Danny696

Just to be a pain jQuery was used on the site, so that would be a 3rd party library May I also ask why you would want to sell the game if you've invested 130,000 euros

Would we get the domain and if so would you pay the transfer fee?

If your serious about the money you posted, then be careful in who you actually choose to create your site.

I wonder what McCodes will try and sell us now. Everytime they have done something regarding their engine its always been the same. Give us more money for this rubbish that doesn't do what we just said it will do. Oh boy, I've just found this; Honestly I've never seen an mccodes game that uses MySQLi. That and the fact the class has nothing to do with the MySQLi functions that actually make it improved, so nothing really comes from the MySQLi class.

Seems to be an error with the auth.php please post that up. Also, those last lines of the globals.php gave me a laugh

I think neither. Dont create an engine. Create a game, its where the money actually is, and the game could possibly be good

Now, I recieved this email today; I have added this to my personal site, http://www.daniel-hanson.com maybe you could add it on yours. Wikipedia is also doing a black-out for all its English-language versions.

If you did it right, and advertised right, It could be big. One false move though, and you will blow it. Theres a very fine line for things like this I believe, but as I've said if you do it right then you'll could do well. But not as an engine, as a sole game.

Hey guys, For my new project I've decided to work with MySQLi as it has many strengths over MySQL. Since I'm quite lazy and didnt want to write 5+ lines for a query, I decided to create a simple class so I could write 1 line, and it run the query, bind the params, and such MySQLi goodies. I ended up using some code from the php manuals comments. So by using the class below, I can easily call a query by doing something like $users = $db->__query('SELECT * FROM `users` WHERE (`userid` = ?);', array('i', $userid)); This will then return the results as an array, for instance $user['userid'']....This could easily be changed to make it into objects such as $user->userid, Thats the way I make it at first, but then changed to array. Just to let you know, I have this in a db folder, and the config file in a seperate folder called config, both being in the home dir. The config file is this;   <?php /* @author Daniel Hanson <[email protected]> * * First off, Lets define some variables */ define('host', 'localhost'); define('name', 'root'); define('pass', ''); define('db', 'databse'); /* * Thats all for now, this file is complete. */   And for the db file.   <?php /* @author Daniel Hanson <[email protected]> * @copyright Copyright (c) 2012, Daniel Hanson * This was built by Daniel Hanson, and released for free on makewebgames.io * Do not remove this, It affects nothing in the script. * * First off, see if we have passed the defines we need */ if(!defined('host')) { include_once(dirname(dirname(__FILE__)) .'/config/db.config.php'); //Get the database config we need. } //Just extend the mysqli class from PHP class database extends mysqli { //Start the class public function __construct($host, $user, $pass, $db) { parent::__construct($host, $user, $pass, $db); if (mysqli_connect_error()) { die('Database Error: ('. mysqli_connect_errno() .') '. mysqli_connect_error()); } } //End the class when its all over function __destruct() { parent::close(); } function __query($sql, $arrParams) { $result = array(); //$result = new stdClass(); if ($stmt = $this->prepare($sql)) { if(count($arrParams) == 0) { } else { $arrParams = $this->getRefArray($arrParams); $method = new ReflectionMethod('mysqli_stmt', 'bind_param'); $method->invokeArgs($stmt, $arrParams); } $stmt->execute() or die($this->error); $meta = $stmt->result_metadata(); if (!$meta) { //$result->affected_rows = $stmt->affected_rows; //$result->insert_id = $stmt->insert_id; $result['affected_rows'] = $stmt->affected_rows; $result['insert_id'] = $stmt->insert_id; $stmt->close(); return $result; } else { $stmt->store_result(); $params = array(); $row = array(); while ($field = $meta->fetch_field()) { $params[] = &$row[$field->name]; } $meta->close(); $method = new ReflectionMethod('mysqli_stmt', 'bind_result'); $method->invokeArgs($stmt, $params); $result = array(); while ($stmt->fetch()) { $obj = array(); //$obj = new stdClass(); foreach($row as $key => $val) { $obj[$key] = $val; //$obj->$key = $val } $result[] = $obj; } $stmt->free_result(); } $stmt->close(); } else { printf("Prepared Statement Error: %s\n", $this->error); } return @$result[0]; } private function getRefArray($a) { if (strnatcmp(phpversion(),'5.3')>=0) { $ret = array(); foreach($a as $key => $val) { $ret[$key] = &$a[$key]; } return $ret; } return $a; } } /* * Create the db for all to use. */ $db = new database(host, name, pass, db);

The money in circulation isnt the money in their bank.

Players do get bored when its far to easy to get money, youll have 1 or two players at the most, ive seen games where 1 or two players have 1 million in money, and they have 1000+ players online at any time, and it was nothing special.

Sorry, but why on earth would a player have more than 2 billion in a game? The game seems to have an economy worse than the eurozone, and the stats, maybe you should lower the gains from the gym, but I'm guessing you dont know how to do that. Maybe you should either learn how to do basic problems like this, or pay someone to do it. Your game would highly benifit from either of these, as all your problems will be fixed, quickly and properly.   Also, you could make the integer unsigned, therefore changing its range from -2147483648 - 2147483648 to 0 - 4294967295. This helps by making sure it never goes negative, and/or increased the highest value.

Link to proper article: http://php-security.org/2010/05/01/article-php-web-security/ No need for the part inbetween

Are there users?

Just select it from the user table; $win = @mysql_result($db->query("SELECT `username` FROM `users` WHERE (`userid` = " . $r['lastwin']. ");"),0,0); and edit for the lost.

Its new year, many people arnt online. Just to let everyone know, 120 euros is around $155. The three login pages you supplied all have very detailed images on them, and I suspect the owners paged $1000+ for those logins.

Happy new year to you too, and everybody else!

I would use, (using the same variables as yourself) $pos = abs($_GET['p']); This will remove any +/- sign, so making sure it is a positive number, and makes sure its a number, although could return a float, which could be worked around with; $pos = abs(intval($_GET['p'])); Which Im sure we've all seen before, but it does work. Quick test page I made; <?php $number = array(); $number[] = 5.2; $number[] = -5.2; $number[] = -1; $number[] = 2535265765264567354675337; for($i=0;$i<=count($number)-1;$i++) { echo abs(intval($number[$i])) . '<br />'; } ?> Which returns; As you can see, you get a whole, positive number from each, except the one which is too large for an integer, if this was a game I was working on, it would be proceeded with an if ($pos <= 0 ) { #tell them } else { #sql }

Sorry if you felt I was attacking you, I was making the point, I did say it very badly though, and I shouldn't have, for which I do apologize, but you did say the function would secure the game, and as bluegman even said, it doesnt filter out negative numbers, which could cause a user to gain money, which could ruin a game. Making it not as secure as you lead people to believe.

Thats not part of the function though, so that wouldnt secure it itself would it now. No, is that 3-0 to me. I think so.

Were not, thats the point. Ive seen people gain millions on games from putting in negative numbers. Seems like its 2-0 to me :)

What if I put in a negative number? It fails right there. Danny 1 - 0 Runthis

Im not questioning your knowledge here runthis, but from previous posts Octerain seems to know their stuff. And I actually agree with them here, we've seen many functions to try and secure their game easily, but none work, seemingly this one as well.

It has been shut down once, I got it back. But as I said on the PM, Ive used my AVG 2012 and It has found nothing.

Please can you remove my email. You could also have just Pm'd me. I check my emails everyday, and see various failed spam messages. I have ran many removal tools, and found nothing on my computer, and changed my password today, so if that doesnt work, I dont know what will.