Joshua

I will agree there, it makes it a lot cleaner.

if($ir['maxwill'] = the house will) { echo "whatever the houses will or hell maxwill"; } else { echo " ??? "; } I think is what you're asking shrugz.

I like movies like Gamer that was off the chain :P

Good to hear! I'd also suggest (if you haven't already) getting deeply involved in javascript (and specifically jquery and ajax). That, combined with php, is where the future of the web is at.   I'm reading up on all 3 although it takes time   My goal is in the next 2 years have Ajax, Jquery, PHP, Javascript down Pat. Then I'll spend the rest of my life perfecting what I know I'd like to keep my areas focused on a few languages and master them rather than know several and just be "decent" if that makes sense.   As for uploading an image aye, that's what I was referring to when I said "other than uploading images" But again, you wouldnt secure that through header either way :p So which ever way you choose you would avoid header security. it's just personal preferance to secure individual files I suppose, there's always someone out there better looking for loopholes and if you dedicate the time on each file and "make sure" the chances are a lot less likely they will find one rather than just slapping in some header protection :P

Not to beat a dead horse... Ok you secure all input on preferances and use header security to check the following that it's a .gif.png.jpg image   So they use htaccess to change .gif to .php Now how would you secure that in header? it's the viewuser output. The only way i've seen to secure it Other than "the best way simply upload links not offsite urls" is to use getimagesize which is slow to say the least   As for moving off away from mccodes, i'm actually venturing into the GL engine as it's nice.

I'm sure not even header will fully secure global variables i mean yes super globals could be secured but not always the best solutions work via sanitising them in header. This maybe my personal persona though but even stuff like display picture or forum avatar use different ways of sanitising. ^   agreed I would just love to see how to secure the output on viewuser and player_report using just header.php ^_- Not to mention, if you "did" secure via header alone, you would have to go through every file anywho and get Every single $_POST/$_GET variable of diff varieties as some need diff securing simply using abs((int) or ctype digit will bug those that are strings and vice versa, even using a foreach type arguement some "output" need to be differant and vice versa. it's better to secure the files the "hard" way as it's the "proper" way and you can rest a little safer. I'd never suggest just securing header/register.php As for login..why? Secure authenticate leave login alone, it's has no globals or anything included on the majority of games, it all goes via authenticate :p

aye I've noticed that, I'm just working on learning the ins and outs of this engine trying to graduate past mccodes as I really like how this engine is set up other than a few MRES's on integers and some of the ereg, most of which I've replaced with preg >,< It's coded very well.

Aye but I browsed the "top.php" file and it's just a blank file :\ If i include the safe.php file, it's double session starting via the connec file. However if I dont include safe.php it doesnt connect at all Which is strange, because the session stuff is linked through connect.php that's linked through safe.php But neither safe nor connect are anywhere else in forums until I add them, so meh!

I'm taking over the FreedomCity Project and would like to get all the bugs worked out first before i delve into anything new. The first bug I've encountered is on the Forums on the site. When you click forums the list of options for various differant forums pop up to select. Once you select a forum you'd like to visit it chucks out this error   Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/~~~~~~~/_forum.php on line 22 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/~~~~~~~~~/forum.php on line 22 Access denied for user 'nobody'@'localhost' (using password: NO) On Line 22 of forum.php is the very first mysql_query, obviously it's not connecting with the host. I looked through forum.php and _forum.php and there is nothing being included that connects with the actual database. So i took the liberty of including the safe.php and function file. Then it connected but gave me a cannot resend session output, session in connect.php and one in forum.php. However there is no "session" bit in either forum.php nor _forum.php so i'm at a loss of why it's doing that ><

Defo a creepy movie They only failed at trying to claim it really happened then chucking in an alternate ending..i mean...wth? :P

yes, but i tend to speak english as my fluent language and some of the questions you are asking do not combine into a logical response ^_- I told you. Obviously 1 would be the quantity. It takes 7 days for them to harvest. What is hard to grasp on that concept? :)

I'm not entirely sure i'm following what you are asking. Drug Quality must stay under 10. Not over. Comer?<---- They stay high for a variation of time depending on quality of the drug itself.

I beleive I have it set to grow over a period of 7 days (: Amount is how much you have growing Percent er Quality is how well the drug will work when being used. i.e if you have quality 3 drug you get a small bonus, but quality 9 bonus will be a bigger stat bonus and last a bit longer

lol oh so it did work >,< One of your Ex-Staff is having me build a game for him I was showing him something that needed to be stopped on his site ^_^ I am curious as to how to stop that as I was showing him why sigs with images using bbcode = bad tbh I'm not 100% how to stop it as not everything in a sig is meant to be a picture, so using getimagesize would cancel out all non images, i am open suggestions tho. Yea, no harm was intended, i just did a few basic tricks, was moderately impressed at the site being sudo secure figure'd id check the image tag. Sorry if I lead you in the wrong direction and yea, I should have asked I was just on the phone with client when i was doing it as we were discussing your game   Appologies. If i was trying to do something....malicious I wouldnt have used my board name ^_-

What can be said..really. ....................

lol I started that forum as i wanted my own, then i got mastermccodes so bleh no use :P

I should probably update those forums as i dont even use them and havent for quite some time.... Some of that stuff ..well most of that stuff was found and copied off other sites as info for users that frequented the forums, however a lot of that stuff, tho will stop majority of basic hacks is not good practice. There are far better tutorials to follow, heck i've written some since that will help you out a bit better and more properly :) <---I own those forums tho I dont use them anymore >,< I use MasterMccodes.com

May not be correct but he is trying is he not? Lets not start a bashafest on new users (: php.net w3schools are the top 2 i'd recommend, there are others of course. We all learn by asking questions. There is no such thing as a stupid question only stupid answers   Boy do I see a lot of stupid answers in this post ^_-

Posting an Ip wont do much and they do not care about IP's being posted here. It's not illegal.

*taps foot* j/k bud. Whenever you got a sudo demo up lemme know :D

Yes you should *shakefist* ^_-

Na, not if you look at the plug-ins i'm releasing for it they tend to add up Plus it does what all the other ones i've seen do only better and more efficient :P

<?php include_once (DIRNAME(__FILE__) . '/globals.php'); if ($ir['hospital']) { echo " You cannot access the gym whilst in hospital</p>"; $h->endpage(); exit; } ### Start Configuration ### $Config = array('EnergyRefill' => '10', 'WillRefill' => '100', 'BraveRefill' => '10', 'DonatorDays' => '200', 'Money' => '10'); ### End Configuration ### $_GET['spend'] = isset($_GET['spend']) && !empty($_GET['spend']) && ctype_alpha($_GET['spend']) ? $_GET['spend'] : FALSE; if (!function_exists('Error')) { function Error($Message) { global $h; echo sprintf("<span style='color: #FF0000;'>Error! %s</span>", stripslashes($Message)); exit($h->endpage()); } } if (!in_array($_GET['spend'], array('', 'EnergyR', 'WillR', 'BraveR', 'Donator', 'Money'))) { Error('Invalid Command!'); } if (!$_GET['spend']) { echo '<span style="text-decoration: underline; font-size: 14px; font-weight: 600">Welcome To The Point Temple!</span> '; echo sprintf("You have [b]%s[/b] crystals. ", number_format($ir['crystals'])); echo 'What would you like to spend your crystals on? '; echo sprintf(" [url='crystaltemple.php?spend=EnergyR']Energy Refill - %s crystals[/url] ", number_format($Config['EnergyRefill'])); echo sprintf("[url='crystaltemple.php?spend=WillR']Will Refill - %s crystals[/url] ", number_format($Config['WillRefill'])); echo sprintf("[url='crystaltemple.php?spend=BraveR']Brave Refill - %s crystals[/url] ", number_format($Config['BraveRefill'])); echo sprintf("[url='crystaltemple.php?spend=Donator']3 Donator Days - %s crystals[/url] ", number_format($Config['DonatorDays'])); echo sprintf("[url='crystaltemple.php?spend=Money']1000 money - %s crystals[/url] ", number_format($Config['Money'])); } else { if ($_GET['spend'] == 'EnergyR') { if ($ir['crystals'] < $Config['EnergyRefill']) { Error('You Don\'t Have Enough crystals!'); } else if ($ir['energy'] == $ir['maxenergy']) { Error('You Already Have Full Energy.'); } else { $db->query(sprintf("UPDATE users SET energy=maxenergy, crystals=crystals-%d WHERE userid=%d", $Config['EnergyRefill'], $userid)); echo sprintf("You Have Paid %s crystals To Refill Your Energy Bar.", number_format($Config['EnergyRefill'])); } } else if ($_GET['spend'] == 'WillR') { if ($ir['crystals'] < $Config['WillRefill']) { Error('You Don\'t Have Enough crystals!'); } else if ($ir['will'] == $ir['maxwill']) { Error('You Already Have Full Will.'); } else { $db->query(sprintf("UPDATE users SET will=maxwill, crystals=crystals-%d WHERE userid=%d", $Config['WillRefill'], $userid)); echo sprintf("You Have Paid %s crystals To Refill Your Will Bar.", number_format($Config['WillRefill'])); } } else if ($_GET['spend'] == 'BraveR') { if ($ir['crystals'] < $Config['BraveRefill']) { Error('You Don\'t Have Enough crystals!'); } else if ($ir['brave'] == $ir['maxbrave']) { Error('You Already Have Full Brave.'); } else { $db->query(sprintf("UPDATE users SET brave=maxbrave, crystals=crystals-%d WHERE userid=%d", $Config['BraveRefill'], $userid)); echo sprintf("You Have Paid %s crystals To Refill Your Brave Bar.", number_format($Config['BraveRefill'])); } } else if ($_GET['spend'] == 'Donator') { if ($ir['crystals'] < $Config['DonatorDays']) { Error('You Don\'t Have Enough crystals!'); } else if ($ir['donatordays'] != '0') { Error('You Already Have Some Donator Days...'); } else { $db->query(sprintf("UPDATE users SET donatordays=donatordays+3, crystals=crystals-%d WHERE userid=%d", $Config['DonatorDays'], $userid)); echo sprintf("You Have Paid %s crystals For 3 Donator Days.", number_format($Config['DonatorDays'])); } } else if ($_GET['spend'] == 'Money') { if ($ir['crystals'] < $Config['Money']) { Error('You Don\'t Have Enough crystals!'); } else { $db->query(sprintf("UPDATE users SET money=money+1000, crystals=crystals-%d WHERE userid=%d", $Config['Money'], $userid)); echo sprintf("You Have Paid %s crystals For 5000 money.", number_format($Config['Money'])); } } } $h->endpage(); ?>

For one. it's crystal temple not market :P for 2 try turning that last { into an } ;)

Just glad it works, other than the GET ID error most have been having it's been relatively bug free :D