Joshua

I'd also add Illusions mysql_query mod where it tells you errors pitched, if someone is cheating it will tell you on what script and who :D

Nothing tinkered with just slapped into one file   <?php require_once("globals.php"); $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; switch($_GET['action']) { case 'attackwon': attackwon(); break; case 'attacklost': attacklost(); break; } function attackwon() { global $db,$userid; $atks=$db->query("SELECT a.*,u1.`username` AS `attackern`, u2.`username` AS `attackedn` FROM `attacklogs` a LEFT JOIN `users` u1 ON a.`attacker`=u1.`userid` LEFT JOIN `users` u2 ON a.`attacked`=u2.`userid` WHERE (u1.`userid`=$userid) AND `result`='won' ORDER BY time DESC LIMIT 100"); echo "[b]Attack Logs - The last 100 players you have killed.[/b] <center><table width=50% cellspacing=1 class='table' border='1' bordercolor='#636363'></center> <tr> <th>Time</th> <th>Attacked</th> </tr>"; while($r=$db->fetch_row($atks)) { $d=date('F j, Y, g:i:s a',$r['time']); echo "<tr> <td><center>$d</td> <td>[url='viewuser.php?u=".abs((int) $r[']<center>".stripslashes($r['attackedn'])."[/url]</td> </tr>"; } echo "</table>"; } function attacklost { global $db,$userid; $atks=$db->query("SELECT a.*,u1.`username` AS `attackern`, u2.`username` AS `attackedn` FROM `attacklogs` a LEFT JOIN `users` u1 ON a.`attacker`=u1.`userid` LEFT JOIN `users` u2 ON a.`attacked`=u2.`userid` WHERE (u2.`userid`=$userid) AND `result`='won' ORDER BY time DESC LIMIT 100"); echo "[b]Attack Logs - The last 100 players that killed you.[/b] <center><table width=50% cellspacing=1 class='table' border='1' bordercolor='#636363'></center> <tr> <th>Time</th> <th>Attacker</th> </tr>"; while($r=$db->fetch_row($atks)) { $d=date('F j, Y, g:i:s a',$r['time']); print "<tr> <td><center>$d</td> <td>[url='viewuser.php?u=".abs((int) $r[']<center>".stripslashes($r['attackern'])."[/url] </td> </tr>"; } echo "</table>"; } ?>   links Attacks Won Attacks Lost   Untested.

>,<

wth i've deleted that double ) twice now on my editor yet i copy and paste and it puts it right back >,< lol

Right that's what the above was posted about Fixed the above code to select city id as well on the query.

LOL has it really been done? Say ... I make 50 football Teams. Each Cron_Day 6 random teams are chosen to play and a random outcome is chosen. Total wins go to a count over all towards the playoffs/superbowl. A betting system where players can bet amounts and win that money from other users with tickets also checked via crons...

If I make it, it will be a freebie for mwg and again, wont be as good as one seany can slap together.

Missed something, post above updated.

<?php require_once("globals.php"); $_GET['to'] = isset($_GET['to']) && is_numeric($_GET['to']) ? abs((int) $_GET['to']) : false; if(!$_GET['to']) { echo "<div class='maincontent'><h1>Bus Station</h1> <div class='main_text'> Welcome to the Bus Station... Where would you like to travel today? You can travel anywhere your Level allows you to, for a set price!</p>"; $q=$db->query("SELECT `cityid`,`cityname`,`cityminlevel`,`citycost` FROM `cities` WHERE `cityid` != {$ir['location']} AND `cityminlevel` <= {$ir['level']}"); echo " <table width=75% cellspacing=1 align=center> <tr><td width=50%>[b]City[/b]</td> <td width=30%>[b]Minimum Level[/b]</td> <td width=20%>[b]Cost[/b]</td></tr>"; while($r=$db->fetch_row($q)) { echo "<tr><td>[url='monorail.php?to=".abs((int) $r[']".stripslashes($r['cityname'])."[/url]</td> <td>".abs((int) $r['cityminlevel'])."</td> <td>\$".abs((int) $r['citycost'])."</td></tr>"; } echo "</table></p></div></div>"; } else { $q=$db->query("SELECT `citycost`,`cityname` FROM cities WHERE cityid = {$_GET['to']} AND cityminlevel <= {$ir['level']}"); if(!$db->num_rows($q)) { echo "Error, this city either does not exist or you cannot go there."; $h->endpage(); exit; } $r=$db->fetch_row($q); if($ir['money'] < $r['citycost']) { echo "You don't have enough money."; $h->endpage(); exit; } $query1 = sprintf("UPDATE `users` SET `money`=`money`-%u,`location`=%u WHERE (`userid`=%d)", abs((int) $r['citycost']), $_GET['to'], abs((int) $userid)"); $db->query($query1); echo "Congratulations, you paid \$".number_format($r['citycost'])." and travelled to ".stripslashes(htmlentities($r['cityname']))." on the monorail!"; } $h->endpage(); ?>   Hm..that should work ^

My "fix" isnt showing cities?

If I do it, it wont be an xss type feed live. it'll be fake teams, with random outcomes. The top teams will go to a "superbowl" type deal. Not as fancy as he ^ can make it but it'll work and it's been awhile since i've done any freebiez

You wanting the outcomes generated randomly? Say 50 teams of w/e sport and a random winner wins set type games... I may pick this up as a side project hm....Maybe have a generated football type game where players can bet on individual games...

Posted Update below

First you want to find out "WHY" They have negative money. Is a cron doing this? Or are they using SQL injections to cheat and that's just one of the side affects.....

Nay

What goes up when it comes down?

Na, not a huge issue with it, just wanted to point out a few nit pic things that stopped the script from actually "working" and hindered the Security :P   he fixed it :-)

^_- +1

Really, you're going to use str_replace instead of securing the output? Also, where is applications secured $_POST :P Also, of course you just found this out on msn ^_-   $ldr['userid'] will end up being blank :P as it wont call to userid when the query only searches for username.   $bbc - Dont be a noob, it's for Bbcode >,< bbcode isnt being used however :p   Overall dont come on my topics telling me it's a fail when we all know it's not >,< You do this on every post I make, the only differance is mine are fully functional you just dont like how I code =p I did say nice effort :p

why :p :edit: I did forget to include Nice Effort Pudda ^_^

$pq=$db->query("SELECT `username` FROM users WHERE userid={$gangdata['gangPRESIDENT']}"); $ldr=$db->fetch_row($pq);   President: <a href='viewuser.php?u={$ldr['userid']}'>{$l     :fail: ^_- You arent calling for userID in the query so it wont call on $ldr :p     $db->query("INSERT INTO applications VALUES('',$userid,{$_GET['ID']},'{$_POST['application']}');");   So um, we are going to secure $_POST['application'] somewhere right? ^_-     $_GET['ID'] = abs(@intval($_GET['ID']));     Wasnt you the one yelling at me for using the @ operator? lol ;)   '<a href=''viewuser.php?u=$userid''>{   why the double single quotes? >< I'd also say secure gangNAME and gangDESC no telling what can be tossed into database :P mres it on the way in, or strip_tags then stripslashes(htmlentities($gangdata['gangDESC']))." on the way out     $c variable isnt being used other than in global. remove that :P function gang_view() $h operator isnt being used, why include it? $bbc isnt being used either far as I can see

shrugz, it's not so bad, it was being used, might as well use it :p

Yea I have a decent one as well, just wanted to remove * and use sprintf as it should since it wasnt defining anything :p

change $sql = sprintf("SELECT * FROM users WHERE userid=".$y['userfrom']);   to $sql = sprintf("SELECT `userid`,`username`,`time` FROM `users` WHERE (`userid`=%u)", $y['userfrom);

mysql_query("INSERT INTO ucomments VALUES ('',unix_timestamp(),$userid,$to,'$message',0)");   ucomments is the table he's calling Make the database yourself :D ID int 11 time int 11 userid int 11 to user id int11 message varchar 255 something else int 11