Joshua

********************EDITED************************* ************This mod has been updated to include adding messages when sending money/crystals etc. ****************** Ok, so it always bugged me that there were 4 scripts for something 1 script could do. not to mention i hate having a "cluttered" public_html root. So I have started merging all files that can be merged and sticking others in certain function folders I made. This just took me about an hour or so to do so I figure I'd release it as it's been awhile since I've released anything for free :P   This is Send Bank, Send Cyber, Send Crystals, Send Cash All in One script. Only need to create 1 File and edit one file. lets get started. First create a file called Send.php <?php /******This Mod Made By Immortal Thug*********** *******Please Leave this Notice********************** *******Free for members of MWG*********************** ****************************************************/ require_once("globals.php"); $_GET['ID'] = isset($_GET['ID']) && is_numeric($_GET['ID']) ? abs(@intval($_GET['ID'])) : false; $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; $_POST['points'] = abs(@intval($_POST['points'])); $_POST['msg'] = str_replace(array("\n"),array(" "),strip_tags(htmlentities($_POST['msg']))); $_POST['msg'] = mysql_real_escape_string($_POST['msg']); switch($_GET['action']) { case "sendbank": sendbank(); break; case "sendoff"; sendoff(); break; case "sendcash"; sendcash(); break; case "sendpoints"; sendpoints(); break; } if (!in_array($_GET['action'], array('sendbank', 'sendoff', 'sendcash', 'sendpoints'))) { echo "Operation not understood!"; exit; } function sendbank() { global $db,$h,$ir,$userid; if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } else if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending money to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } else { $it=$db->query("SELECT `userid`, `bankmoney`, `lastip` FROM users WHERE userid={$_GET['ID']}"); $er=$db->fetch_row($it); if($er['bankmoney']==-1 || $ir['bankmoney']==-1) { echo "Sorry,you or the person you are sending cash to does not have a bank account. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_POST['points']) { if($_POST['points'] > $ir['bankmoney']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } else { $db->query(sprintf("UPDATE `users` SET `bankmoney`=`bankmoney`-%u WHERE `userid`=%d", $_POST['points'], $userid)); $db->query(sprintf("UPDATE `users` SET `bankmoney`=`bankmoney`+%u, `new_mail`=`new_mail`+1 WHERE `userid`=%d", $_POST['points'], $_GET['ID'])); $db->query("INSERT INTO mail VALUES ('',0,$userid,{$_GET['ID']},unix_timestamp(),'Wire Transfer','{$_POST['msg']}')"); echo "Your Bank Transferred \$".number_format($_POST['points'])." to ID ".number_format($_GET['ID'])."."; event_add($_GET['ID'],"You received \$".number_format($_POST['points'])." into your bank account from ".stripslashes($ir['username'])."."); $db->query("INSERT INTO bankxferlogs VALUES ('', $userid, {$_GET['ID']}, {$_POST['points']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}', 'bank')"); } } $h->endpage(); exit; else { print "<h3>Bank Xfer</h3> You are sending bank money to ID: [b]{$_GET['ID']}[/b]. You have [b]\$".number_format($ir['bankmoney'])."[/b] you can send. <form action='sendbank.php?action=sendbank&ID={$_GET['ID']}' method='post'> Money: <input type='text' name='points' /> <input type='submit' value='Send' /> Message: <input type='text' name='msg' /></form>"; } } } $h->endpage(); function sendoff() { global $db,$ir,$h,$userid; $_POST['msg'] = str_replace(array("\n"),array(" "),strip_tags(htmlentities($_POST['message']))); if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } else if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending money to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } else { $it=$db->query("SELECT `userid`, `cybermoney`, `lastip` FROM users WHERE userid={$_GET['ID']}"); $er=$db->fetch_row($it); if($er['cybermoney']==-1 || $ir['cybermoney']==-1) { echo "Sorry,you or the person you are sending cash to does not have an off-shore account. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_POST['points']) { if($_POST['points'] > $ir['cybermoney']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } else { $db->query(sprintf("UPDATE `users` SET `cybermoney`=`cybermoney`-%u WHERE `userid`=%d", $_POST['points'], $userid)); $db->query(sprintf("UPDATE `users` SET `cybermoney`=`cybermoney`+%u, `new_mail`=`new_mail`+1 WHERE `userid`=%d", $_POST['points'], $_GET['ID'])); $db->query("INSERT INTO mail VALUES ('',0,$userid,{$_GET['ID']},unix_timestamp(),'Cyber Transfer','{$_POST['msg']}')"); echo "You CyberBank Transferred \$".number_format($_POST['points'])." to ID ".number_format($_GET['ID'])."."; event_add($_GET['ID'],"You received \${$_POST['points']} into your cyber bank account from ".stripslashes($ir['username'])."."); $db->query("INSERT INTO bankxferlogs VALUES ('', $userid, {$_GET['ID']}, {$_POST['points']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}', 'cyber')"); } } $h->endpage(); exit; else { echo "<h3>Off-Shore Xfer</h3> You are sending off-shore bank money to ID: [b]{$_GET['ID']}[/b]. You have [b]\$".number_format($ir['cybermoney'])."[/b] you can send. <form action='sendcyber.php?action=sendoff&ID={$_GET['ID']}' method='post'> Money: <input type='text' name='points' /> <input type='submit' value='Send' /> Message: <input type='text' name='msg' /></form>"; } } } $h->endpage(); function sendpoints() { global $db, $userid, $h, $ir; $_POST['msg'] = str_replace(array("\n"),array(" "),strip_tags(htmlentities($_POST['message']))); if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } else if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending points to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } else { if($_POST['points']) { if($_POST['points'] > $ir['crystals']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } else { $db->query(sprintf("UPDATE `users` SET `crystals`=`crystals`-%u WHERE `userid`=%d", $_POST['points'], $userid)); $db->query(sprintf("UPDATE `users` SET `crystals`=`crystals`+%u, `new_mail`=`new_mail`+1 WHERE `userid`=%d", $_POST['points'], $_GET['ID'])); $db->query("INSERT INTO mail VALUES ('',0,$userid,{$_GET['ID']},unix_timestamp(),'Incoming points','{$_POST['msg']}')"); echo "You sent ".number_format($_POST['points'])." points to ID ".number_format($_GET['ID'])."."; event_add($_GET['ID'],"You received {$_POST['points']} points from ".stripslashes($ir['username'])."."); $it=$db->query("SELECT `lastip` FROM `users` WHERE `userid`={$_GET['ID']}"); $er=$db->fetch_row($it); $db->query("INSERT INTO crystalxferlogs VALUES ('', $userid, {$_GET['ID']}, {$_POST['points']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}')"); } } $h->endpage(); exit; else { echo "<h3> Sending Points</h3> You are sending points to ID: [b]{$_GET['ID']}[/b]. You have [b]".number_format($ir['crystals'])."[/b] points you can send. <form action='send.php?action=sendpoints&ID={$_GET['ID']}' method='post'> Points: <input type='text' name='points' /> <input type='submit' value='Send' /> Message: <input type='text' name='msg' /></form>"; print "<h3>Latest 5 Transfers</h3> <table width=75% border=2> <tr style='background:gray'> <th>Time</th> <th>User From</th> <th>User To</th> <th>Amount</th> </tr>"; $q=$db->query("SELECT cx.*,u1.username as sender, u2.username as sent FROM crystalxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5"); while($r=$db->fetch_row($q)){ if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; } print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sender']} [{$r['cxFROM']}] </td><td>{$r['sent']} [{$r['cxTO']}] </td> <td> {$r['cxAMOUNT']} points</td> </tr>"; } print "</table>"; } } } $h->endpage(); function sendcash() { global $db, $ir, $userid, $h; $_POST['msg'] = str_replace(array("\n"),array(" "),strip_tags(htmlentities($_POST['message']))); $_POST['cash'] = abs(@intval($_POST['cash'])); if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } else if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending cash to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } else { if($_POST['cash']) { if($_POST['cash'] > $ir['money']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } else { $db->query(sprintf("UPDATE `users` SET `money`=`money`-%u WHERE `userid`=%d", $_POST['cash'], $userid)); $db->query(sprintf("UPDATE `users` SET `money`=`money`+%u, `new_mail`=`new_mail`+1 WHERE `userid`=%d", $_POST['cash'], $_GET['ID'])); $db->query("INSERT INTO mail VALUES ('',0,$userid,{$_GET['ID']},unix_timestamp(),'Incoming Money','{$_POST['msg']}')"); echo "You sent \$".number_format($_POST['cash'])." to ID ".number_format($_GET['ID'])."."; event_add($_GET['ID'],"You received \${$_POST['cash']} from {$ir['username']}."); $it=$db->query("SELECT `lastip` FROM `users` WHERE `userid`={$_GET['ID']}"); $er=$db->fetch_row($it); $db->query("INSERT INTO cashxferlogs VALUES ('', $userid, {$_GET['ID']}, {$_POST['cash']}, unix_timestamp(), '{$ir['lastip']}', '{$er['lastip']}')"); $h->endpage(); exit; } } else { print "<h3> Sending Money</h3> You are sending money to ID: [b]{$_GET['ID']}[/b]. You have [b]\$".number_format($ir['money'])."[/b] you can send. <form action='send.php?action=sendcash&ID={$_GET['ID']}' method='post'> Amnt: <input type='text' name='cash' /> <input type='submit' value='Send' /> Message: <input type='text' name='msg' /></form>"; print "<h3>Latest 5 Transfers</h3> <table width=75% border=2> <tr style='background:gray'> <th>Time</th> <th>User From</th> <th>User To</th> <th>Amount</th> </tr>"; $q=$db->query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid WHERE cx.cxFROM=$userid ORDER BY cx.cxTIME DESC LIMIT 5"); while($r=$db->fetch_row($q)) { if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; } print "<tr> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>{$r['sender']} [{$r['cxFROM']}] </td><td>{$r['sent']} [{$r['cxTO']}] </td> <td> \${$r['cxAMOUNT']}</td> </tr>"; } print "</table>"; } } } $h->endpage(); ?>   Next open up viewuser.php Find sendbank/sendcash/sendcrys/sendcyber.php Replace those links with these   [url="send.php?action=sendcash&ID='.$r['userid'].'"]Send Cash[/url] [url="send.php?action=sendpoints&ID='.$r['userid'].'"]Send Points[/url] [url="send.php?action=sendbank&ID='.$r['userid'].'"]Bank Xfer[/url] [url="send.php?action=sendoff&ID='.$r['userid'].'"]SendCyber[/url]   Bit of security added to it and just neatened up a bit. Tested and fully works on my re-coded engine, only thing that has been altered from my verison was the table names

Yep, lets all hold hands and sing a long. >,<

Yep I gotcha :) Like I said, not ridiculing, as I look at myself just a few months ago :P we all progress :P(hopefully)

AH, did you work on Underworldwar.com ? ^_-

Just pointing something out that's been bugging me :p I'm sure he's much better now ^_-

:P Alabama, not to bust a bubble on ya but one of th games you coded for back in the day was a hack waiting to happen =P I seen things like... $integer=mysql_real_escape_string($integer); $integer=stripslashes($integer); $integer=abs((int) $integer); Then other places where the $_POSTS and $_GETS were wide open with no security =P Granted it was a long time ago but before you say no games were ever hacked.... ^_-

Convicted-City was basically a stolen layout used off Lazy-T's little brother Casey. Decio stole several layouts and they just changed a few words around to fit Convicted City. The 2 had a falling out so Decio took his stolen layout to another site :P   The Owner of Convicted City is starting from scratch.   yawn, it's like watching a soap.

ISO age check for these forums. Seriously.     The layout looks absolutely nothing like yours K. It has similarities in that MWG's log-in has similarities. You can only do so many alterations with a square box sitting in front of your face. Gj Bog.

I need .gif type energy/will etc bars that are bloody hit me up if you can make these, willing to pay if need be.

Aye ioncube works to a degree, but then, their are decryptors for that as well. Not saying you can't make it "difficult" but it's never impossible. OH if it were ^_- be so nice.....

No further comments on this mod until you've helped me fully test the new method that appears to work *wink wink nudge nudge* ^_^

Bah Hum Bug. ^_-

Zero the bottom line comes down to this. No matter what you do, or what you make, it will leak out. There isnt a single thing on the net that can't be gotten by someone somewhere. Granted, I do not wish my scripts passed all over the place and some of my unique methods being spread around, but then there is only a matter of trust. I do not know the O.P originally and I do not go off other people down talking them. It's just in my nature, perhaps a flaw, but it's my flaw. Fact of the matter to me is, he was willing to pay for my services, he did pay for my services, and continues to do so. It's called building a client base. Not all clients will be liked by everyone and not all clients will like other clients. Just the way the world turns. I would hope my scripts would not be re-distributed but that's why my coding is ...a bit unique. Messy...oh yes..messy but being messy actually makes it a royal pain to compile together and re-distribute. Take for example my class mod. Unless you know exactly how it works, passing it out is a pain in the butt. Usually I install the mod myself, so there are very very few write-ups floating around and even they are bugged. I do this so that the last few patches to make it work come from me via an msn chat or other.   Shrugz, I'm not trying to cut anyone out at the knees, I've said this before. I am a bit cheaper than most currently because i am not as good as yourself, or MTG. I do what I can and it tends to work, so far, and I do work. Erego, tho I'm not the best I am working and it does work though perhaps not as good as something your or MTG may code up twice as fast. When I get better, my prices will go up, and so on and so forth.

MTG i have your Cmarket if you want me to post it up here for ya.

Few things 1. This isnt "session hi-jacking" I was wrong. 2. These fixes will not fully stop the hack. Refer to crimegames comment.

I am looking for a graphics guru to do a small thing for me. I am needing Stat Bars---That are sudo animated like some that I've seen. I am wanting them game oriented. So i'm looking for something bloody. Perhaps bubbling vials of blood or something shrugz. Willing to pay for this :)

^ what he said.

Zero doesnt like being called Zero Affect, it HAS to be an E ^_- hehe

I had a better one for sale >,< Worked off a time frame. You could set how longs last, and after the job was completed they'd have to take another job :O

Been working on something of the sorty myself >,<

Zedd I told him the same thing in PM's >,< Told him how to make it to :|

woops >,< mysql_query -- $db->query ___________ mysql_num_rows -- $db->num_rows ________________ mysql_fetch_row -- $db->fetch_row ________________   Also helps to add, go into all your functions where you have global $ir,$c etc etc etc, And add $db

He's not lying, i have the same package, the only diff is it isnt "integrated" into mccodes. ^_-   He sent it to me earlier this evening after he saw this post =p

- Admin panel for casino management (enable/dissable games, ante prizes, wining probability)   Where is this?

Hm, Very hard to beleive you've already sold 7 copies of this......... Perhaps have some of your buyers post here on it's success