Joshua

Shouldnt you at least MRES the $_POST['comment'] bit other than than the tiny preg replace :P

LOL whooooops.

So tell me for my personal knowledge, other than special chars on the username and a few sprintf's what was not up to snuff security wise?

Gah taking my code and sprintf'ing the crap out of it ! * shakefist* hehe ;)

Hm, what was bug? :P And thanks

Ok so we've all seen the drug smuggling mods and for the most part they are highly basic and crap in my honest opinion. We also have seen an old outdated court system that left little to the imagination.   So what i'm looking for is ideas on an expansion to an idea i've had.   Idea I've had   Inserting a Police system, user based, where users can become police offers / narcs in-game. They will have the ability to arrest users via a police station, file reports, set warrants, court hearings etc. Option will of course be there for them to be "dirty" cops, a.k.a if they arrest someone smuggling dope they can take the dope for themselves. A felony/misdemeanor criminal record where users would have to keep tabs, the ability to sell to all users "including undercover narcs" etc. This will take some time, looking for ideas on how to proceed or help if you feel up for it. This could be huge (:

LOL zero now why didnt I think of that ><

Yes it will, it will clutter up the shoutbox and scare Jambo because he cant code and it looks scary >,< lol   Course....knowing Jambo........he'll copy/paste them and try and use them lawl.

He's known for being a piece of trash i beleive.

The owner of that site is Jambo, should have known >,< Not sure what can be done legally. :\

Once it's tested and Functional i'll add gang pics and gang recruit functions to it as i beleive they have been done for free just need a little tweaking.

Not Tested, you had userid defined wrong in the last function so that wasnt going to work and no need to MRES the GET['to'] as it's an integer. Also sprintf isnt being used properly as you arent definding it so :P A few quick fixes, not tested   <?php /* this FREE mod was made by skalman It is just a default monorail so you wont have to chance much if you decide to use this. As a FREE mod you cant claim it as your own, pass it off as your own or sell it or remove this banner what you can do it add to it or improve it but you must cleary stat that i made the original version of this mod Basically what this mod does is when your user goes to use the monorail there is a chance that the user will be detained of suspession of either being a terrorist drugs smuggling or smuggling diamonds once stopped the are 3 options either confess, lawyer up or try to flee CONFESS you confess to the crime are given a jail sentenace but are given 1 of 3 unique items. (ive made a soap on a string, a toothbrush shank and a Guards cat and nail tails) LAWYER UP You call in your very expensive to get you out of trouble, which is what he does he all say you should sue of unwillful detained which you will get money from and FLEE You try to run away which will either end in epic failure or you make it out of there. There is also the chance that you get away with all your diamonds(or whatever you use for crystals diamonds in my game) this mod does have some security but could prob do with a bit more( no doubt immortal thug will prob look over my amazing coding and recode and tell me its wrong then make it better lol. ty immortal if you do but remember credit where credits due) ill also comment where you can change the chance of getting caught, changing items, jail time, money, diamonds(crystals) and so on */ require_once(DIRNAME(__FILE__) . '/globals.php'); $_GET['to'] = isset($_GET['to']) && is_numeric($_GET['to']) ? abs((int) $_GET['to']) : false; $_GET['stop'] = isset($_GET['stop']) && is_numeric($_GET['stop']) ? abs((int) $_GET['stop']) : false; switch($_GET['action']) { case 'index': index(); break; case 'stopped': stopped(); break; case 'confess': confess(); break; case 'lawyerup': lawyerup(); break; case 'flee': flee(); break; default: index(); break; } if (!in_array($_GET['action'], array('index','stopped', 'confess', 'lawyerup', 'flee'))) { echo "Operation not understood!"; exit; } /*this is the default code from the stock monorail nothing has been changed */ function index() { global $db, $ir,$userid,$h; $travel = abs((int) rand(1,100)); /* this is the chance of getting caught default is 25%*/ if($travel < 25) { echo "Stop You have been detained due to your illegal activities Please follow me to the [url='monorail3.php?action=stopped'] security center[/url]"; $h->endpage(); exit; } if(!$_GET['to']) { echo "Welcome to the Monorail Station. It costs \$1000 for a ticket. Where would you like to travel today? "; $q=$db->query("SELECT `citydesc`, `cityminlevel`, `cityid` FROM `cities` WHERE `cityid` != {$ir['location']} AND `cityminlevel` <= {$ir['level']}"); echo "<table width=75% cellspacing=1 class='table'><tr style='background:gray'><th>Name</th><th>Description</th><th>Min Level</th><th></th></tr>"; while($r=$db->fetch_row($q)) { echo "<tr><td>".stripslashes(htmlentities($r['cityname']))."</td> <td>".stripslashes(htmlentities($r['citydesc']))."</td><td>{$r['cityminlevel']}</td> <td>[url='monorail.php?to={$r[']Go[/url]</td> </tr>"; } echo "</table>"; } else { if($ir['money'] < 1000) { echo "You don't have enough money."; $h->endpage(); exit; } else if($_GET['to'] != $_GET['to']) { echo "Invalid city ID"; } else { $q=$db->query("SELECT * FROM `cities` WHERE `cityid` = {$_GET['to']} AND `cityminlevel` <= {$ir['level']}")); if(!$db->num_rows($q)) { echo "Error, this city either does not exist or you cannot go there."; } else { $db->query(sprintf("UPDATE `users` SET `money`=`money`-%d,`location`=%u WHERE `userid`=%d", 1000, $_GET['to'], $userid)); $r=$db->fetch_row($q); echo "Congratulations, you paid \$1000 and travelled to ".stripslashes($r['cityname'])." on the monorail!"; } } } $h->endpage(); exit; } /* this is where you go once youve been caught to choose your option*/ function stopped() { global $db, $ir,$userid,$h; $stop = abs((int) (rand(1,3))); if($stop = 1) { echo "You have been detained on suspicion of being a terrorist. How do you want to pleade for this crime? [[url='monorail.php?action=confess&stop=".number_format($stop)."']Confess[/url]] [[url='monorail.php?action=lawyerup&stop=".number_format($stop)."']Call your lawyer[/url]] [[url='monorail.php?action=flee']attempt to flee[/url]] "; } else if($stop = 2) { echo " You have been detained on suspession of drugs trafficking. How do you want to pleade for this crime? [[url='monorail.php?action=confess&stop=".number_format($stop)."']Confess[/url]] [[url='monorail.php?action=lawyerup&stop=".number_format($stop)."']Call your lawyer[/url]] [[url='monorail.php?action=flee']attempt to flee[/url]] "; } else { echo " You have been detained on suspession of smuggling diamonds. How do you want to pleade for this crime? [[url='monorail.php?action=confess&stop=".number_format($stop)."']Confess[/url]] [[url='monorail.php?action=lawyerup&stop=".number_format($stop)."']Call your lawyer[/url]] [[url='monorail.php?action=flee']attempt to flee[/url]] "; } } /*this is where yo confess to 1 of the 3 crimes)*/ function confess() { global $db,$ir,$userid,$h; /*This is where you set the jail time*/ $time = abs((int) (rand(75,150))); if($_GET['stop'] = 1) { echo "For confessing to being a terrorist the courts have sentented you to ".number_format($time)." in jail While in jail you found this item which the guard didnt find when you were released [url='index.php']Go home [/url]"; $db->query(sprintf("UPDATE `users` SET `jail`=`jail`+%u,`jail_reason`=%s WHERE `userid`=%d", $time, stripslashes('confessed to being a terrorist'), $userid)); /*You will need to change the itemid if you use the 3 items ive made or if you want to use your own items*/ $db->query("INSERT INTO inventory ('','4',$userid,'1', 'jail'')"); $db-> // What is this for????***Thug*** } elseif($_GET['stop'] = 2) { echo "For confessing to drugs trafficking the courts have sentented you to ".number_format($time)." in jail While in jail you found this item which the guard didnt find when you were released [url='index.php']Go home [/url]"; $db->query(sprintf("UPDATE `users` SET `jail`=`jail`+%u,`jail_reason`=%s WHERE `userid`=%u", $time, stripslashes('confessed to drugs trafficking'), $userid)); /*You will need to change the itemid if you use the 3 items ive made or if you want to use your own items*/ $db->query("INSERT INTO inventory ('','5',$userid,'1', 'jail'')"); } else { echo "For confessing to smuggling diamonds the courts have sentenced you to ".number_format($time)." in jail While in jail you found this item which the guard didnt find when you were released [url='index.php']Go home [/url]"; $db->query(sprintf("UPDATE `users` SET `jail`=`jail`+%u,`jail_reason`=%s WHERE `userid`=%d", $time, stripslashes('confessed to Diamond smuggling'), $userid)); /*You will need to change the itemid if you use the 3 items ive made or if you want to use your own items*/ $db->query("INSERT INTO inventory ('','6',$userid,'1', 'jail'')"); } } /*This is where you go when you lawyer up*/ function lawyerup() { global $db,$ir,$userid,$h; /*This is where you can set the amount of money you can get as compensation*/ $money = abs((int) (rand(10000,25000))); if($_GET['stop'] = 1) { echo "You make your call to your very expensive lawyer to get him to help you out, Once there your lawyer is able to get to released free of charge on a technicality and suggests that you sue for wrongful detained and is able to get you \$".number_format($money)." in compensation [url='index.php']Go home [/url]"; $db->query(sprintf("UPDATE `users` SET `money`=`money`+%u WHERE `userid`=%d", $money, $userid)); } else if($_GET['stop'] = 2) { echo "You make your call to your very expensive lawyer to get him to help you out, Once there your lawyer is able to get to released free of charge on a technicality and suggests that you sue for wrongful detained and is able to get you \$".number_format($money)." in compensation [url='index.php']Go home [/url] "; $db->query(sprintf("UPDATE `users` SET `money`=`money`+%u WHERE `userid`=%d", $money, $userid)); } else { echo "You make your call to your very expensive lawyer to get him to help you out, Once there your lawyer is able to get to released free of charge on a technicality and suggests that you sue for wrongful detained and is able to get you \$".number_format($money)." in compensation [url='index.php']Go home [/url] "; $db->query(sprintf("UPDATE `users` SET `money`=`money`+%u WHERE `userid`=%d", $money, $userid)); } } /*This is where you go when you try to flee*/ function flee() { global $db, $ir,$userid,$h; /*this is for the success rate for fleeing*/ $flee = abs((int) (rand(1,100))); /*this is for the jail time if caught*/ $jailtime = abs((int) (rand(25,75))); /*this is for the amount of diamonds(crystals or whatever you use)*/ $diamonds = abs((int) (rand(1,10))); if($_GET['stop'] = 1) { echo "After decideding that you cant spend any more time in jail you atempt to flee from the station. "; } else if($flee < 25) { echo "You were able to run away from the station and to lose the goons that were chasing you, on your way out you were able to grab back the bag the diamonds were in when you got home you open the bag and in there is ".number_format($diamonds)." diamond(s) [url='index.php']Go home [/url]"; } else if($flee > 25) { echo "While running for the door out of nowhere 1 of the guards rugby takes you to the group and the other guards jump on you then when you get up a guard knocks you out and you awake to find yourself in jail for ".number_format($jailtime)." [url='index.php']Go home [/url]"; $db->query(sprintf("UPDATE `users` SET `jail`=`jail`+%u,`jail_reason`=%s WHERE `userid`=%d", $jailtime, stripslashes('tried to flee arrest'), $userid)); } if($_GET['stop'] = 2) { echo "After decideding that you can spend any more time in jail you atempt to flee from the station. "; } else if($flee < 25) { echo "You were able to run away from the station and to lose the goons that were chasing you, on your way out you were able to grab back the bag the diamonds were in when you got home you open the bag and in there is {$diamonds} diamond(s) [url='index.php']Go home [/url]"; } else if($flee > 25) { echo "While running for the door out of nowhere 1 of the guards rugby tabkes you to the group and the other guards jump on you then when you get up a guard knocks you out and you awake to find yourself in jail for {$jailtime} [url='index.php']Go home [/url]"; $db->query(sprintf("UPDATE `users` SET `jail`=`jail`+%u,`jail_reason`=%s WHERE `userid`=%d", $jailtime, stripslashes('tried to flee arrest'), $userid)); } if($_GET['stop'] = 3) { echo "After deciding that you can spend any more time in jail you attempt to flee from the station. "; } else if($flee < 25) { echo "You were able to run away from the station and to lose the goons that were chasing you, on your way out you were able to grab back the bag the diamonds were in when you got home you open the bag and in there is ".number_format($diamonds)." diamond(s) [url='index.php']Go home [/url]"; } else if($flee > 25) { echo "While running for the door out of nowhere 1 of the guards rugby tabkes you to the group and the other guards jump on you then when you get up a guard knocks you out and you awake to find yourself in jail for ".number_format($jailtime)." [url='index.php']Go home [/url]"; $db->query(sprintf("UPDATE `users` SET `jail`=`jail`+{$jailtime},`jail_reason`={tried to flee arrest} WHERE userd=$userid", $jailtime, stripslashes('tried to flee arrest'), $userid)); } } ?>

Before Zero says it :P Don't SELECT * define what you are selecting, safer, faster :P

The msg replace array i actually copied from the Mail system since you're sending mail nywho :P

Good work +1 :)

Nope, it's 1 mod for 30.00 :P But it's coded well ^_- and tons of features :D

Np that used to bug me at times, used to forget to add $db to the function class then bug out when $db was "unknown" lol.

Cable, I already have a Class/Race mod for sale if by that you are meaning upon registration the user chooses a class/race and the game varies on play depending on what they chose :P

Cable, I already have a Race Selection for sale ^_- Characther class mod to the 10th degree =P

You have the fetch array in a function and it's not going to call to something not in the function :P try putting the query under the function bit, should work fine.

Course that's how it works, freebie mod for anyone to use as they see fit :-)

Currently no, this wont work with V1 due to no connection identifier, ir definitions or mysql_queries shouldnt be to hard to convert however

Ok so I slapped this together rather quickly, may have missed something but it was working 100% on my site. granted i had to change a ton of stuff for it to work on a base McCodes engine but it "should" Any errors report here and I'll fix. May updat this later with a bit more security, but it should suffice for now. call this file attfinish.php <?php require_once("globals.php"); $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; $_GET['ID'] = isset($_GET['ID']) && is_numeric($_GET['ID']) ? abs(@intval($_GET['ID'])) : false; switch($_GET['action']) { case "rob": rob(); break; case "injure"; injure(); break; case "leave"; leave(); break; } if (!in_array($_GET['action'], array('rob', 'injure', 'leave'))) { echo "Operation not understood!"; exit; } function rob() { global $db,$ir,$userid,$h; $atkpage=1; $_SESSION['attacking']=0; $ir['attacking']=0; $db->query("UPDATE `users` SET `attacking`=0 WHERE `userid`=$userid"); $od=$db->query("SELECT `userid`, `username`, `hp`, `gang`, `user_level`, `level` FROM users WHERE userid=".$_GET['ID'].""); if($_SESSION['attackwon'] != $_GET['ID']) { echo "Do not try to cheat.. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($db->num_rows($od)) { $r=$db->fetch_row($od); $gq=$db->query("SELECT `gangID`, `gangRESPECT` FROM gangs WHERE gangID={$r['gang']}"); $ga=$db->fetch_row($gq); if($r['hp'] == 1) { echo "Cheating are we? [url='index.php']Back[/url]"; $h->endpage(); exit; } else { $stole=round($r['money']/(rand(200,5000)/10)); print "You beat ".stripslases($r['username'])."!! After stomping ".stripslashes($r['username'])." into the dirt, you rob them blind snatching jewelry, wallet, sneakers and anything else you feel you could use. Profitable, you managed to steal \$".number_format($stole).", out of their wallet alone."; $hosptime=rand(20,40)+floor($ir['level']/8); $expgain=0; $db->query("UPDATE `users` SET `exp`=`exp`+$expgain,`money`=`money`+$stole WHERE `userid`=$userid"); $db->query("UPDATE `users` SET `hp`=1,`money`=`money`-$stole,hospital=$hosptime,hospreason='Mugged by <a href=\'viewuser.php?u={$userid}\'>{$ir['username']}</a>' WHERE userid={$r['userid']}"); event_add($r['userid'],"[url='viewuser.php?u=$userid']{$ir['username']}[/url] mugged you and stole \$$stole.",$c); $atklog=mysql_real_escape_string($_SESSION['attacklog']); $db->query("INSERT INTO attacklogs VALUES('',$userid,{$_GET['ID']},'won',unix_timestamp(),$stole,'$atklog');"); $_SESSION['attackwon']=0; $warq=$db->query("SELECT * FROM `gangwars` WHERE (`warDECLARER`={$ir['gang']} AND `warDECLARED`={$r['gang']}) OR (`warDECLARED`={$ir['gang']} AND `warDECLARER`={$r['gang']})"); if ($db->num_rows($warq) > 0) { $db->query("UPDATE `gangs` SET `gangRESPECT`=`gangRESPECT`-3 WHERE `gangID`={$r['gang']}"); $ga['gangRESPECT']-=3; $db->query("UPDATE `gangs` SET `gangRESPECT`=`gangRESPECT`+3 WHERE `gangID`={$ir['gang']}"); print " You earned 3 respect for your gang!"; }//Gang Kill if ($ga['gangRESPECT']<=0 && $r['gang']) { $db->query("UPDATE `users` SET `gang`=0 WHERE `gang`={$r['gang']}"); $db->query("DELETE FROM `gangs` WHERE `gangRESPECT`<='0'"); $db->query("DELETE FROM `gangwars` WHERE `warDECLARER`={$ga['gangID']} or `warDECLARED`={$ga['gangID']}"); } $npcs=array( ); if($r['user_level']==0) { $q=$db->query("SELECT * FROM challengebots WHERE cb_npcid={$r['userid']}"); if ($db->num_rows($q)) { $cb=$db->fetch_row($q); $qk=$db->query("SELECT * FROM challengesbeaten WHERE userid=$userid AND npcid={$r['userid']}"); if(!$db->num_rows($qk)) { $m=$cb['cb_money']; $db->query("UPDATE users SET money=money+$m WHERE userid=$userid"); print " You gained \$$m for beating the challenge bot {$r['username']}"; $db->query("INSERT INTO challengesbeaten VALUES($userid, {$r['userid']})"); } } } } } else { print "You beat no one. Kudos!"; } $h->endpage(); } function leave() { global $ir,$db,$h,$userid; $atkpage=1; $_SESSION['attacking']=0; $ir['attacking']=0; $db->query("UPDATE `users` SET `attacking`=0 WHERE `userid`=$userid"); $od=$db->query("SELECT `userid`, `username`, `hp`, `gang`, `level`, `user_level` FROM users WHERE userid={$_GET['ID']}"); if($_SESSION['attackwon'] != $_GET['ID']) { die ("Yep, cheating will land you in jail."); } if($db->num_rows($od)) { $r=$db->fetch_row($od); $gq=$db->query("SELECT `gangID`, `gangRESPECT` FROM gangs WHERE gangID={$r['gang']}"); $ga=$db->fetch_row($gq); if($r['hp'] == 1) { echo "Lets not cheat now.."; } else { print "You beat {$r['username']} down"; $qe=$r['level']*$r['level']*$r['level']; $expgain=rand($qe/3,$qe); $expperc=(int) ($expgain/$ir['exp_needed']*100); echo "and gained $expperc% EXP! Feeling generous, after you stomp {$r['username']} to the ground you drive him to his local hang-out and kick him out of the car. Let his friends drive him to the hospital."; $hosptime=rand(10,20); $db->query("UPDATE users SET exp=exp+$expgain WHERE userid=$userid"); $db->query("UPDATE users SET hp=1,hospital=$hosptime,hospreason='Stomped by <a href=\'viewuser.php?u={$userid}\'>{$ir['username']}</a>' WHERE userid={$r['userid']}"); event_add($r['userid'],"[url='viewuser.php?u=$userid']{$ir['username']}[/url] beat you down and dropped you off in your hood. How embarassing for your click.",$c,'combat'); $atklog=mysql_real_escape_string($_SESSION['attacklog']); $db->query("INSERT INTO attacklogs VALUES('',$userid,{$_GET['ID']},'won',unix_timestamp(),-2,'$atklog');"); $_SESSION['attackwon']=0; $warq=$db->query("SELECT * FROM gangwars WHERE (warDECLARER={$ir['gang']} AND warDECLARED={$r['gang']}) OR (warDECLARED={$ir['gang']} AND warDECLARER={$r['gang']})"); if ($db->num_rows($warq) > 0) { $war=$db->fetch_row($warq); $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT-3 WHERE gangID={$r['gang']}"); $ga['gangRESPECT']-=3; $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT+3 WHERE gangID={$ir['gang']}"); print " You earnt 3 respect for your gang!"; }//Gang Kill if ($ga['gangRESPECT']<=0 && $r['gang']) { $db->query("UPDATE users SET gang=0 WHERE gang={$r['gang']}"); $db->query("DELETE FROM gangs WHERE gangRESPECT<='0'"); $db->query("DELETE FROM gangwars WHERE warDECLARER={$ga['gangID']} or warDECLARED={$ga['gangID']}"); } $npcs=array( ); if($r['user_level']==0) { $q=$db->query("SELECT * FROM challengebots WHERE cb_npcid={$r['userid']}"); if ($db->num_rows($q)) { $cb=$db->fetch_row($q); $qk=$db->query("SELECT * FROM challengesbeaten WHERE userid=$userid AND npcid={$r['userid']}"); if(!$db->num_rows($qk)) { $m=$cb['cb_money']; $db->query("UPDATE users SET money=money+$m WHERE userid=$userid"); print " You gained \$$m for beating the challenge bot {$r['username']}"; $db->query("INSERT INTO challengesbeaten VALUES($userid, {$r['userid']})"); } } } } } else { print "You beat no one. Good job."; } $h->endpage(); } function injure() { global $ir,$userid,$db,$h; $atkpage=1; $_SESSION['attacking']=0; $ir['attacking']=0; $db->query("UPDATE users SET attacking=0 WHERE userid=$userid"); $od=$db->query("SELECT `username`, `userid`, `hp`, `gang`, `user_level` FROM users WHERE userid={$_GET['ID']}"); if($_SESSION['attackwon'] != $_GET['ID']) { die ("Do not attempt to cheat the system. Doing so will get you thrown in the Federal Jail."); } if($db->num_rows($od)) { $r=$db->fetch_row($od); $gq=$db->query("SELECT `gangID`, `gangRESPECT` FROM gangs WHERE gangID={$r['gang']}"); $ga=$db->fetch_row($gq); if($r['hp'] == 1) { print "Do not attempt to cheat the system. Doing so will have you thrown in the federal jail permanently."; } else { echo "{$r['username']} stood absolutely no chance. After a few finishing kicks to their face you decide to leave this one as a message to others!! You quickly stuff {$r['username']} into the trunk of a near-bye vehicle. After a quick hotwire you maneuver the car to {$r['username']}\'s hometown. Upon arrival you hop out and dump his motionless body in the streets for all his friends to see that you are a force to be reckoned with. One quick glance around to insure no one else wants a piece of you and you begin your journey back to the crib."; $hosptime=rand(10,25)+floor($ir['level']/2); $db->query("UPDATE users SET hp=1,hospital=$hosptime,hospreason='Beat Down by <a href=\'viewuser.php?u={$userid}\'>{$ir['username']}</a>' WHERE userid={$r['userid']}"); event_add($r['userid'],"[url='viewuser.php?u=$userid']{$ir['username']}[/url] beat you down and sent you to the hospital.",$c); $atklog=mysql_real_escape_string($_SESSION['attacklog']); $db->query("INSERT INTO attacklogs VALUES('',$userid,{$_GET['ID']},'won',unix_timestamp(),-1,'$atklog');"); $_SESSION['attackwon']=0; $warq=$db->query("SELECT * FROM gangwars WHERE (warDECLARER={$ir['gang']} AND warDECLARED={$r['gang']}) OR (warDECLARED={$ir['gang']} AND warDECLARER={$r['gang']})"); if ($db->num_rows($warq) > 0) { $war=$db->fetch_row($warq); $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT-3 WHERE gangID={$r['gang']}"); $ga['gangRESPECT']-=3; $db->query("UPDATE gangs SET gangRESPECT=gangRESPECT+3 WHERE gangID={$ir['gang']}"); print " You earnt 3 respect for your gang!"; }//Gang Kill if ($ga['gangRESPECT']<=0 && $r['gang']) { $db->query("UPDATE users SET gang=0 WHERE gang={$r['gang']}"); $db->query("DELETE FROM gangs WHERE gangRESPECT<='0'"); $db->query("DELETE FROM gangwars WHERE warDECLARER={$ga['gangID']} or warDECLARED={$ga['gangID']}"); } if($r['user_level']==0) { $q=$db->query("SELECT `cb_money` FROM challengebots WHERE cb_npcid={$r['userid']}"); if ($db->num_rows($q)) { $cb=$db->fetch_row($q); $qk=$db->query("SELECT * FROM challengesbeaten WHERE userid=$userid AND npcid={$r['userid']}"); if(!$db->num_rows($qk)) { $m=$cb['cb_money']; $db->query("UPDATE users SET money=money+$m WHERE userid=$userid"); print " You gained \$$m for beating the challenge bot {$r['username']}"; $db->query("INSERT INTO challengesbeaten VALUES($userid, {$r['userid']})"); } } } } } else { print "Congratulations, yout beat up your invisible friend. Lay off the crack!"; } } $h->endpage(); ?>   Now open up attack.php find the bit where it asks if you want to Mug/Hospitilize/Leave the user. Overwrite the 3 form inserts with these   <form action="attfinish.php?action=rob&ID='.$_GET['ID'].'" method="post"><input type="submit" value="Rob" /></form><form action="attfinish.php?action=injure&ID='.$_GET['ID'].'" method="post"><input type="submit" value="Injure Them" /></form> <form action="attfinish.php?action=leave&ID='.$_GET['ID'].'" method="post"><input type="submit" value="Leave them" /></form>   again, any probs, let me know. i'll fix asap.

The original obviously :P sorry   I just took the basic send crystals/sendbank/sendcyber/sendmoney off the base engine and stuck them into 1 file with a bit of security nothin major.

It better not! ^_- thanks.     Done, Original post updated.