Joshua

TC what are you on about? Can't stand when people post rude comments w/o any explanation.

the 1 dollar special at BK omfg deal :)

If it wasnt made by you, it was originally a Paid Mod. Meaning you can't sell it or release it for free =P

Are we taking bets that this is not his mod? Probably the old V1 that was converted to V2, not made by him. Sounds like the same amount of files.

Wouldnt be proper to discuss the price now would it =)

Thanks guys, I will correct and agree with Kenji that I am FAR from the best. Each day is a learning process for myself and will continue to be until my keyboard retires. MagicTallGuy, Eternal, ZeroEffect, Pudda to name a few are far superior to myself. In an effort to get my name in the list of security experts i study a lot and try various new things. My coding isnt always as clean as some of these others, but so far as I have seen it gets the job done. This is the main reason I am cheaper than some or all of the above. --Thug

LOL no doubt about that last comment ><

You know what made me decide to fix mccodes for myself? lol Everyone saying it couldnt be secured and "wasn't" worth the hassle So i spent entirely to darn much time ('Were talking months") to get it where it is now >,<   shrugz, we all need a project =P If you're looking for a BIGGGGGGGGGGGGg project get mccodes If you're looking for something that comes secure already, Horizons is nice.

or try the yourgang.php file Secure the Mass Payment $_POST at the very top of Yourgang.php Then try the hack, see if you still get the event

Try and add that to the basic Cmarket only at the top of the page Then try hacks >,<

Bah sorry to steal your glory ^_-   I know that the $_GET should cover the entire page if secured at the top. But I've found it better to secure it in each function as occasionally for reasons unbenknownst to me, it doesnt always secure every call.   Now Zero can have fun =p

Tried this cmarket out, not one i did, and cmarket hack will still work on it. I've seen this several times before on multiple scripts, for various random reasons the $_GET['blah'] should be secured in each function. Try finding a script with multiple functions using the same $_GET and try to exploit each bit using +999999999999-

Ah wasnt following properly. Using wrong terminology. If you slap $_GET = abs(@($_GET at the top For reasons unbenknowns to me it is still not secured in the individual functions. This is why you will see it secured over and over in Each function. I used to think that you could secure it at the top of the function, till i saw differantly >,< That's why simply slapping $_GET['ID'] = abs(@intval($_GET['ID'])); into header won't secure all the GET['ID'] s

globals.php is a super global also However   If that were the case, why do you have to define $db, $ir, etc in each function? ;-)   I have tested this, I promise you, you have to define it in Each Function :-)

Dabom you say it's fine, but I promise you the Cmarket hack would work on this because the GET isnt secured. ^_- As for the actions being secured, it's good practice, and not all injections are sql :)

switch($_GET['action'])   Secure your Switch action, Use a whitelist array. Just a bit extra :)   $q=$db->query("SELECT cm.*, u.* FROM crystalmarke Zero is going to tell you not to select * From the tables, tell it what you want to select :P   $each= abs(intval($r['cmPRICE'] / $r['cmQTY']));   Not needed. If you wanted to secure that tho, try just using ".number_format( wherever it prints out ) "shrugz"   May be just me, i'm sure it is but {$r['username']} I like to stripslashes usernames at bare minimum, usually will htmlentities them to but that kills <font tags   function crystal_buy() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID={$_GET['ID']}");   $_GET ID isnt secure. You have to secure in Each Function. Top of the page security wont cut it here.   Use echo and ' instead of print and " speeds up the script a bit faster, few other output variables that could be a bit better secured, but you're trying so good job :)

Slipped you a Pm

I'd jump all over it Dayo if my wife would let me fork over 50.00 cash to do it :P I find myself surfing google to learn how to do it myself now ><

Anyone able to make a game a Facebook app for cheap? I'm on a budget here =) Perhaps I could swap my services for yours ><

Oooo originality :) Nice mod!

Spend 500+ on security. Well...I just learn myself, saves money. MTG at MOST charges 2-300. 1k+ on a valid template? Hardly......for 1-200.00 you can get a pretty nice one, or again, learn to do it yourself. Spend Two Months fixing it up? Any game should have well more than 2 months working on it, mccodes or not. Shoot yourself? No thanks, i'll leave that to the pros ^_^

Regardless of the vulnerabilities of the MCC engine, people use it. This post is to help them out, sorry you don't like the engine itself. Granted it takes an enormous amount of time to secure even remotely the mcc engine, but it "can" be done.

lol was so waiting on that Ghost :P

Server remote is actually better. If you use MRES , your IP logs will say EVERYONE is a multi. It bugs it a bit. Just using server remote, secures it and ip track works.

lmao.   New Mccodes game! Forget attacking, gamble to your little hearts content! Including live donation system to update your chips! ><