ? why is the whole concept of the gangs useless. what could be done to improve gameplay for gangs Use you imagination.....on my upcoming game gangs go to war....each kill gets points and the highest score wins , gangs can seige cities owned by rival gangs and more.... :D

<? $blinki=$_SERVER['SCRIPT_NAME']; $checklinki1=explode('.',$blinki); $checklinki2=explode('/',$checklinki1[0]); echo '[url="/"]Home[/url]'; while(list($key,$val)=each($checklinki2)){ $dir=''; if($key > 1){ $n=1; while($n < $key){ $dir.='/'.$checklinki2[$n]; $val=$checklinki2[$n]; $n++; } if($key < count($bc)-1) echo '[url="'.$dir.'"]'.$val.'[/url]'; } } echo '/ [url="'.$dir.'"]'.$checklinki2[1].'[/url]'; ?>     You could use something like that making it into a breadcrumb style link

google how to use cron files.

Probably due to you have a open tags in the html for the item pics. Close the tags in that     print"</td><td>[img=itmpics/{$i[]</td>";

If your on a cpanel server there is a free download cp sitesaver. Will save your site and database.   I use it to run at midnight automagically to a backup server using timestamps so saves 10 backups and will then remove the oldest before creating the latest backup.

getimagesize does what it says gets the image size, width and will return an error if its not a valid image.   you can also use functions like   ImageCreateFromJPEG ImageCreateFromjpeg ImageCreateFromPNG   case sensitive for files ending .JPEG .jpeg   and will return an error for an unsupported file type.   Now with what Zero stated about linking an image then changing that using htaccess to .php your talking about rfi attacks remote file inclusion?   This comes under server config security and your scripts. Easiest way dont allow anything to upload to your server so they cant upload the nice image which is really a link to a shell.   Server side you can disable allow_url_fopen in your php others I would suggest disabling would be proc_open, shell_exec, popen you can find others which are functions that will open/read/write for the phpfilesystem.   The way these are configured in PHP will depend on your version. A lot of hosts are still using the 4.x tree or early 5 versions.

Simple. You do all your coding in a test enviroment and then add to your production server if your game is live and has players.   Or code the entire thing. Check it all. Beta test it and if you feel it absolutely required. Pay someone to run through your code and secure it. Then release it to production status changing error reporting to off before you do.   If you cannot have a seperate testing enviroment (ie the computer you have next to you right now) then look at Subversion

Great mod. Well coded with excellent support.   Thanks.

Therefore renaming the users table would not be difficult to find out one error and wow the new name is shown... You shouldnt have error reporting enabled on a production server. :D

Then you have to worry about shell uploads into your file manager.   php disable functions   Not much point in securing your files at all if your going to leave your server open to attack.   Make sure you chose a host that knows what its doing :D   McCodes should include in the install instructions. Insecure please secure all files before uploading if you dont know what your doing pay someone that does. Thats what professionals are for.

Ahhh right I am with you now.   Had totally forgotten the default index has that.

You mean from being listed on places like the hall of fame?   Just add to your database query WHERE user_level=1   Then it will only show the players and not any admins etc.

Both of these are server dependant. Neither will work across all server platforms.

From what Ive understood isnt there the remember me which creates a cookie for the user login details and then the session. Its the session which will then log the players out for inactivity after 15 minutes?

Yeah true enough but you step a dangerous path with the inland revenue for no reason. For the sake of submitting a online tax return once a year saying you owe nothing (assuming you owe nothing) beats the inland revenue deciding you owe £20k unless you can prove different.

change the table width where it is set at 100%

lol.....did he message you saying he can fix it too? usually they do. For a nominal fee of course.   Firefox add ons there are a few that are for sql injection testing. People like this use them to seek out ways into your website and then get in from there.   htaccess is an apache webserver security method. Someone correct me if im wrong but im pretty sure that bruteforce attacks on the server is the only way around it. So make sure you pick a password that isnt easy and encrypt it.   As for paypal. Well dont use the stock mc2 donator code or IPN unless you have made sure its secure first.

You could take steps to prevent access to the staff files   Create a .htaccess file and place in the root of your game   AuthName "Restricted Area" AuthType Basic AuthUserFile /home/user/.htpasswd AuthGroupFile /dev/null <Files staff.php> require valid-user </Files>     Then create a .htpasswd file containing a username:password (make sure you use some type of encryption for the password!)   If your uploading the files they need to be in ASCII mode not binary and the .htpasswd needs to out of your webroot   You can add to the files to be protected for example   <Files staff.php, staff_users.php>   And your done.....now when you need to access the staff file you will be prompted for a user / pass. Add to the htpasswd list usernames and passwords for all your staff. Again making sure the passwords are done using an encryption.   Now if anyone gets into your staff area its either you used a crappy password or your staff gave it out in which case one or both of you should be shot!

Why are you trying to run a cron from your browser anyway?

Maybe not the actual inventory code but take a look at the links leading off there. Your itemsend use and market files all have get and post values that could be exploited if they are not secured.

If your under 18 then your parents have to register with the Inland Rev and do the accounts etc instead....there is no escaping the rev :D