Joshua

It is a "mccodes" mod :p lets keep it realistic >< lol lookin like pokerstars.net what's next, the ability to play for real money?   ooooo......that may be an idea ;) lol

Donation pages for starters ><

I'm going to make this ELITE Seany Bob mod. Users will have to pay 400.00 a month for this mod, but it will make any mod you want.   =p

AHH damnit lol You're really going to make me rob the wife for the money to buy this >< lol

Yep, just drop me a pm i check boards frequently. "more so than my email" go figure ^_-

If you need any help or testers to help you find bugs Seany, give me a buzz i'm always around somewhere =)

LOL complete re-code ahh screams >,< To do that on ID...good lord lol.....

"The" recent hack you are referring to turned out to be a Cpanel cracker on the guys computer. Not to mention I hadnt even secured that site yet, not that it would have stopped a Cpanel attack from his own computer =P

Thanks for the "indirectiveness" there Zero ;-)

Not much in Header to secure. IP variable and perhaps a $_GET=abs type variable. You could add a few functions "in" header but it's a lot better to secure your scripts individually as those are what become exploited :)

So long as at least one person gains something from this it was worth typing out :P Congratulations on your accomplishments so far :)

I dont wish for this to discourage anyone only to eliminate the same posts we see day in and day out ><

I know this isn't a "mod" so to speak but I still feel that this is the right section for this. To start off, let me acknowledge that I in no way shape or form am a "pro". I have dedicated a large quantity of my time to learning php/mysql using McCodes as I can and wanted to learn. I am bored and figured I'd do a quick "intro"/write-up ordeal in an effort to stop a large quantity of highly annoying requests found on these forums daily.   First and foremost, let me say if you have absolutely no knowledge in any computer language I highly suggest you take the time to practice some basics and learn your way around. Is this necessary? No, some of us, myself included learn by trial and error. But it is a suggestion.   Second, before you install your engine of choice I highly suggest you browse the forums to find which you may want to purchase/use. Lite Version of McCodes is very simple, and I'd recommend people using this first hand to get aquainted with how the coding works. V1 is 75? i beleive where as v2 is roughly 300.00. Don't expect to spend 300.00 on the best version and make that money back, some , most, tend to lose this money so read up before you make any big plans.   Granted one would expect that after paying 300.00 for the V2 engine it would come fully customizeable and secure. However, this apparently isnt the case if you actually took the time to browse the forums or hell, even google. The common mistake most game owners make now is they delve right into the engine and learn first how to install modifications to their game. While this comes in handy, it's a bass ackwards way of doing things and will ultimately lead to your site failing. The reason being, you focus so much on getting it up and on-line to make that quick buck most totally overlook the security end of the engine. Which is where we go from here. The very first thing you should do upon installing this engine is Disable your Register and Remove the installer.php file. This will keep your game safe while you work on your current project. Then I'd suggest browsing the Forums a bit and learning how to stop the following hacks $IP variable----Secure this Variable in Authenticate/Global_func.php/Register.php/Header.php and possibly login.php. This stops a common firefox add-on hack. SESSION hi-jack---This is found a few differant ways and should also be secured, by browsing the forums you can find a few differant ways to stop this as well. Cmarket/Forums---A common exploit that can be found on google by any tom dick and harry allows large game exploits. This leads into another problem with the mccodes engine. In each script you want to check and make sure your $_GET and $_POST variables are secured. If you arent sure how to do this there are many differant posts you can find on these forums that will guide you in the right direction, the REST is UP to you. If you do not have or do not wish to invest the time into learning this, Do not start a game, Or find someone that does this for a living and pay them to do it for you, again, spend money to make money. Preferances hack. Using a common script that comes with McCodes users are able to to use a certain code in the script in their display picture. When an Admin views it, it treats the hack as an Image and the Admin automatically does what the script does w/o his knowledge making the hacker an Admin. Again, the fix for this can be found on these forums if you but invest the time to search for it. Player Report, Using a meta tag in player report and the display picture bit, a user accomplishes the same thing found in display pic, this is also used on the forums at times as well. You may also want to give your register a looksy and find the $_GET['REF'] Variable and use the abs bit to secure there as well. By now you have no doubt noticed the engine is highly unsecure and no longer recommended even for those that know what they are doing. This is by no means saying it's "not" secureable, but it takes a large quantity of time to secure it properly.   This should be done, first and foremost over anything else. Do not dive in, add mods use a few quick fixes for common exploits then hope your game will succeed. If you want something to succeed, you make it succeed.   Do not post here every 2 seconds asking someone to completely re-code a script for you. Many times I see someone request help on a certain script and that's not a problem. People here gladly help you out when they can. However occasionally I myself will see the same person post 20 times 20 differant full length scripts and want them all done for him. This shows me that this person has no desire to learn and has realized he can just have someone here do it for free while he sits back and tries to get paid for our work. This will quickly hurt your standings with the boards and you will find no one helps you at all.   Once you have security accomplished and set-up you can then move on to purchasing mods. I recommend keeping it game oriented. If you are running a mafia style game it'd be utterly silly for you to have a vampire or werewolf script running. If you are running a vampire werewolf game, it's highly silly to have pimps and drugs frequently mentioned. A lot of things should be re-written and customized to make your game "unique". Without uniqueness it will fail gaurenteed. Do not copy other peoples games, that's a quick way to lose standing and members as well.   Once you have Security in Place and Mods in-place you want to spend a little bit of money on advertising. The best advice I can give you is it is going to cost you some money to make any at all, advertising sites can bring you members. if your game is fun to play and you feel it has potential, do some ad swaps, paid advertising, whatever your methods of getting users is going to be.   To Re-Cap. 1. Decide on an Engine. 2. Research that engine. 3. Setup your site. 4. Secure your site ( OR pay someone to do it for you ) to the best possible ability. 5. Modify your site including (custom layouts, modifications to fit your game and your game only) 6. Advertise Advertise Advertise.   There are many programmers on this board that do paid work for a lot cheaper than you might think. So if you don't have the time or initiative to do it yourself you can always browse through a few posts and find who does what and how good they are at doing it. Do not think you can slap up a stolen copy of an engine and make a quick buck, not only will you fail, but you came to the wrong boards to talk about it. The reason this post contains no "links" to other helpful posts, is because of the initiative bit I referred to earlier. I assure you, if it involves McCodes there is a post about it here somewhere on these forums. If you are to lazy to find it yourself then you will fail at a game. So step up, get to work, and good luck. Hope this helps "someone" ^_-   --Thug

Granted everyone has to start somewhere, the differance is what defines the person starting.   Myself for instance. I started and had no Idea of (criminal existence) at the time. I played with the code for awhile Until i started getting sudo hang of it. Then started using google to find out more about the engine itself. I took initiative and I didnt give up when I couldnt figure something out. Just kept trying until something did work. If I wanted to learn something about a new function i would research until I found out. Then I found CE/Makewebgames and took a giant leap from where I was.   After all this time I see new people posting everyday for help with this or help with that, and to be 100% candid and honest I dont mind helping these new people. The problem arises here. 1. A lot of new people joining up now begging for help arent self motivated. They get an illegal copy of McCodes, They come to this forum once they realize it's not an easy thing to do and expect anyone who can code here to do their sites for free. What they fail to realize is, there are millions of text games out there, most of which are mafia games based off McCodes engine and 90% of all these games fail within a few months. Why? There is no originality to any of them, they all use the exact same mods, half still use the basic layout that comes with McCodes with a few font or background changes, Everyone wants to slap every free mod they find up as soon as possible totally ignoring that above ALL ELSE you should secure your site as best as possible before you even add your first mod.   Before i drag out and rave/rant this forums can be exceptionally helpful to any new game owner. However, if you are looking for a place for someone to do your game for you, you've come to the wrong place. If you learn anything, learn that you should never trust anyone when it comes to your game. Above everything, secure your site first. You can't expect your game to succeed and/or Make money off your site if you cant invest time OR money into it to have it secured as well as have it original. Basic McCodes layouts with all the MWG and google'd mods with little or no Security. === Fail 10 out of 10. Paid Layout with Paid custom mods and security = Chance of Success varying on originality and set-up. 90% of the games out are in the first category.

Np and yw. Above all else make sure your $_GET and $_POST variables are secured on input/output. Stops common exploits/injections I use the @ operator which some argue about it slowing down a site a bit but i've never noticed a huge differance for an integer you have (int) $_POST['integer']) Try making sure that not only is it an Integer but that it's a Postive Integer.   abs((int) $_POST['integer']); or abs(@intval($_POST['integer'])); there are other ways but lets keep it simple :D Hope that helps

You can make an Attack Ladder but you cant add a weapon to the donator page?

Not to horrible few suggestions.   Dont use "die" int isnt going to fully secure the GET variable, use abs int otherwise you deal with +9999999999999999- or -99999999999999 type bugs. $_GET[tea has no security on it at all. If i was at home I'd do a quick recode of it to tidy it up BUT.   Nice Job all together :) Everything is a learning experience :)

lol mtg

Seems like decades ago to me =P However, I was "then" looking for a quick fix to stop people from using it w/o taking the cheap way around it by limiting what people can type in in the display pic. As there are obviously ways around that. Now I re-code it a bit =p

zero did you see when I made this post? lol It's been some time :P

SQL/URL Injections XSS Injections CSRF hacks RFI/LFI(Remote / local File inclusions) Session-Hijack To name the majority.

A little bit of security added, shortened a few queries. Havent had a chance to test, but should work. if not i just missed a ' as i'm on a laptop >,< I hate em :P <?php require_once('globals.php'); if($ir['jail'] or $ir['hospital']) { echo "This page cannot be accessed while in the jail or hospital."; $h->endpage(); exit; } $_GET['action'] = (isset($_GET['action']) && is_string($_GET['action'])) ? htmlentities($_GET['action'], ENT_QUOTES) : FALSE; if(!in_array($_GET['action'], array('borrow','borrowed','repay','repayed','loanshark_main'''))) { echo ('Invalid Request'); } switch($_GET['action']) { case 'borrow': borrow_money_start(); break; case 'borrowed': borrow_money(); break; case 'repay': repay_money_start(); break; case 'repayed': repay_money(); break; default: loanshark_main(); break; } function loanshark_main() { global $ir; $maxloan=$ir['level']*5000; echo"[img=images/loan-shark.jpg] <h3>Vinny Da Shark</h3>"; echo " How ya doin? I hear you are looking to borrow some money! Thats what I am here for. For using me services all I ask for is a small fee of $200 bucks a day. Dont line then GTFO!!! You currently have a loan of \$".number_format($ir['loan'])." The max you can borrow is \$".number_format($maxloan)." - [url='loanshark.php?action=borrow']Borrow Money[/url] - [url='loanshark.php?action=repay']Repay Loan[/url] "; } function borrow_money_start() { global $ir; $maxloan=$ir['level']*5000; echo"The max amount you can borrow is \$".number_format($maxloan)." You currently have a loan of \$".number_format($ir['loan'])." <form action='loanshark.php?action=borrowed' method='post'> Amount: <input type=text value='$maxloan' name=borrowed> <input type=submit value='Borrow'>"; } function borrow_money() { global $ir,$h,$userid; $maxloan=$ir['level']*5000; $loan=$ir['loan']; if ($loan == $maxloan) { echo "You have already taken out the max loan. You must pay it back before you can borrow more > [url='loanshark.php?action=repay']Repay[/url]"; $h->endpage(); exit; } $db->query(sprintf("UPDATE `users` SET `loan`=`loan`+'%u', `money`=`money`+'%u' WHERE `userid`='%d'", abs(@intval($_POST['borrowed'])), abs(@intval($_POST['borrowed'])), ".number_format($userid).")); echo"You Borrowed from the loan shark > [url='loanshark.php']Back[/url]"; } function repay_money_start() { global $ir; echo"You have a loan of \$".number_format($ir['loan'])." <form action='loanshark.php?action=repayed' method='post'> Amount: <input type=text value='".number_format($ir['loan']."' name=repayed> <input type=submit value='Repay'>"; } function repay_money() { global $ir,$userid,$h; if($ir['loan'] <= 0) { echo "You are trying to payback more then u have to > [url='loanshark.php']Back[/url]"; $h->endpage(); exit; } $db->query(sprintf("UPDATE `users` SET `loan`=`loan`-'%u', `money`=`money`-'%u' WHERE `userid`='%d'", abs(@intval($_POST['repayed'])), abs(@intval($_POST['repayed'])), ".number_format($userid).")); echo"You repayed the loan shark > [url='loanshark.php']Back[/url]"; } $h->endpage(); ?>

Yep, several places, forums to ;)

Such a code does not exist. I mean..there are a few that "claim" they do this, but they are just marketing ploys for someone to make a quick buck while you feel safe and really are not. COMMON places known on McCodes that are normally hacked or have severe vulnerable spots in them cmarket.php preferances.php preport.php forums.php userlist.php viewuser.php donator.php itembuy.php Then you have to secure your $IP variable, your Sessions ( so you arent session hi-jacked ), staff password always helps a little, there's no easy quick fix You want your site secured, Research and learn PHP or pay someone to do it for you. wasting 3-5.00 on an all in one security script for header or anything else is just stupid.

Daddy ME I can probably shuffle out 75.00 for it but no way in hell would i sneak 150.00 for it :P wife would have my a**