Joshua

if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { die('Stop trying to abuse a Bug, Enter a picture format!'); }   The whole if(!preg_Match statement checks if it's jpg, jpeg, gif or png Anything else and you get a die(error) It works, as i'm using it. I'm new to php but I learned that much.

Ok, for all those who have been like myself, curious, i just discovered this works well   This will Secure your "Upload Display_Pic" form and stop users from entering code instead of a URL.   function pic_change() { global $ir, $db; $Pic = $db->query(sprintf("SELECT `display_pic` FROM `users` WHERE `userid`='%d'", $ir['userid'])); if (isset($_POST['NewPic'])) { if ($_POST['NewPic'] == '') { echo 'You Did Not Enter An Image'; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { die('Stop trying to abuse a Bug, Enter a picture format!'); } else { $_POST['NewPic'] = str_replace(array("<", ">", "'", ";", ".php", ".html", ".js"), array("", "", "", "", "", "", ""), $_POST['NewPic']); $db->query(sprintf("UPDATE `users` SET `display_pic`='%s' WHERE `userid`='%d'", $_POST['NewPic'], $ir['userid'])); echo 'Picture Changed'; } } }   I took this snippet of code   if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { die('Stop trying to abuse a Bug, Enter a picture format!'); } And I put it under   function gang_staff_desc2() { global $db,$ir,$c,$userid,$gangdata; if($gangdata['gangPRESIDENT'] == $userid ) { if(isset($_POST['titlebanner'])) {   To ensure the file being uploaded is an image file. I hope you can figure out how to install this and secure your site, gluck :)

Ok, so I just installed the User Sig profile and got to looking at it In user signatures they can <img src= Photo's for their signature.   Since I want them to be able to, is it possible for someone to session hijack using the same trick used in Display Pic? And if it is, What's a quick fix to secure it?

I did that to a lot of games but I never did anything malicious. The bug was found on a game I'm currently working on and the user informed me. So i felt it necessary to inform others. Shrugz, Tried to be helpful by checking for the bug and I can't tell you how many people got upset that I "did it" in the first place. Like Chicka, I didnt even do it, I tried. Added the code, then Told chicka to check my profile and she blows up calling me an idiot and it's already been fixed!. Good? If i was trying to hack someones game with malicious intent I wouldnt be emailing the admin telling them I beleive your game has a security leak, check my profile. seriously. :|

I'm looking for a mod, perhaps it's on here, but I cant find it. That tells people just what users are doing when you visit their profile.   Browsing explore, Viewing a profile and who's, Going to the market, sending mail..etc. I'm more wanting this for Security issues as I like to know what new users are doing when they first sign up on my game and frequently check on them.   Has anyone seen a mod like this? Or is there one out there?

Hrm..

I beg your pardon?

Lifesaver, I been up to late and overlooked obvious. Kudos and +10 ^_^ That worked exactly like it should ><   Now if i can just get my gym error working i'll be at 95% tnx again.

So I have this code defined in my register to send certain users to certain cities upon characther creation based on their race. My problem is everytime a New User creates it sends ALL My users to his city. This is urgent as I have my cities race specified only the correct race can use Explore.php PRz help :P     $i=$db->insert_id(); if ('race==1') { $db->query("INSERT INTO userstats VALUES($i, 10, 10, 50, 10, 10, 10)"); $db->query("UPDATE users SET location=3"); } else if ('race==2') { $db->query("INSERT INTO userstats VALUES($i, 10, 50, 10, 10, 10, 10)"); $db->query("UPDATE users SET location=1"); } else if ('race==3') { $db->query("INSERT INTO userstats VALUES($i, 50, 10, 10, 10, 10, 10)"); $db->query("UPDATE users SET location=2"); }

Ok, so I currently have a race mod installed where when users register they have to select a race 1,2 or 3.   When the user goes to the Gym, the ['race'] defined, gets a Bonus work-out in 1 stat. race 1 - guard, race 2- agility race 3 - strength.   My problem is, even if i up the multiplier for the raxe *10000   I still can't tell any differance than the stat supposed to have the multiplier or one that doesnt. Here's the code added in, is there anything wrong with it? Can you tell?   if ($ir['race']==1 AND $stat=="guard") { $inc=$ir[$stat]+$gain*1.1; } elseif ($ir['race']==2 AND $stat=="agility") { $inc=$ir[$stat]+$gain*1.1; } elseif ($ir['race']==3 AND $stat=="strength") { $inc=$ir[$stat]+$gain*1.1; } else { $inc=$ir[$stat]+$gain; }

I'm not 100% sure on anything at this point as I can't seem to get this to work, and if it IS working i dont even notice it.. Basically what this is, I have a Race mod, where users with a differant race, get differant stats when Working out. "ie" agility may go up faster than strength etc etc. My problem is actually seeing the differance.   Should just be able to find   1 $inc=$ir[$stat]+$gain; in gym.php   and turn that into   if ($ir['race']==1 AND $stat=="guard") { $inc=$ir[$stat]+$gain*3; } elseif ($ir['race']==2 AND $stat=="strength") { $inc=$ir[$stat]+$gain*3; } elseif ($ir['race']==3 AND $stat=="agility") { $inc=$ir[$stat]+$gain*1.1; } else { $inc=$ir[$stat]+$gain; }

if ($ir['race']==1 AND $stat=="guard") { $gain += mt_rand(1, 3) / mt_rand(500, 900) * mt_rand(500, 900) * (($will + 20) / 150)*50; } elseif ($ir['race']==2 AND $stat=="agility") { $gain += mt_rand(1, 3) / mt_rand(500, 900) * mt_rand(500, 900) * (($will + 20) / 150)*50; } elseif ($ir['race']==3 AND $stat=="$agility") { $gain += mt_rand(1, 3) / mt_rand(500, 900) * mt_rand(500, 900) * (($will + 20) / 150)*50; } else { $gain += mt_rand(1, 3) / mt_rand(500, 900) * mt_rand(500, 900) * (($will + 20) / 150); } $will = max(0, $will - mt_rand(1, 3)); } if ($row['jail']) $gain *= 0.5;   Maybe THIS Helps. Full gym code...   <?php $macropage="gym.php"; require "globals.php"; if($ir['hospital']) { die("<prb>This page cannot be accessed while in hospital.</prb>"); } $statnames=array( 'Strength' => 'strength', 'Agility' => 'agility', 'Guard' => 'guard', 'Labour' => 'labour'); $_POST['amnt']=abs((int) $_POST['amnt']); if(!$ir['jail']) { print "<h1>Gym</h1><hr width='90%' align='left' />"; } else { print "<h1>Jail Gym</h1><hr width='90%' align='left' />"; } if($_POST['stat'] && $_POST['amnt']) { $stat=$statnames[$_POST['stat']]; if(!$stat) { die("<prb>This stat cannot be trained.</prb>"); } if($_POST['amnt'] > $ir['energy']) { print("<prb>You do not have enough energy to train that much.</prb><hr width='90%' align='left' />"); } else { $gain=0; for($i=0; $i<$_POST['amnt']; $i++) { $gain+=rand(1,3)/rand(800,1000)*rand(800,1000)*(($ir['will']+20)/150); $ir['will']-=rand(1,3); if($ir['will'] < 0) { $ir['will']=0; } } if($ir['jail']) { $gain/=2; } $db->query("UPDATE `userstats` SET `{$stat}` = `{$stat}` + $gain WHERE `userid` = $userid"); $db->query("UPDATE `users` SET `will` = {$ir['will']}, energy = energy - {$_POST['amnt']} WHERE `userid` = $userid"); if ($ir['race']=='1' AND $stat=='guard') { $inc=$ir[$stat]+$gain*200000; } elseif ($ir['race']== '2' AND $stat=='agility') { $inc=$ir[$stat]+$gain*200000; } elseif ($ir['race']=='3' AND $stat=='strength') { $inc=$ir[$stat]+$gain*200000; } else { $inc=$ir[$stat]+$gain; } $inc2=$ir['energy']-$_POST['amnt']; if($stat=="strength") { print "You start to lift some weights, You go heavier and heavier until You are out of energy. You have gained {$gain} strength by doing {$_POST['amnt']} sets of weights. You now have {$inc} strength and {$inc2} energy left."; } elseif($stat=="agility") { print "You Begin to run on the treadmill, You keep tapping the faster button till you fly off the damn thing!. You have gained {$gain} agility by doing {$_POST['amnt']} minutes of running. You now have {$inc} agility and {$inc2} energy left."; } elseif($stat=="guard") { print "You jump into the pool and begin swimming, you keep flapping your arms in the water like Michael Felps, you get a cramp and almost drown. You have gained {$gain} guard by doing {$_POST['amnt']} minutes of swimming. You now have {$inc} guard and {$inc2} energy left."; } elseif($stat=="labour") { print "You walk over to the front desk, and ask the manager If you can volunteer to help the gym out, He says unload the boxes In the back, You unload boxes until the gym closes You have gained {$gain} labour by unloading {$_POST['amnt']} boxes. You now have {$inc} labour and {$inc2} energy left."; } print "<hr />"; $ir['energy']-=$_POST['amnt']; $ir[$stat]+=$gain; } } $ir['strank']=get_rank($ir['strength'],'strength'); $ir['agirank']=get_rank($ir['agility'],'agility'); $ir['guarank']=get_rank($ir['guard'],'guard'); $ir['labrank']=get_rank($ir['labour'],'labour'); print "<table width='90%'><tr><td> POST WHAT YOU WANT HERE, THIS IS THE WELCOME PAGE TO THE GYM. You can train up to <prb>{$ir['energy']}</prb> times with your current energy.</p></td></tr></table> <hr width='90%' align='left' /> <table width='90%' class='table'> <tr> <form action='gym.php' method='post'> <input type='hidden' name='stat' value='Strength'></input> <th width='15%'><ph2>Strength:</ph2></th> <td width='15%'>{$ir['strength']}</td> <td width='10%'>(Rank {$ir['strank']})</td> <td width='40%'>Times to train: <input type='text' name='amnt' value='{$ir['energy']}' length='5'></input></td> <td width='20%'><input type='submit' value='Go!'></input></td> </form> </tr> <tr> <form action='gym.php' method='post'> <input type='hidden' name='stat' value='Agility'></input> <th width='15%'><ph2>Agility:</ph2></th> <td width='15%'>{$ir['agility']}</td> <td width='10%'>(Rank {$ir['agirank']})</td> <td width='40%'>Times to train: <input type='text' name='amnt' value='{$ir['energy']}'></input></td> <td width='20%'><input type='submit' value='Go!'></input></td> </form> </tr> <tr> <form action='gym.php' method='post'> <input type='hidden' name='stat' value='Guard'></input> <th width='15%'><ph2>Guard:</ph2></th> <td width='15%'>{$ir['guard']}</td> <td width='10%'>(Rank {$ir['guarrank']})</td> <td width='40%'>Times to train: <input type='text' name='amnt' value='{$ir['energy']}'></input></td> <td width='20%'><input type='submit' value='Go!'></input></td> </form> </tr> <tr> <form action='gym.php' method='post'> <input type='hidden' name='stat' value='Labour'></input> <th width='15%'><ph2>Labour:</ph2></th> <td width='15%'>{$ir['labour']}</td> <td width='10%'>(Rank {$ir['labrank']})</td> <td width='40%'>Times to train: <input type='text' name='amnt' value='{$ir['energy']}'></input></td> <td width='20%'><input type='submit' value='Go!'></input></td> </form> </tr> </table> <hr width='90%' align='left' /> "; $h->endpage(); ?> Ok, So can't for the life of me figure out why the Race isnt getting the Benefit when work-out. Everything is working just like it should. I even tried raising the multiplier to 50 as you can see so it would be an obvious differance. Can you spot the error? tnx

Very useful indeed, Thank you for your help, that is a dangerous hack :\

It's not the IP variable hack, i've installed everything on these Forums I could think of to protect. I did manage to fix it but ...gah It's basically a hack going through the preferances page. They enter certain codes into the Display Pic and when an Admin Views their Profile it makes them auto Admin. I understand how it works, just wasnt sure how to stop it :|

For those that are aware of this hack, Could you please post what needs to be done to secure for it? This is not forum injection or cmarket injection. I don't know how much more specific i can/should get.

What would I have to do to have the EXACT Energy/Brave/will etc... number and % show up ie 90/100 90% I can't for the life of me figure it out. Thanks in advance.

Re: Explore-Moderate Modification to original script Thanks guy, I wasn't exactly calling it a "mod" as i didnt change much of anything with the original script. Just giving users the Option to City Restrict differant options in their explore and making it A lot easier to change scripts around and or fonts/styles.   Hope this helps someone, it's not in depth, but I'm learning as I go :)

Basically made it a bit easier to change all the Link Fonts and add / adjust current and new links This also makes differant links City Level specific. Ie. If you wish for people not to be able to go to certain things until certain level just switch links around for what works for your site. I do have the Zombie Mod Link installed in this script, if you do not just remove the code. Also if you want a bit more security to this...to keep people from just manually typing in the link in the URL if they arent in the right city. Go to the individual scripts you are making level specific and include an if statement in the beginning of the script that checks the SQL for the city level. Again, this is just a basic adjustment that I use for my game. Some scripts and codes will need to be modified to fit yours I'm sure as we all use diff scripts.   <?php require "globals.php"; $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($hvz['hvz'] ==1) { if($hvz['totzombies'] < 10 && $ir['humanorzombie'] ==0) { $randzomb=(int) rand(1,100); $randthaught=(int) rand(1,5); if($randthaught == 1) { $thaught="I shall miss my family."; } else if($randthaught == 2) { $thaught="My son shall avenge me."; } else if($randthaught == 3) { $thaught="I'm too young to die!! Can't somebody help me?!?!?!"; } else if($randthaught == 4) { $thaught="After all the horrors I've survived, I turn into a brainless zombie...sigh."; } else if($randthaught == 5) { $thaught="Time to visit my ex... >:]"; } if($randzomb > 80) { print "[b]You've been bitten by a wandering zombie[/b], the last rational thought you have before turning into a zombie is: $thaught."; $db->query("UPDATE users SET humanorzombie=1 WHERE userid=$userid"); $db->query("UPDATE hvzstats SET totzombies=totzombies+1"); $h->endpage(); exit; } } } $abc=" <font color=white>"; if($ir['location'] == 1) { $link1="shops.php"; $name1="Shops"; $link2="creditcard.php"; $name2="Credit Card"; $link3="rentaspy.php"; $name3="Hire a Spy"; $link4="slotsmachine.php"; $name4="Slots"; $link5="magicslotsv2.php"; $name5="Shared Slots"; } else if($ir['location'] == 5) { $link1="itemmarket.php"; $name1="Item Market"; $link2="cyberbank.php"; $name2="cyberbank.php"; $link3="assassin.php"; $name3="Assassin"; $link4="propose.php"; $name4="Propose"; $link5="horsing.php"; $name5="Horse Race"; } else if($ir['location'] == 10) { $link1="cmarket.php"; $name1="Points Market"; $link2="investment.php"; $name2="Investment Opputrunity"; $link3="partner.php"; $name3="Marriage Center"; $link4="cslots.php"; $name4="Points Slots"; $link5="poker.php"; $name5="Poker"; } else if($ir['location'] == 15) { $link1="stocks.php"; $name1="Stock Market"; $link4="roulette.php"; $name4="Roulette."; $link5="Lucky.php"; $name5="Mystery Box"; } $q=$db->query("SELECT u.*,c.* FROM users u LEFT JOIN cities c ON u.location=c.cityid WHERE u.userid=$userid"); $r=$db->fetch_row($q); print "This is your referal link: http://{$domain}/register.php?REF=$userid Every signup from this link earns you ten points when they reach level 3!"; print " <center><h3><font color=White>[b]Your Current Location is {$r['cityname']}[/b]</font></h3></center> <center>[img=cities/{$r[] </center>"; print "[b]<h4><font color=grey>You begin exploring the area you're in, you see a bit that interests you.</font></h4>[/b] <center><table width=100% valign=top><tr height=140> <table border=\"3\" class=\"table\"><tr><td class=\"table\">[b]<font color=#CCCC00><u>Market</u></font>[/b] [i][url='{$link1}']$abc {$name1}[/url][/i] [i][url='trade.php']$abc Safe Trade[/url][/i] </td><td class=\"table\" border=\"3\">[b]<font color=#CCCC00><u>Investment Oppurtunities</u></font>[/b] [i][url='bank.php']$abc Bank [/url][/i] [i][url='{$link2}']$abc {$name2}[/url][/i] [i][url='houses.php']$abc Housing and Rentals[/url][/i] </td><td class=\"table\">[b]<font color=#CCCC00><u>See the Sites</u></font>[/b] [i][url='monorail.php']$abc Metro Rail[/url][/i] [i][url='countries.php']$abc Airline[/url][/i] </td></tr><tr><td class=\"table\">[b]<font color=#CCCC00><u>Career Field</u></font>[/b] [i][url='job.php']$abc Employment[/url][/i] </td><td class=\"table\">[b]<font color=#CCCC00><u>For Hire</u></font>[/b] [i][url='{$link3}']$abc {$name3}[/url][/i] [i][url='crystaltemple.php']$abc Point Purchaser[/url][/i] [i][url='battletent.php']$abc Kill a Zombie[/url][/i] </td><td class=\"table\">[b]<font color=#CCCC00><u>Clans</u></font>[/b] [i][url='creategang.php']$abc Create A Clan[/url][/i] [i][url='gangcentral.php']$abc Clan Lists[/url][/i] [i][url='gangwars.php']$abc Clan Wars[/url][/i] [i][url='yourgang.php']$abc Your Clan[/url][/i] </td></tr><tr><td class=\"table\">[b]<font color=#CCCC00><u>Underground Things to Do</u></font>[/b] [i][url='{$link4}']$abc {$name4}[/url][/i] [i][url='chance.php']$abc 50-50 Points[/url][/i] [i][url='chancec.php']$abc 50-50 Money[/url][/i] [i][url='{$link5}']$abc {$name5}[/url][/i] [i][url='propose.php']$abc Marriage[/url][/i] </td><td class=\"table\">[b]<font color=#CCCC00><u>Car Central</u></font>[/b] [i][url='caryard.php']$abc Car Lot[/url][/i] [i][url='garage.php']$abc Your Garage[/url][/i] [i][url='carmarket.php']$abc Car Market[/url][/i] </td><td class=\"table\">[b]<font color=#CCCC00>[b]General Information[/b]</font>[/b] [i][url='userlist.php']$abc Users List[/url] [i][url='halloffame.php']$abc Hall of Fame[/url][/i] [i][url='fedjail.php']$abc Federal Lock-up[/url][/i] [i][url='stats.php']$abc Game Statistics[/url][/i] [i][url='helptutorial.php']$abc Tutorial[/url][/i] "; $zom=$db->query("SELECT * FROM hvzstats"); $hvz=$db->fetch_row($zom); if($hvz['hvz'] ==1) { print"[url='hvzlist.php']$abc Humans vs. Zombie list[/url] "; } print" [i][url='stafflist.php']$abc Staff List[/url][/i] [i][url='usersonline.php']$abc On-Line Users[/url][/i] [i][url='http://www.friendscirlce.forumsplace.com']$abc Community Forums[/url][/i] </td></tr></table><center>"; $h->endpage(); ?>

Re: Looking for code paying $5 Wow...You really did fall far from IQ ladder didn't you? I've bought a few codes on these forums, and common knowledge is. A. Buy from someone who is well known. B. Purchase script then try it out.(if it doesnt work they will help you until it does, it's part of the buyer/seller agreement.) C. Never bash all the coders on here as it's a quick ticket to outrageous prices for even the smallest scripts or no help at all. As well as a few of them possibly deleting your game ;) D. You personally should never post again, as you've lost all credit here and lack the knowledge of how to code something as simple as what was just stated above. Give up on your game until you learn <?php ?> tags at bare minimum :| E. Polish up a nice shiny 9mm irl and insert into rectum. Squeeze trigger ever so gently and +1 for the average IQ population in your general area. Good job! +10

Re: Looking to buy I dno about the property market but someone already has a free mod posted with Multiple houses and You can rent them out as well. :)

Re: A moderate Requests that will Help A lot of forum members. Very helpful T. I use everything I posted and then some I just want to go through every single page I have and change all db->queries to something a bit more secure I was also told that every function that has say...if($irblahblah['yadda']) should be changed to (htmlspecialchars(yaddayadda)) using stripslashes and the likes I've put a lot of time and effort into my game and will continue to do so, I just want to make sure i have it S.E.C.U.R.E as can be before i spend another 2-300.00 on it in advertising. thank you for the advice.

Ok, so i've been through and through all the posts in Regards to Securing ones site via this forum and a few others. It's common knowledge that you can't secure your site JUST throwing a few lines in Header.php, Login.php, Register.php, and Authenticate.php Here is my request. A lot of you professionals on this board know the Escape strings etc and how to use them. If you could instead of telling us all to use '".mysql_real_escape_string give us a very small Demonstration on the way it looks inserted.. ie.. '".mysql_real_escape_string($_GET['ID'])."'",$c); That way, we can take what you show us and manually go through all our files ( if they aren't lazy ) And at least get some basic defense from your average hackers. I am just now to the point where I can read and Understand the language and write a few basic mods to my mods. But I'm not knowledgeable with writing my own scripts etc. One liners such as $_GET['ID'] = abs((int) $_GET['ID']); Won't 100% secure any site nor will   function checkIncomingData($idata, $minsize, $maxsize) { if ( strlen($idata)<$minsize or strlen($idata)>$maxsize ) { return false; } else { return true; } } //make sure that nothing bad can be entered by the user (-->sql injection attack) function cleanIncomingData($idata) { $cleaned = trim($idata); $cleaned = mysql_real_escape_string($cleaned); return $cleaned; }     $IP = $_SERVER['REMOTE_ADDR']; function cleanQuery($string) { if(get_magic_quotes_gpc()) // prevents duplicate backslashes { $string = stripslashes($string); } if (phpversion() >= '4.3.0') { $string = mysql_real_escape_string($string); } else { $string = mysql_escape_string($string); } return $string; }   I guess what I'm asking is give us examples of the proper tags and what to use them on. I'm not lazy, I have no problem going through every last one of my files and correcting code, I just am not sure how to insert the codes exactly. If this makes sense and you offer your help, thanks. If not, well, I tried :P Just figured this would end the multiple posts and perhaps be a step in the right direction to securing the po-dunk script that is McCodes ><

Re: [$$$] For The final things I need to release my game. Yes the one click attack mod. It's unsecure like crazy and has a few bugs.

Re: [v2] Approval System I actually could use the Approval Script. It will go well with my Referral system.

Ok so I'm getting down to the wire now, and have already purchased a few helpful mods from these forums, so here is another couple of requests. I need. An advanced Referral Mod. This mod must include. Referral Link--As the original has. Referral Page--Where users can see who all has been referred and if they were approved or Denied as well as whether they have donated or not. Staff Page--Where Staff can approve or deny a refereral (after observing them) Referals that Donate will pass 10% of the money donated to the person who referred them( to spend in donator store ) Referrals of Referrals will pass up 2% of the money donated to the Original Referer ( to spend in donator store ) Custom Page where Referrer can see how much money he has stored up from referrals to spend for store ( or include this on the Donators Page ) ______ Custom Donators Mod I'd like a custom Donators mod that must include the following. Store type Lay-out with Paypal Purchase Link next to items. Staff Panel Option to easily add new "item of the month type" Donator Items to the store. ____________   I may wait on this last mod as it appears the crew of CE may be pulling together to make a good one, However. I am in desperate need of a custom Attack.php/Attackwon.php etc Mod. I am currently using one on the boards right now but it has a few bugs. IF you can fix the bugs in the mod it's worth 5.00 to me. The Mod I am currently using is single attack mod. User selects a weapon. Clicks to attack. User hits so and so for xxx of damage Opponent hits back or loses for xxx of damage. You gain xxx Xp.   Problem I'm having with the current one I'm using is.. If the Opponent is Off-line and the attacker wins, he gets a lot of health above what is max..and if the player he is attacking off-line wins, the attacked goes into severe negative health. Attackwon.php if opted to rob them and they have 0 cash, You go into the negatives. Few small bugs I'd rather have fixed than have an entire new attack.php/win.php as I've got a lot of mods already added to the one I currently use and would hate to have to re add them all ><   So those are the Top 3 Priority I need for my game. Also looking for an Advanced Crack the Safe mod, not like the one on here. This would include 3 Safes. One free to hack 10 attempts per day.--Prize goes up the more people that fail to crack it. After say..200 failed cracks the First of 4 digit code is exposed. ie. xxxx after 200 attempts 7xxx One Safe that costs..xxx amount an attempt. max of 10 attempts. same as above One Safe that costs xxx amount an attempt. max of 15 attempts. same as above except much larger prize and 5 digits instead of 4. Would be nice if some sort of cookie was added to the crack the safe page that shows #'s you have already tried and perhaps a previous winners section as well. That's it, for now. Hit me up with which ones you think you can do for me and a Price Tag.