Joshua

Well People do write ups every day just about You really think that someone is going to write it up EVERY SINGLE time someone asks how to do it? get real. Search the boards.

Yeh it is easy for you or me, but aside from taking the time out to do a full write up for all users on how to do it, which i just don't have time right now :\ It's not so easy hehe ;)   Anywho, not trying to argue here, it's just i'm getting to where i see these posts daily and there are dozens if not hundres of posts on where to start on fixing them, Search feature people really :p it's there, just have to spend time looking into it hell in the past few weeks i've posted some basic fixes and where to looks as for a simple statement in header supermod, that's not going to work. You cant stop meta tags in forms with header junk.   You can try, but some idiot is always going to know more than you and figure a way around it. Meta Tags and java boxes are used for tons of stuff   ;) food for thought :O

And to "supermod" If you look on these forums there are MULTIPLE posts I've helped informing users what needs to be done to secure their site. But I've also learned that none of them are going to read them and will keep asking the same post day in and day out what's the one liner to secure my site?   The answer is, there is no such thing. That's why a lot of people charge a lot of money to re-write engines, re-name tables etc. The problem with Mccrap is, everyone knows your table names and this is used for exploitation.

Again Refer to your original post You said it's an "easy" fix. How many users that don't know what they are doing very well can change their user level option to something else? hmm? Especially going through all the files that call for user_level :p It's not so "easy" of a fix. I didnt say it's not stoppable. I said Easy fixes won't stop it, which is what this post was originally about and what people are asking for.   Easy? ;)

You beg to differ, what's your site ;)   Auto Admin isnt entirely easy to stop.. For one, unless you go through and secure every spot for player form input data, i can do it UNLESS you rename your staff_special.php file and all the queries calling to it, which is what i normally do. Then you have to worry about shell uploads into your file manager. Just securing preferances doesnt stop auto admin ;) I can get auto admin through about 19 differant mods.

As right now this this and creating mods is what I'm doing to make money, i'll offer some free advice :) There is no patch that will secure your game. You can search the forum and stop the original Cmarket and Forums hack. You can search the forum and stop the IP hack. I even got some people posting on how to stop the Display Picture hack. However...Secure all 3 of those, and I still bet you money within 2 minutes I could become an admin on your site, re-direct your site, and give you about 100k NPC bot users.   Sadly, there is no quick fix. Anyone who tells you they have a script for your *header* that will secure it doesnt know a lick about PHP. Good luck with your site, and learning PHP.

From the things i'm hearing, gambino is a fraud who sells old mods he claims as his own anyways. Shrugz, let him do your site, i'll come hack it when he's done to prove his "sql injection protection" script is crap ;)

It isnt a horrible idea, As now he has someone "me" to test it and give opinions. Once i get it functioning in my modified scripts >< I'll post feed back :P

8 Sets of this Mod left.

ooh ooh freebie plz :) I'll let you be the first tester of my elite new mod ;)   Fixed Richards Business mod to work 100% and mixed it together with the stock market So now, when business is booming in cash, stocks go up, and vice versa :-)

Very nice addition :) Thank you :)

Ok, so I'm trying to make a Stock Market intermingle with a Business mod. I'm wanting the Stock to go UP or Down depending on Members in the Business mod. i.e the more members, the higher the stock goes, very few members the stock goes down. Thinking of sticking this in the Hour Cron and removing the old Stock Cron from the 5 minute for less queries. My problem is, I think this will work, BUT i'd have to make an Individual Call to EACH business Class and Update Stock accordingly, and I see no way to shorten it :\ So, here's the code, you tell me what you think, if it'll work, if not why :P   <?php include "config.php"; global $_CONFIG; if($_GET['code'] != $_CONFIG['code']) { die(""); } define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; global $c; $db->query("UPDATE users SET hospital=hospital-1 WHERE hospital>0"); $db->query("UPDATE users SET fedjail=0 WHERE user_level=2"); $db->query("UPDATE settings SET conf_value='$jc' WHERE conf_name='jail_count'"); $db->query("UPDATE `users` SET jail=jail-1 WHERE `jail` > 0"); $db->query("UPDATE `users` SET `protection`=MAX('0', `protection`-'1') WHERE `protection` > '0'"); $db->query("UPDATE settings SET conf_value='$hc' WHERE conf_name='hospital_count'"); $hc=$db->num_rows($db->query("SELECT userid FROM users WHERE hospital > 0")); $jc=$db->num_rows($db->query("SELECT userid FROM users WHERE jail > 0")); $business = mysql_query("SELECT busId FROM `businesses`"); while($bus = mysql_fetch_assoc($business)) { if($bus['busCash'] > 5000000 && $bus['busClass'] == 4) { mysql_query("UPDATE `stock_stocks` SET `stockUD` = 1, `stockCHANGE` = 20, `stockNPRICE` = (`stockNPRICE` + 20) WHERE `stockID`= 3); } if($bus['busCash'] > 25000000 && $bus['busClass'] == 4) { mysql_query("UPDATE `stock_stocks` SET `stockUD` = 1, `stockCHANGE` = 30, `stockNPRICE` = (`stockNPRICE` + 30) WHERE `stockID`= 3); } else { mysql_query("UPDATE `stock_stocks` SET `stockUD` = 2, `stockCHANGE` = 10, `stockNPRICE` = (`stockNPRICE` - 10) WHERE `stockID`= 3); } } include_once('global_func.php'); $sel = mysql_query("SELECT stockID,stockNAME FROM `stock_stocks` WHERE `stockNPRICE` < 0"); while($soc = mysql_fetch_assoc($sel)) { if(mysql_num_rows(mysql_query("SELECT holdingID FROM `stock_holdings` WHERE `holdingSTOCK` = ".$soc['stockID']))) { $user = mysql_query("SELECT holdingUSER FROM `stock_holdings` WHERE `holdingSTOCK` = ".$soc['stockID']); $user = mysql_fetch_assoc($user); event_add($user['holdingUSER'], 'Stock '.$soc['stockNAME'].' crashed, you lost all your shares.'); } mysql_query("DELETE FROM `stock_holdings` WHERE `holdingSTOCK` = ".$soc['stockID']); mysql_query("UPDATE `stock_stocks` SET `stockUD` = 1,`stockCHANGE` = 0,`stockNPRICE` = `stockOPRICE` WHERE `stockID` = ".$soc['stockID']); } ?>

Question Does this also have the option to Give Out Donator packs you've created, and if not, does it Auto Give the DP when they purchase? Thanks.

havent had a chance to go over it, but looks like a nice addition to karlos mod. bare in mind a lot of users on these boards are just starting off, so helps to post the actual SQLS needed for ease ;-) ie INSERT INTO jobsrank jrWORK_EXPG (int)11 ?? not null? default 0 ? :P n your jobrank.sql find: jrSTRG add below: jrWORK_EXPG

that would be why i'm asking :)

what kind of header you got there jambo? ;)

So I had the Idea the other night A Most Wanted level and The Ability to Turn users in if you beat them in Attack. The users must go to court, hire lawyers(player lawyers) for money. A Crime Rating system that states what crimes they have committed and how many strikes they have. Could base this off of everything in the game. i.e if they attack someone, they could catch a misdemeanor. If they attempt an sql hack it could earn them a felony. Failing or succeeding certain things "like crack the vault" would increase their wanted level.   Their could be Rewards ---Like Americas Most Wanted--- For catching and turning in known criminals etc What do you think? Anyone up for it? :)

Ah just saw you wanted to know in your sigz n stuff :p k

9 Sets of this Mod left.

This mod includes.   --Your choice of Several Differant Race/Character Classes. --Each Characther class starts with Individual Users Stats *of your choice* and a Starting City *of your choice* --Weapons, Armor, Items, Mods can all be Race Restricted. --Injection Mod *goes hand in hand with race mod* If you are attacked and Lose, the race depending on what you wish, will have the option of Injecting the loser of the fight with a Drug or Disease. Depending on how you want this to work, The Person injected can Immediately Lose stats, Lose stats Slowly per hour or 5 minutes or w/e, Get hospital time x's 500, Tons of other options here, let your imagination run with it :-). UNLESS--They seek out a Vaccine you make to cure them. This vaccine could be in Shops, or perhaps a quest item again, let your imagination run :-) --Race Option added In staff panel so you can easily edit items etc w/o having to go through the Cpanel --Starter City for Each characther class that only That Class can go to, (more of a safety city for that class) --Race Oriented Links etc Appear only for certain races ( I use it for Race Specific Story-line and a few other things).   If you wish to purchase this mod the price will be set at 30.00 USD. I will Install Everything to your Liking for 45.00 USD. Otherwise I will just inform you how to do it via Email or Pm's or w/e your choice is. I am only Selling 10 Of these mods. As i dont want everyone having it :p You can make payments via [paypal][email protected][/paypal] Once I receive payment, we'll begin :) This mod includes. Register Edit. Header Edit. Explore Edit. SQL Entries. Staff_Items Edit. Itembuy Edit Itemuse Edit Equip armor/weapon Edit much more to that degree. Most of the other files are simple edits.

Unfortunately his entire game is leaky, pref, preport, breport, forums, etc the list goes on Helping him get some fixes down so it won't happen again easily. Funny story to this---Was testing his game for loop holes when he was logged on and we were testing everything So used a few meta tag hack re-directs to see if they'd work They did, so we started repairing. Well, he never removed the re-directs so certain parts of his site were re-directing to mine, now his "assistant" who is unaware of the situation, thinks I am hacking his game and starts spamming on mine :P This will be fun when the owner logs back on :P Giving free help and get spammed on my forums ><

I've been wanting that type of mod for my game forever I figured instead of just waiting for someone to make it for me i'd go ahead and do it :P

Iso, Add my MSN [email protected] I know of someone illegally selling your mods.

Edited Out.

AS promised, I have went through, Revised and Secured my original Script to the best of my ability. This is 100% Functional on my site and has all Add-Ons in this post here, as I update it if anything changes. I spent some time on this, so I hope you enjoy 🙂 INSERT INTO Cron_Day.php $db->query("UPDATE users SET safetries = 10 WHERE safetries < 10"); SQL's CREATE TABLE IF NOT EXISTS `cracksafe` ( `sname` varchar(255) NOT NULL default '0', `pot` int(11) NOT NULL default '0', `pot2` int(11) NOT NULL default '0', `pot3` int(11) NOT NULL default '0', `winnings` int(11) NOT NULL default '0', `winnings2` int(11) NOT NULL default '0' ) ENGINE=MyISAM DEFAULT CHARSET=latin1; CREATE TABLE IF NOT EXISTS `cracksafe2` ( `sname` varchar(255) NOT NULL default '0', `pot` int(11) NOT NULL default '0', `pot2` int(11) NOT NULL default '0', `pot3` int(11) NOT NULL default '0', `winnings` int(11) NOT NULL default '0', `winnings2` int(11) NOT NULL default '0' ) ENGINE=MyISAM DEFAULT CHARSET=latin1; CREATE TABLE IF NOT EXISTS `cracksafe3` ( `sname` varchar(255) NOT NULL default '0', `pot` int(11) NOT NULL default '0', `pot2` int(11) NOT NULL default '0', `pot3` int(11) NOT NULL default '0', `winnings` int(11) NOT NULL default '0', `winnings2` int(11) NOT NULL default '0' ) ENGINE=MyISAM DEFAULT CHARSET=latin1; ALTER TABLE `users` ADD `safetries` int(11) NOT NULL default '10' INSERT INTO cracksafe SAFE SQL's INSERT INTO `cracksafe` (`sname`, `pot`, `pot2`, `pot3`, `winnings`, `winnings2`) VALUES ('1', 211, 12, 5, 100000, 100); INSERT INTO cracksafe2 SAFE SQL's INSERT INTO `cracksafe2` (`sname`, `pot`, `pot2`, `pot3`, `winnings`, `winnings2`) VALUES ('1', 835, 17, 2, 500000, 300); INSERT INTO cracksafe3 SAFE SQL's INSERT INTO `cracksafe3` (`sname`, `pot`, `pot2`, `pot3`, `winnings`, `winnings2`) VALUES ('1', 972, 14, 3, 100000, 500); ALTER TABLE `cracksafe` ADD `attempts_1` INT(11) NOT NULL DEFAULT '0'; ALTER TABLE `cracksafe2` ADD `attempts_2` INT(11) NOT NULL DEFAULT '0'; ALTER TABLE `cracksafe3` ADD `attempts_3` INT(11) NOT NULL DEFAULT '0'; createfile cracksafe.php <?php include_once (DIRNAME(__FILE__) . '/globals.php'); //******************************************************// //***********This Mod Made by ImmortalThug****************// //***************Please Leave This Notice******************// //*******************November 15, 2009******************// //*****************************************************// switch($_GET['action']) { case "index": index(); break; case "safe_1": safe_1(); break; case "safe_2": safe_2(); break; case "safe_3": safe_3(); break; default: index(); break; } function index() { global $ir,$c,$h,$userid,$db; if(isset($_SESSION['view'])) { $_SESSION['view']=$_SESSION['view']+1; } else { $_SESSION['view']=1; } print "Page Views This Session: ".$_SESSION['view']; $safe=$db->query("SELECT * FROM `cracksafe` WHERE `sname`='1'"); $r=$db->fetch_row($safe); $safe=$db->query("SELECT * FROM `cracksafe2` WHERE `sname`='1'"); $r2=$db->fetch_row($safe); $safe=$db->query("SELECT * FROM `cracksafe3` WHERE `sname`='1'"); $r3=$db->fetch_row($safe); $r['winnings']=number_format($r['winnings']); $r2['winnings']=number_format($r2['winnings']); $r3['winnings']=number_format($r3['winnings']); $r['winnings2']=number_format($r['winnings2']); $r2['winnings2']=number_format($r2['winnings2']); $r3['winnings2']=number_format($r3['winnings2']); print " <table width=50% border=1 class=table> <tr align=center> <td colspan=3>Attempts Remaining:</td> <td colspan=2><font size=3><font color=green>[b]{$ir ['safetries']}[/b]</font></font></td> <tr> <th class=h colspan=2>Crack The Safe's</th> <th colspan=2>Pot Amounts</th><th>Tries this round</th> </tr> <tr> <th class=h colspan=2>Safes</th> <th>Cash</th><th>Credits</th><th>Attempts</th> </tr> <tr align=center> <td align=center>Free Safe</td> <td><a href='cracksafe.php?action=safe_1'>Crack</a></td> <td>[b]<font color=green>\${$r ['winnings']}[/b]</font></td> <td>[b]<font color=green>{$r ['winnings2']}[/b]</font></td><td>[b]<font color=green>{$r ['attempts_1']}[/b]</font></td> </tr> <tr align=center> <td align=center>10k Safe</td><td><a href='cracksafe.php?action=safe_2'>Crack</a></td><td>[b]<font color=green>\${$r2 ['winnings']}[/b]</font></td><td>[b]<font color=green>{$r2 ['winnings2']}[/b]</font></td><td>[b]<font color=green>{$r2 ['attempts_2']}[/b]</font></td> </tr> <tr align=center> <td align=center>100k Safe</td><td><a href='cracksafe.php?action=safe_3'>Crack</a></td><td>[b]<font color=green>\${$r3 ['winnings']}[/b]</font></td><td>[b]<font color=green>{$r3 ['winnings2']}[/b]</font></td><td>[b]<font color=green>{$r3 ['attempts_3']}[/b]</font></td> </tr> </table>"; } function safe_1() { global $ir,$c,$h,$userid,$db; if(isset($_POST['submit'])) { $safe=$db->query(sprintf("SELECT * FROM `cracksafe` WHERE `sname`='%d'",1)); $pot=$db->fetch_row($safe); $rand3 = abs(@intval($pot['pot'])); $_POST['3digit'] = abs(@intval($_POST['3digit'])); $_POST['2digit'] = abs(@intval($_POST['2digit'])); $_POST['1digit'] = abs(@intval($_POST['1digit'])); if($_POST['3digit'] != $rand3) { print "You have entered an incorrect combination. <a href='cracksafe.php'>Return to Safes</a>"; $db->query("UPDATE users SET safetries=safetries-1 WHERE $userid=userid"); $db->query(sprintf("UPDATE cracksafe SET winnings=winnings+%d,winnings2=winnings2+%d WHERE sname = %u",2000,5,1)); exit(0); } $safe=$db->query("SELECT * FROM `cracksafe` WHERE `sname`='1'"); $pot=$db->fetch_row($safe); $rand2 = abs(@intval($pot['pot2'])); if($_POST['2digit'] != $rand2) { print "You have entered an incorrect combination. <a href='cracksafe.php'>Return to Safes</a>"; $db->query("UPDATE users SET safetries=safetries-1 WHERE $userid=userid"); $db->query(sprintf("UPDATE cracksafe SET winnings=winnings+%d,winnings2=winnings2+%d WHERE sname = %d",2000,5,1)); exit(0); } $safe=$db->query(sprintf("SELECT * FROM `cracksafe` WHERE `sname`='%d'",1)); $pot=$db->fetch_row($safe); $rand1 = abs(@intval($pot['pot3'])); if($_POST['1digit'] != $rand1) { print "You have entered the incorrect combination. <a href='cracksafe.php'>Return to Safes</a>"; $db->query("UPDATE users SET safetries=safetries-1 WHERE $userid=userid"); $db->query(sprintf("UPDATE cracksafe SET winnings=winnings+%d,winnings2=winnings2+%d WHERE sname = %d",2000,5,1)); exit(0); } else if($_POST['3digit'] == $rand3 && $_POST['2digit'] == $rand2 && $_POST['1digit'] == $rand1) { $winnings = $pot['winnings']; $winnings2 = $pot['winnings2']; print "You press the numbers [{$_POST['3digit']}][{$_POST['2digit']}][{$_POST['1digit']}] <font color='green' size='3'>Correct Combination, You've won $winnings and $winnings2 Points! </font>"; $r1 = rand(100,110); $r2 = rand(10,20); $r3 = rand(1,9); $money= $pot['winnings']; //The cash pot $points= $pot['winnings2']; //The points pot $db->query(sprintf("UPDATE `users` SET money=money+%u,crystals=crystals+%u WHERE userid=%d",$money,$points,$userid)); $db->query(sprintf("UPDATE cracksafe SET winnings=%d,winnings2=%d WHERE sname = %d",100000,100,1)); $db->query(sprintf("UPDATE cracksafe SET pot=%u,pot2=%u,pot3=%u WHERE sname = %d",abs(@intval($r1)), abs(@intval($r2)), abs(@intval($r3)),1)); $db->query(sprintf("UPDATE cracksafe SET attempts_1=%d WHERE sname = %d",0,1)); } } else { print "<form action='cracksafe.php?action=safe_1' method='post'> Have a shot at cracking the safe! It isnt easy, all 3 numbers must match the correct combination in order to crack the vault. However, the Prize is Well worth it :-) Good luck! First Three: [<input type='text' name='3digit' length='3' maxlength='3'>] ^{Hint: 100 - 110} Second Two: [<input type='text' name='2digit' length='2' maxlength='2'>] ^{Hint: 10 - 20} Last One: [<input type='text' name='1digit' length='1' maxlength='1'>] ^{Hint: 1 - 9} <input type='submit' name='submit' value='submit'> </form>"; $db->query("UPDATE cracksafe SET attempts_1=attempts_1+1 WHERE sname = 1"); } } function safe_2() { global $ir,$c,$h,$userid,$db; if($ir['money'] < 10000) { print "You cannot afford to purchase a crack the safe attempt"; exit(0); } if(isset($_POST['submit'])) { $safe=$db->query("SELECT * FROM `cracksafe2` WHERE `sname`='1'"); $pot=$db->fetch_row($safe); $rand3 = abs(@intval($pot['pot'])); //sql query attempt $_POST['3digit'] = abs(@intval($_POST['3digit'])); if($_POST['3digit'] != $rand3) { print "You entered an incorrect combination. <a href='cracksafe.php'>Back To Safes</a>"; $db->query(sprintf("UPDATE users SET money=money-%d WHERE $userid=userid",10000)); $db->query(sprintf("UPDATE cracksafe2 SET winnings=winnings+%d WHERE sname = 1",10000)); $db->query(sprintf("UPDATE cracksafe2 SET winnings2=winnings2+%d WHERE sname = 1",10)); exit(0); } $safe=$db->query("SELECT * FROM `cracksafe2` WHERE `sname`='1'"); $pot=$db->fetch_row($safe); $rand2 = abs(@intval($pot['pot2'])); $_POST['2digit'] = abs(@intval($_POST['2digit'])); if($_POST['2digit'] != $rand2) { print "You entered an incorrect combination. <a href='cracksafe.php'>Return to Safes</a>"; $db->query(sprintf("UPDATE users SET money=money-%d WHERE $userid=userid",10000)); $db->query(sprintf("UPDATE cracksafe2 SET winnings=winnings+%d WHERE sname = 1",10000)); $db->query(sprintf("UPDATE cracksafe2 SET winnings2=winnings2+%d WHERE sname = 1",10)); exit(0); } $safe=$db->query("SELECT * FROM `cracksafe2` WHERE `sname`='1'"); $pot=$db->fetch_row($safe); $rand1 = abs(@intval($pot['pot3'])); //sql query attempt $_POST['1digit'] = abs(@intval($_POST['1digit'])); if($_POST['1digit'] != $rand1) { print "You entered the incorrect combination. <a href='cracksafe.php'>Return to Safes</a>"; $db->query(sprintf("UPDATE users SET money=money-%d WHERE $userid=userid",10000)); $db->query(sprintf("UPDATE cracksafe2 SET winnings=winnings+%d WHERE sname = 1",10000)); $db->query(sprintf("UPDATE cracksafe2 SET winnings2=winnings2+%d WHERE sname = 1",10)); exit(0); } else if($_POST['3digit'] == $rand3 && $_POST['2digit'] == $rand2 && $_POST['1digit'] == $rand1) { $winnings = abs(@intval($pot['winnings'])); $winnings2 = abs(@intval($pot['winnings2'])); print "You press the numbers [{$_POST['3digit']}][{$_POST['2digit']}][{$_POST['1digit']}] <font color='green' size='3'>Correct Combination, You've won $winnings and $winnings2 Points! <a href='index.php'>Return Home</a></font>"; $r1 = rand(100,150); $r2 = rand(10,30); $r3 = rand(1,9); $money= abs(@intval($pot['winnings'])); //The cash pot $points= abs(@intval($pot['winnings2'])); //The points pot $db->query(sprintf("UPDATE `users` SET money=money+%d,crystals=crystals+%d WHERE userid=%u",$money,$points,$userid)); $db->query(sprintf("UPDATE cracksafe2 SET winnings=%d WHERE sname = 1",500000)); $db->query(sprintf("UPDATE cracksafe2 SET winnings2=%d WHERE sname = 1",300)); $db->query(sprintf("UPDATE cracksafe2 SET pot=%u, pot2=%u,pot3=%u WHERE sname = 1",$r1,$r2,$r3)); $db->query("UPDATE cracksafe2 SET attempts_2=0 WHERE sname = 1"); } } else { print "<form action='cracksafe.php?action=safe_2' method='post'> Have a shot at cracking the safe! It isnt easy, all 3 numbers must match the correct combination in order to crack the vault. However, the Prize is Well worth it :-) Good luck! First Three: [<input type='text' name='3digit' length='3' maxlength='3'>] ^{Hint: 100 - 150} Second Two: [<input type='text' name='2digit' length='2' maxlength='2'>] ^{Hint: 10 - 30} Last One: [<input type='text' name='1digit' length='1' maxlength='1'>] ^{Hint: 1 - 9} <input type='submit' name='submit' value='submit'> </form>"; $db->query("UPDATE cracksafe2 SET attempts_2=attempts_2+1 WHERE sname = 1"); } } function safe_3() { global $ir,$c,$h,$userid,$db; if($ir['money'] < 100000) { print "You cannot afford this crack the safe attempt"; exit(0); } if(isset($_POST['submit'])) { $safe=$db->query("SELECT * FROM `cracksafe3` WHERE `sname`='1'"); $pot=$db->fetch_row($safe); $rand3 = abs(@intval($pot['pot'])); $_POST['3digit'] = abs(@intval($_POST['3digit'])); if($_POST['3digit'] != $rand3) { print "You entered the incorrect combination <a href='cracksafe.php'>Return to Safes</a>"; $db->query(sprintf("UPDATE users SET money=money-%d WHERE $userid=userid",100000)); $db->query(sprintf("UPDATE cracksafe3 SET winnings=winnings+%d WHERE sname = 1",100000)); $db->query(sprintf("UPDATE cracksafe3 SET winnings2=winnings2+%d WHERE sname = 1",20)); exit(0); } $safe=$db->query("SELECT * FROM `cracksafe3` WHERE `sname`='1'"); $pot=$db->fetch_row($safe); $rand2 = abs(@intval($pot['pot2'])); $_POST['2digit'] = abs(@intval($_POST['2digit'])); if($_POST['2digit'] != $rand2) { print "You entered the Incorrect Combination <a href='cracksafe.php'>Return to Safes</a>"; $db->query(sprintf("UPDATE users SET money=money-%d WHERE $userid=userid",100000)); $db->query(sprintf("UPDATE cracksafe3 SET winnings=winnings+%d WHERE sname = 1",100000)); $db->query(sprintf("UPDATE cracksafe3 SET winnings2=winnings2+%d WHERE sname = 1",20)); exit(0); } $safe=$db->query("SELECT * FROM `cracksafe3` WHERE `sname`='1'"); $pot=$db->fetch_row($safe); $rand1 = abs(@intval($pot['pot3'])); $_POST['1digit'] = abs(@intval($_POST['1digit'])); if($_POST['1digit'] != $rand1) { print "You entered the incorrect combination <a href='cracksafe.php'>Return to Safes</a>"; $db->query(sprint("UPDATE users SET money=money-%d WHERE $userid=userid",100000)); $db->query(sprintf("UPDATE cracksafe3 SET winnings=winnings+%d WHERE sname = 1",100000)); $db->query(sprintf("UPDATE cracksafe3 SET winnings2=winnings2+%d WHERE sname = 1",20)); exit(0); } else if($_POST['3digit'] == $rand3 && $_POST['2digit'] == $rand2 && $_POST['1digit'] == $rand1) { $winnings = abs(@intval($pot['winnings'])); $winnings2 = abs(@intval($pot['winnings2'])); print "You press the numbers [{$_POST['3digit']}][{$_POST['2digit']}][{$_POST['1digit']}] <font color='green' size='3'>Correct Combination, You've won $winnings and $winnings2 Points![url='index.php']Return Home[/url] </font>"; $r1 = rand(100,200); $r2 = rand(10,25); $r3 = rand(1,9); $money= abs(@intval($pot['winnings'])); //The cash pot $points= abs(@intval($pot['winnings2'])); //The points pot $db->query(sprintf("UPDATE `users` SET money=money+%u,crystals=crystals+%u WHERE userid=%u",$money,$points,$userid)); $db->query(sprintf("UPDATE cracksafe3 SET winnings=%d WHERE sname = 1",1000000)); $db->query(sprintf("UPDATE cracksafe3 SET winnings2=%d WHERE sname = 1",500)); $db->query(sprintf("UPDATE cracksafe3 SET pot=%u,pot2=%u,pot3=%u WHERE sname = 1",$r1,$r2,$r3)); $db->query("UPDATE cracksafe3 SET attempts_3=0 WHERE sname = 1"); } } else { print "<form action='cracksafe.php?action=safe_2' method='post'> For 100k you have the chance to crack the Ultra Safe. The prize is...immaculate..but the chance of success is slim. You'll need luck, so good luck! First Three: [<input type='text' name='3digit' length='3' maxlength='3'>] ^{Hint: 100 - 200} Second Two: [<input type='text' name='2digit' length='2' maxlength='2'>] ^{Hint: 10 - 25} Last One: [<input type='text' name='1digit' length='1' maxlength='1'>] ^{Hint: 1 - 9} <input type='submit' name='submit' value='submit'> </form>"; $db->query("UPDATE cracksafe3 SET attempts_3=attempts_3+1 WHERE sname = 1"); } } $h->endpage(); ?>