Joshua
-
Posts
1,271 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Everything posted by Joshua
-
what about.... THER? =p ghetto slang =p
-
I like the one I use more :P http://www.immortal-darkness.com/THISISNOTAFRIGGINLINK.php
-
<?php $macropage = "gym.php"; include "globals.php"; global $db, $h, $ir, $userid; if ($ir['hospital']) { echo " You cannot access the gym whilst in hospital</p>"; $h->endpage(); exit; } $prefs = isset($_SESSION['gymprefs']) ? $_SESSION['gymprefs'] : array('what' => "all", 'expend' => "100%"); $what = $prefs['what']; $expend = $prefs['expend']; $message = false; $sql = sprintf("SELECT us.strength, us.agility, us.guard, us.labour, u.energy, u.will, u.jail FROM users u LEFT JOIN userstats us ON (u.userid = us.userid) WHERE (u.userid = %u) AND (u.user_level < 3)", $userid); $row = $db->fetch_row($db->query($sql)); $formID = preg_replace("`^([0-9A-F]{8})([0-9A-F]{4})([0-9A-F]{4})([0-9A-F]{4})([0-9A-F]{12})$`ms", "{\\1-\\2-\\3-\\4-\\5}", strtoupper(md5(serialize(array(session_id(), "Gym", null))))); if (isset($_POST['formID']) && is_string($_POST['formID']) && ($_POST['formID'] === $formID)) { $what = isset($_POST['what']) && is_string($_POST['what']) && preg_match("`^((all)|(strength)|(agility)|(guard)|(labour))$`ims", $_POST['what']) ? strtolower($_POST['what']) : $what; $expend = isset($_POST['expend']) && is_string($_POST['expend']) && preg_match("`^((100%)|(75%)|(50%)|(25%)|(value))$`ims", $_POST['expend']) ? strtolower($_POST['expend']) : $expend; $value = isset($_POST['value']) && is_string($_POST['value']) && preg_match("`^\d+$`ims", $_POST['value']) ? @intval($_POST['value']) : 0; $sql = sprintf("SELECT energy, will FROM users WHERE (userid = %u)", $userid); $rs = $db->query($sql); $info = $db->fetch_row($rs); $energy = $row['energy']; $will = $row['will']; switch ($expend) { case "100%": $value = $row['energy']; break; case "75%": $value = $row['energy'] * 0.75; break; case "50%": $value = $row['energy'] * 0.50; break; case "25%": $value = $row['energy'] * 0.25; break; default: break; } $value = floor($value); if ($value > $row['energy']) $message = "<span style='color:#C00;'>You don't have enough energy</span>"; else { $prefs = array('what' => $what, 'expend' => $expend); $gain = 0; $will = $row['will']; for ($i = 0; $i < $value; $i++) { $gain += mt_rand(1, 3) / mt_rand(500, 900) * mt_rand(500, 900) * (($will + 20) / 150); $will = max(0, $will - mt_rand(1, 3)); } if ($row['jail']) $gain *= 0.5; $row['will'] = floor($will); $row['energy'] -= $value; switch ($what) { case "all": $message = sprintf("<span style='color:#070;'>You gain %s in each stat</span>", number_format($gain * 0.25, 2)); $row['strength'] += $gain * 0.25; $row['agility'] += $gain * 0.25; $row['guard'] += $gain * 0.25; $row['labour'] += $gain * 0.25; break; case "strength": $message = sprintf("<span style='color:#070;'>You gain %s in strength</span>", number_format($gain, 2)); $row['strength'] += $gain; break; case "agility": $message = sprintf("<span style='color:#070;'>You gain %s in agility</span>", number_format($gain, 2)); $row['agility'] += $gain; break; case "guard": $message = sprintf("<span style='color:#070;'>You gain %s in guard</span>", number_format($gain, 2)); $row['guard'] += $gain; break; case "labour": $message = sprintf("<span style='color:#070;'>You gain %s in labour</span>", number_format($gain, 2)); $row['labour'] += $gain; break; } $sql1 = sprintf("UPDATE userstats SET strength = %.6f, agility = %.6f, guard = %.6f, labour = %.6f WHERE (userid = %u)", $row['strength'], $row['agility'], $row['guard'], $row['labour'], $userid); $sql2 = sprintf("UPDATE users SET will = %u, energy = %d WHERE (userid = %u)", $row['will'], $row['energy'], $userid); $db->query($sql1); $db->query($sql2); } $_SESSION['gymprefs'] = $prefs; } $row['ranks'] = array ( 'strength' => $db->fetch_single($db->query(sprintf("SELECT COUNT(userid) FROM userstats WHERE (strength > %.6f)", $row['strength']))) + 1, 'agility' => $db->fetch_single($db->query(sprintf("SELECT COUNT(userid) FROM userstats WHERE (agility > %.6f)", $row['agility']))) + 1, 'guard' => $db->fetch_single($db->query(sprintf("SELECT COUNT(userid) FROM userstats WHERE (guard > %.6f)", $row['guard']))) + 1, 'labour' => $db->fetch_single($db->query(sprintf("SELECT COUNT(userid) FROM userstats WHERE (labour > %.6f)", $row['labour']))) + 1, 'total' => $db->fetch_single($db->query(sprintf("SELECT COUNT(userid) FROM userstats WHERE (strength + agility + guard + labour > %.6f)", $row['strength'] + $row['agility'] + $row['guard'] + $row['labour']))) + 1, ); echo "<style type='text/css'>"; echo "#gym { }"; echo "#gym h3, #gym p { }"; echo "#gym table { width:90%;border-collapse:collapse; }"; echo "#gym th { border:solid 1px #333;background:#F6F6F6 url(th.png);padding:3px;color:#333; }"; echo "#gym td { border:solid 1px #CCC;padding:3px;color:#CCC; }"; echo "#gym { }"; echo "</style>"; echo "<div id='gym'>"; echo sprintf("<h3>%sGym</h3>", $ir['jail'] ? "Jail " : ""); if ($message) echo sprintf(" %s</p>", $message); echo "<form name='train' id='train' action='gym.php' method='post' style='padding:0;margin:0;'>"; echo sprintf("<input type='hidden' name='formID' value='%s' />", $formID); echo "<table cellpadding='0' cellspacing='0'>"; echo "<tr>"; echo "<th class='sub' style='width:50%;'>Train</th>"; echo "<th class='sub' style='width:50%;'>Expend</th>"; echo "</tr>"; echo "<tr>"; echo "<td style='line-height:200%;'>"; echo sprintf("<input type='radio' name='what' id='what0' value='all' %sstyle='vertical-align:middle;' /><label for='what0' style='cursor:pointer;'>All (25%% energy in each) [Rank #%s]</label> ", $what === "all" ? "checked='checked' " : "", number_format($row['ranks']['total'])); echo sprintf("<input type='radio' name='what' id='what1' value='strength' %sstyle='vertical-align:middle;' /><label for='what1' style='cursor:pointer;'>Strength (%s) [Rank #%s]</label> ", $what === "strength" ? "checked='checked' " : "", number_format($row['strength']), number_format($row['ranks']['strength'])); echo sprintf("<input type='radio' name='what' id='what2' value='agility' %sstyle='vertical-align:middle;' /><label for='what2' style='cursor:pointer;'>Agility (%s) [Rank #%s]</label> ", $what === "agility" ? "checked='checked' " : "", number_format($row['agility']), number_format($row['ranks']['agility'])); echo sprintf("<input type='radio' name='what' id='what3' value='guard' %sstyle='vertical-align:middle;' /><label for='what3' style='cursor:pointer;'>Guard (%s) [Rank #%s]</label> ", $what === "guard" ? "checked='checked' " : "", number_format($row['guard']), number_format($row['ranks']['guard'])); echo sprintf("<input type='radio' name='what' id='what4' value='labour' %sstyle='vertical-align:middle;' /><label for='what4' style='cursor:pointer;'>Labour (%s) [Rank #%s]</label> ", $what === "labour" ? "checked='checked' " : "", number_format($row['labour']), number_format($row['ranks']['labour'])); echo "</td>"; echo "<td style='line-height:200%;'>"; echo sprintf("<input type='radio' name='expend' id='expend0' value='100%%' %sstyle='vertical-align:middle;' /><label for='expend0' style='cursor:pointer;'>100%% Energy</label> ", $expend === "100%" ? "checked='checked' " : ""); echo sprintf("<input type='radio' name='expend' id='expend1' value='75%%' %sstyle='vertical-align:middle;' /><label for='expend1' style='cursor:pointer;'>75%% Energy</label> ", $expend === "75%" ? "checked='checked' " : ""); echo sprintf("<input type='radio' name='expend' id='expend2' value='50%%' %sstyle='vertical-align:middle;' /><label for='expend2' style='cursor:pointer;'>50%% Energy</label> ", $expend === "50%" ? "checked='checked' " : ""); echo sprintf("<input type='radio' name='expend' id='expend3' value='25%%' %sstyle='vertical-align:middle;' /><label for='expend3' style='cursor:pointer;'>25%% Energy</label> ", $expend === "25%" ? "checked='checked' " : ""); echo sprintf("<input type='radio' name='expend' id='expend4' value='value' %sstyle='vertical-align:middle;' onclick='document.train.value.focus();' /><label for='expend4' style='cursor:pointer;'><input type='text' id='value' name='value' value='{$row['energy']}' size='8' onfocus='this.select();' /> Energy</label> ", $expend === "value" ? "checked='checked' " : "");//(C)2008,Nyna echo "</td>"; echo "</tr>"; echo "<tr>"; echo "<td colspan='2' style='text-align:center;padding:6px;'>"; echo "<input type='submit' name='submit' value='Train' />"; echo "</td>"; echo "</tr>"; echo "</table>"; echo "</form>"; echo "</div>"; echo "<p style='color:#CCC;'>An open-source extension from [url='http://nyna.co.uk/']Nyna[/url]</p>"; $h->endpage(); ?>
-
I make custom mods and have a mods package as well ^_^ check Paid Mod section or hit me up in pm
-
I'm kinda hard headed...if you hadnt noticed, we could always attempt. if I learn through osmosis i'd be l33t php guru guy :O
-
No but absorbing the knowledge inside would be, hence the question ^_^
-
Could I learn more through Osmosis if you did? ^_-
-
I'm hurt, a child called me a failure. Learn from other peoples codes? Why not? Everyday you learn from everyone else as well as php manual. It's called education, me thinks you should seek it out.
-
Focus more on studying than hacking maybe you could get it to work, I did, go figure that one?
-
Not the latest version but close MySQL version 5.0.89 Edit X's 2. Normally yes, ' ' is just for strings, obviously. However, it failed for me until i added ' ' around the % as well. ---- Alan, You've destroyed countless games and you're not even an adult yet. God forbid when you can be held legally liable for the idiocy you provide to the general public. Wish I could be there.
-
Try adding ' ' around the %%%% as it isnt pitching an error on my end, nor the other site i tested it on, both on latest vers
-
A snippet of a functional working query on a demo site $db->query("UPDATE `myplayers` SET `exp`=`exp`+%%u%%,`cash`=`cash`+%%u%% WHERE `userid`=%%d%%", $expgain, $stole, $userid); $db->query("UPDATE `myplayers` SET `hp`=1,`cash`=`cash`-%%d%%,`hospital`=%%u%%,`hospreason`='Mugged by <a href=\'viewuser.php?u=".number_Format($userid)."\'>".strip_tags($ir['username'])."</a>, ' WHERE `userid`=%%u%%", $stole, $hosptime, $r['userid']);
-
Yes, you've been hacking and manipulating people the longest out of anyone, congratulations! If it didnt work, then why is it working on my queries?
-
slap a ' ' around the %u op I've done about 15 diff pages not using sprintf( to define %u/%s etc and they all work 100% :P The logic being on a test done by someone else with sprintf and %% load time was 1.8 w/o sprint f and just %% load time was .7 w/o either load time was .2 So i went for the middle one >,<
-
They arent entirely sprintf operators, and yea i have tried it, works fine.
-
lol =p
-
er file page you know what i meant. I dont wanna hear it from you, you didnt know that %u / %s %d do not NEED sprintf to operate ^_^
-
$_POST['f'] = abs(@intval($_POST['f'])); then further down... "'.mysql_real_escape_string($_GET['f']).' really ? :P
-
for the problem with the ( %u ) bit just add ' ' around %u
-
No, most important part is securing the INPUT and OUTPUT on every page Making sure info into the database is safe, then checking it on output to the page making sure it's safe. :P
-
MTG i recently discovered it's faster to use the operators w/o the need of using sprintf that slows down the query So I ask, why use sprintf when you can just %%u%%? achieve the same results and it runs faster.
-
shrugz friendslist isnt exactly a big table so select * isnt overkill >< just removed a few slow operators, added an extra secure $_GET function for $_GET['f'] few other nic nacs nothing major
-
You fixed one of mine so............=P <?php /* This is friendlist.php, I was asked to too update it, I'm pretty sure Danny696 did the recoding, and added the security though. Anyways..ENJOY! */ include(DIRNAME(__FILE__) . '/globals.php'); $donator = TRUE; if($donator == TRUE && $ir['donatordays'] == 0) { echo'Sorry. This feature is for donators only'; $h->endpage(); exit; } $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; $_POST['ID'] = abs((int) $_POST['ID']); $_POST['f'] = abs((int) $_POST['f']); $_GET['f'] = isset($_GET['f']) && is_numeric($_GET['f']) ? abs((int) $_GET['f']) : false; switch($_GET['action']) { case 'add': friend_add(); break; case 'remove': friend_remove(); break; case 'comment': friend_comment(); break; default: index(); break; } if (!in_array($_GET['action'], array('add','remove','comment','index'))) { echo "<h2>Illegal Operation</h2>"; $h->endpage(); exit; } function index() { global $db,$ir,$userid,$h; $abc=$db->query("SELECT * FROM `friendslist` WHERE (`fl_ADDED`=%u)", $userid); $friendcount = $db->num_rows($abc); echo'<a href=?action=add>> Add a Friend</a> '; echo' <center>[b]'.number_format($friendcount).' players have added you as a friend[/b]</center> <center>Most Liked User: '; $q2r=$db->query("SELECT u.username,count( * ) as cnt,fl.fl_ADDED FROM friendslist fl LEFT JOIN users u on fl.fl_ADDED=u.userid GROUP BY fl.fl_ADDED ORDER BY cnt DESC LIMIT 1"); $r=0; while($r2r=$db->fetch_row($q2r)) { $r++; if($r > 1) { print " | "; } echo '[url="viewuser.php?u='.number_format($r2r['fl_ADDED']).'"]'.stripslashes(htmlspecialchars($r2r['username'])).'['.$r2r['fl_ADDED'].'][/url]'; } echo' </center>'; echo'<table cellspacing="2" cellpadding="2" border="1" style="background:#000000" class="table" width="85%"> <th>Name</th> <th>Mail</th> <th>Send Cash</th> <th>Bank Xfer</th> <th>Send Crystals</th> <th>Remove</th> <th>Comment</th> <th>Change Comment</th> <th>Status</th> <th>Last Online</th></tr>'; $q=$db->query("SELECT fl.*,u.userid,u.username,u.laston,u.donatordays FROM friendslist fl LEFT JOIN users u ON fl.fl_ADDED=u.userid WHERE fl.fl_ADDER=$userid ORDER BY u.username ASC"); while($r=$db->fetch_row($q)) { if($r['laston'] >= time()-15*60) { $on="<font color=green>[b]Online[/b]</font>"; } else { $on="<font color=red>[b]Offline[/b]</font>"; } $d=""; if($r['donatordays']) { $r['username'] = '<font color=red>'.stripslashes(htmlspecialchars($r['username'])).'</font>'; $d='[img=donator.gif]'; } if(!$r['fl_COMMENT']) { $r['fl_COMMENT']="None"; } echo' <tr> <td>[url="viewuser.php?u='.number_format($r['userid']).'"]'.stripslashes(htmlspecialchars($r['username'])).' ['.number_format($r['userid']).'][/url]'.$d.'</td> <td>[url="mailbox.php?action=compose&ID='.number_format($r['userid']).'"]<center>Send Message</center>[/url]</td> <td>[url="sendcash.php?ID='.number_format($r['userid']).'"]<center>Send Cash</center>[/url]</td> <td>[url="sendbank.php?ID='.number_format($r['userid']).'"]Bank Xfer[/url]</td></br /> <td>[url="sendcrys.php?ID='.number_format($r['userid']).'"]Send Crystals[/url]</td> <td>[url="?action=remove&f='.number_format($r['fl_ID']).'"]<center>Remove</center>[/url]</td> <td><center>'.stripslashes(htmlentities($r['fl_COMMENT'])).'</center></td> <td>[url="?action=comment&f='.number_format($r['fl_ID']).'"]<center>Change Comment</center>[/url]</td> <td><center>'.$on.'</center></td> <td><center>'.date('F j, Y g:i:s a',$r['laston']).'</center></td> </tr> '; } echo'</table>'; } function friend_add() { global $db,$ir,$userid,$h; $_POST['comment']=str_replace(array("<",">","\n"),array("<",">"," "), $_POST['comment']); if($_POST['ID']) { $qc=$db->query("SELECT * FROM friendslist WHERE fl_ADDER=$userid AND fl_ADDED=".$_POST['ID'].""); $q=$db->query("SELECT `username` FROM `users` WHERE (`userid`='%u')", $_POST['ID']); if($db->num_rows($qc)) { echo'Why are you adding the same person twice...'; } elseif($userid==$_POST['ID']) { echo'Why are you adding yourself you your friends list, got no friends...'; } elseif($db->num_rows($q)==0) { echo'That user isnt a real person im afraid... Come back later...'; } else { $db->query("INSERT INTO `friendslist` VALUES('', %u, %u, '%s')", $userid, $_POST['ID'], $_POST['comment']); $r=$db->fetch_row($q); $db->query("UPDATE `users` SET `friend_count`=`friend_count`+1 WHERE (`userid`='%u')", $_POST['ID']); echo'You added '.stripslashes(htmlentities($r['username'])).' to your friends list. [url="friendslist.php"]> Back[/url]'; } } else { echo' <h4>Adding a friend.</h4> <form action="?action=add" method="post"> Friends ID: <input typpe="text" name="ID" value="'.$_GET['ID'].'" /> Comment (optinal): <textarea name="comment" rows="7" cols="40"></textarea> <input type="submit" value="Add!" /></form>'; } } function friend_remove() { global $db,$ir,$userid,$h; $q=$db->query("SELECT * FROM friendslist WHERE fl_ID=%u AND fl_ADDER=$userid", $_GET['f']); if($db->num_rows($q) == 0) { echo'You cannot remove something you havent got.'; } $r=$db->fetch_row($q); $db->query("DELETE FROM `friendslist` WHERE `fl_ID`=%u AND (`fl_ADDER`='%u')", $_GET['f'], $userid); $db->query("UPDATE `users` SET `friend_count`=`friend_count`-1 WHERE (`userid`=%u')", $r['fl_ADDED']); echo'You have successfully removed the friends entry! [url="friendslist.php"]> Back[/url]'; } function friend_comment() { global $db,$ir,$userid,$h; $_POST['comment']=str_replace(array("<",">","\n"),array("<",">"," "), $_POST['comment']); if($_POST['comment']) { $db->query("UPDATE `friendslist` SET `fl_COMMENT`='%s' WHERE `fl_ID`='%u' AND (`fl_ADDER`='%u')", $_POST['comment'], $_POST['f'], $userid); echo'You have successfully changed the comment! [url="friendslist.php"]> Back[/url]'; } else { $q=$db->query("SELECT `fl_COMMENT` FROM `friendslist` WHERE `fl_ID`='%u' AND (`fl_ADDER`='%d')", $_GET['f'], $userid); if($db->num_rows($q)) { $r=$db->fetch_row($q); $comment=str_replace(array("<",">"," "), array("<",">","\n"), $r['fl_COMMENT']); echo 'Changing a comment. <form action="?action=comment" method="post"> <input type="hidden" name="f" value="'.$_GET['f'].'" /> New Comment: <textarea rows="7" cols="40" name="comment">'.$comment.'</textarea> <input type="submit" value="Change!" /></form>'; } else { echo'Stop trying to edit posts that arn\'t yours'; } } } $h->endpage(); ?>