lucky3809

i havent ran the query just thought the ; shouldnt be there by looking at it. I cant see anything else that would be causing that problem unless its something in the code before that's out of place, should post the whole file.

Edit... This line is wrong $db->query("INSERT INTO userimages VALUES('',$userid,'{$_POST['newpic']}');",$c); Should be... $db->query("INSERT INTO userimages VALUES('',$userid,'{$_POST['newpic']}')",$c);

wasnt looking for an easy way out lol. I used it's scanner to see if I had secured everything in a script, which I have, was wondering if the scan was effectively relevant to use with mccodes. But as I ran other scripts I found it didnt pick up everything like it was suppose to. a_bertrand pretty much summed it up lol.

I was wanting to know if anyone ever used this website and if so is it effectively really reading security right? http://evuln.com/tool/php-security.html

Can always use this for the img tags.... A way to secure tag's

$db->query("SELECT * FROM `dealer_global` WHERE `D_userid` = ".$userid); that dont look right the ". by $userid take that part off and just leave $userid

Try replacing the 2 insert queries with this... $m=$db->query("INSERT INTO items VALUES('{$_POST['itmid']}','{$_POST['itmtype']}','$itmname','$itmdesc','{$_POST['itmbuyprice']}','{$_POST['itmsellprice']}','$itmbuy', '{$_POST['effect1on']}', '$efx1', '{$_POST['effect2on']}', '$efx2', '{$_POST['effect3on']}', '$efx3', '$weapon',' $armor')");   Sometimes the ' is the problem which some of the items dont have around them.

Thank you Illusion! I have figured it out, it took me time and yes as you said it did need a drasic change had to add another userstats table which has helped me for what I was aiming for!! @ Paul Iam doing the set up roguevampires.net has, when you equip a weapon it adds stat boost and when you unequip it takes that stat boost off. What I was having a problem with was when you unequiped,it didnt take the right value off which is multiplication, stats times the value of the boost, which is impossible how i was doing it lol. so I added another userstats table and it gave me what I was looking for.

Need some help I'm trying to return a value to the userstats table... for instance I added 0.8 guard effect to a weapon then when I equip it I times it by the stat that a player already has trained, how do i go about when unequipped it so it takes that amount back off? I've tried $amount=$einfo['inc_amount']*[$einfo['stat']; $db->query("UPDATE `userstats` SET $stats=$stats-$amount WHERE (`userid`=".$_SESSION['userid'].")"); But it's taking off triple the amount, then it suppose to.

as the saying goes beggars cant be choosers! it could of ,should of, would of, but it's not. Maybe the mod isnt suppose to be a copy of facebook, and myspace O_o Not a bad mod, and it may not be good for you but everyone has different opinions, dont criticize something that is given free, Im so sick of seeing this on this forum when someone gives there hard work for free then people come in and criticize it, if you think you all can do better then do it better, and keep your negatives to your own work, I've given up giving free mods, most people seem ungrateful on here, over a free mod given freely, now all I do is help others and still im criticized for it lol. its free help TOO!

i copied and pasted what the poster added, I did not add that, I used tinyint for age but I added them manually... Adding them to the user table does not hurt. All I did was help someone figure it out as for the original one did not work at all. ah yeah not going to secure it as for I have other things im doing this was coded within 5 minutes of my busy schedule I dont have time to secure it, as for the poster never either, I just fixed what wasnt working. Its easy to use google to search for security tuts, if you cant secure the code yourself then you should not be coding a game. Its that simple. I do not use this mod, so that is another reason why i never secured it.

OK hope this helps everyone haha Instead of making another table were going to Alter the user table... [mysql]ALTER TABLE users ADD `first` varchar(11) NOT NULL default 'N/A' ALTER TABLE users ADD `last` varchar(11) NOT NULL default 'N/A' ALTER TABLE users ADD `age` tinyint(4) NOT NULL default '0' ALTER TABLE users ADD `aog` varchar(25) NOT NULL default 'N/A' ALTER TABLE users ADD `msn` varchar(25) NOT NULL default 'N/A' ALTER TABLE users ADD `aim` varchar(25) NOT NULL default 'N/A' ALTER TABLE users ADD `aol` varchar(25) NOT NULL default 'N/A' ALTER TABLE users ADD`yahoo` varchar(25) NOT NULL default 'N/A' ALTER TABLE users ADD`personal` enum('ON','OFF') NOT NULL default 'OFF'[/mysql] Open up preferences.php Add this to the case part... case 'detailchange1': do_detail_change(); break; case 'detailchange': detail_change(); break; case 'detailschange2': do_details_change(); break; case 'detailschange': start_details_change(); break;   After that scroll down add echo ' <size="1"> <a href="preferences.php?action=detailschange">Toggle Details On/Off</a> <a href="preferences.php?action=detailchange">Change Details</a> </size> ';   Scroll down to the bottom and above ... $h->endpage(); ?>   Add: function detail_change() { global $db,$userid; echo '<h3>Personal Details Change</h3>'; $pd=$db->query("SELECT * FROM users WHERE userid=$userid"); $p=$db->fetch_row($pd); echo '<form action="preferences.php?action=detailchange1" method="post"> First Name: <input type="text" name="fistname" value="'.$p['first'].'" /> Last Name: <input type="text" name="lastname" value="'.$p['last'].'" /> Age: <input type="text" name="age" value="'.$p['age'].'" /> Aim Of The Game: <input type="text" name="aog" value="'.$p['aog'].'" /> Msn: <input type="text" name="msn" value="'.$p['msn'].'" /> Aim: <input type="text" name="aim" value="'.$p['aim'].'"/> Aol: <input type="text" name="aol" value="'.$p['aol'].'"/> Yahoo: <input type="text" name="yahoo" value="'.$p['yahoo'].'" /> <input type="submit" value="Update"/></form>'; } function do_detail_change() { global $db,$userid; $pd=$db->query("SELECT * FROM users WHERE userid=$userid"); $p=$db->fetch_row($pd); $db->query("UPDATE users SET first='{$_POST['fistname']}', last='{$_POST['lastname']}', age='{$_POST['age']}', aog='{$_POST['aog']}', msn='{$_POST['msn']}', aim='{$_POST['aim']}', aol='{$_POST['aol']}', yahoo='{$_POST['yahoo']}', personal='{$_POST['personal']}' WHERE userid=$userid"); echo 'Personal Details Changed!'; } function start_details_change(){ global $ir,$userid,$h; if($ir['personal'] == "On") { $d="Off"; } else { $d="On"; } echo "Are you sure you want turn your details $d? "; echo' <a href="preferences.php?action=detailschange2">Yes</a> | <a href="preferences.php">No</a>';} function do_details_change(){ global $ir,$userid,$h; if($ir['personal'] == "On") { $d="Off"; } else { $d="On"; } mysql_query("UPDATE users SET personal='$d' WHERE userid=$userid"); echo "Success, your details is now $d! "; echo' <a href="index.php">Back</a>'; }   Open view user and add this part anywhere:   echo '<b><u>Personal Information:</u></b> '; if($r['personal'] ==On) { echo 'First Name: '.$p['first'].' Last Name: '.$p['last'].' Age: '.$p['age'].' Aim Of The Game: '.$p['aog'].' Msn: '.$p['msn'].' Aim: '.$p['aim'].' Aol: '.$p['aol'].' Yahoo: '.$p['yahoo'].' '; } else { echo 'This person does not want to share their personal details.'; }   Edit: Dont forget to update register.php and add OFF in the insert query when your members register.

You got to LEFT JOIN user table in the query and also in register you need to insert OFF For it to show on users profile..

the error is saying there is no function of array_rand... the array is empty as Diesl mention... the $petid= part should be something like $petid=array("a"=>"Dog","b"=>"Cat","c"=>"Horse"); OR as Blade mention $petid = [$r['itmid']]++; $pet[0]=print_r(array_rand($petid,1)); $pet[1]=print_r(array_rand($petid,1));

Try taking off _rand delete all those then test the cron see if it works leave array there though.

Do you have the pictures in a folder if not and they are in the root take off hsepics/ Or add what folder you have placed them in, think its your path why the picture dont show up.

Found your problem your converting the cron wrong it should be this from the top, didnt post the whole cron but you get the idea... Your changing array_rand to row_rand and it stays exactly the same for v2 also. require "globals.php"; global $c; $db->query("TRUNCATE TABLE pstock;"); $er=$db->query("SELECT * FROM items WHERE itmtype=9",$c); while($r=$db->fetch_row($er)) { $petid[$r['itmid']]++; } $pet[0]=array_rand($petid, 1); $pet[1]=array_rand($petid, 1);

+1 nice mod, despite many who are freaking about security, it's the thought that counts and hey it was free, its not hard for those who add this to their game to secure themselves, there are so many websites that offer security tuts for free also, just saying =)

@mystical you would add the img tag under where it says "Your current property: blah"

Also here is a good tip ALWAYS look under your error log that will also tell you what is wrong in your crons :-) @shakeynath Your missing a } before the ?> @Legend You have a } out of place in your cron... Try this... <?php include "config.php"; global $_CONFIG; if($_GET['code'] != $_CONFIG['code']) { die(""); } define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } $db->query("UPDATE users SET smoking=smoking-2 WHERE smoking > 0"); $db->query("UPDATE gangs SET gangCHOURS=gangCHOURS-1 WHERE gangCRIME>0"); $q=$db->query("SELECT g.*,oc.* FROM gangs g LEFT JOIN orgcrimes oc ON g.gangCRIME=oc.ocID WHERE g.gangCRIME > 0 AND g.gangCHOURS = 0"); while($r=$db->fetch_row($q)) { $suc=rand(0,1); if($suc) { $log=$r['ocSTARTTEXT'].$r['ocSUCCTEXT']; $muny=(int) (rand($r['ocMINMONEY'],$r['ocMAXMONEY'])); $log=str_replace(array("{muny}","'"),array($muny,"''"),$log); $db->query("UPDATE gangs SET gangMONEY=gangMONEY+$muny,gangCRIME=0 WHERE gangID={$r['gangID']}"); $db->query("INSERT INTO oclogs VALUES ('',{$r['ocID']},{$r['gangID']}, '$log', 'success', $muny, '{$r['ocNAME']}', unix_timestamp())"); $i=$db->insert_id(); $qm=$db->query("SELECT * FROM users WHERE gang={$r['gangID']}"); while($rm=$db->fetch_row($qm)) { event_add($rm['userid'],"Your Gang's Organised Crime Succeeded. Go [url='oclog.php?ID=$i']here[/url] to view the details.",$c); } } else { $log=$r['ocSTARTTEXT'].$r['ocFAILTEXT']; $muny=0; $log=str_replace(array("{muny}","'"),array($muny,"''"),$log); $db->query("UPDATE gangs SET gangCRIME=0 WHERE gangID={$r['gangID']}"); $db->query("INSERT INTO oclogs VALUES ('',{$r['ocID']},{$r['gangID']}, '$log', 'failure', $muny, '{$r['ocNAME']}', unix_timestamp())"); $i=$db->insert_id(); $qm=$db->query("SELECT * FROM users WHERE gang={$r['gangID']}"); while($rm=$db->fetch_row($qm)) { event_add($rm['userid'],"Your Gang's Organised Crime Failed. Go [url='oclog.php?ID=$i']here[/url] to view the details.",$c); } } } if(date('G')==17) { $db->query("UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid LEFT JOIN jobs j ON j.jID=u.job LEFT JOIN jobranks jr ON u.jobrank=jr.jrID SET u.money=u.money+jr.jrPAY, u.jobpoints=u.jobpoints+jr.jrPOINTS, u.exp=u.exp+(jr.jrPAY/20) WHERE u.job > 0 AND u.jobrank > 0"); $db->query("UPDATE userstats us LEFT JOIN users u ON u.userid=us.userid LEFT JOIN jobs j ON j.jID=u.job LEFT JOIN jobranks jr ON u.jobrank=jr.jrID SET us.strength=(us.strength+1)+jr.jrSTRG-1,us.labour=(us.labour+1)+jr.jrLABOURG-1,us.IQ=(us.IQ+1)+jr.jrIQG-1 WHERE u.job > 0 AND u.jobrank > 0"); } if($set['validate_period'] == 60 && $set['validate_on']) { $db->query("UPDATE users SET verified=0"); } $stock=$db->query("SELECT * FROM stock",$c); while($st=$db->fetch_row($stock)) { $rand1=(int) rand(1,2); $rand2=(int) rand(1,25); if($rand1 == 1) { $db->query("UPDATE stock SET stCOST=stCOST+$rand2,stPERC='$rand2' WHERE stID={$st['stID']}",$c); } else { $db->query("UPDATE stock SET stCOST=stCOST-$rand2,stPERC='-$rand2' WHERE stID={$st['stID']}",$c); } } $db->query("UPDATE stock SET stCOST=0 WHERE stCOST<0",$c); $db->query("DELETE FROM stock WHERE stCOST=0",$c); ?>

Also dont forget to secure output as well! I use the IBM website they have a lot of good tuts on there under theyre forum about security, but the main is what Isomerizer has said!

@Legend You dont have the sqls in your database thats the unknown column error your getting. [mysql]ALTER TABLE `users` ADD `traveltime` INT(11) NOT NULL DEFAULT '0';[/mysql]

Thanks for the advice I figured it out its actually NOT possible to do what I was talking about, it either has to be coded for increase or just decrease alone I figured out the solution and posted it under the free mod area. You would need to add one effect for decrease and another effect for increase for it to even work... If I wanted a increase of strength I would use effect 1 and if I wanted it decrease I would use effect2 for it to properly work when unequipping the weapon....

Ok figured this out lol. As for the effects done in item_staff Effect 1 is for increase Effect 2 is for decrease which you would have to take the coding if($r['effect2_on']) { $einfo=unserialize($r['effect2']); if(in_array($einfo['stat'], array('strength', 'agility', 'guard', 'labour', 'IQ'))) { $stats=$einfo['stat']; $upd=$einfo['inc_amount']; $db->query("UPDATE `userstats` SET $stats=$stats-$upd WHERE userid=$userid"); } } And add it under the effect 1 coding in all three pages... You can add effect 3 also you just change where 2 is in the coding and change to 3 also where the end query is -$upd that is where you make it so its decrease or increase in stat make sure in the unequip you do the opposite to each weapon equip page so when they take off a decrease weapon it put the players stat back to the orginal stat without weapons equipped.... So this way you can set a weapon at +5 strength with effect 1 and with effect 2 defence -2 which would make the attributes to the weapon. Also dont forget the bonus you can add where it says primary power you need to still fill that part out to make it equip-able. Sorry if I may have confused anyone...

This is the equip page that works while equipping both increase and decrease stat option.... <?php include "globals.php"; $_GET['ID'] = abs((int) $_GET['ID']); $id=$db->query("SELECT iv.*,it.* FROM inventory iv LEFT JOIN items it ON iv.inv_itemid=it.itmid WHERE iv.inv_id={$_GET['ID']} AND iv.inv_userid=$userid LIMIT 1"); if($db->num_rows($id)==0) { print "Invalid item ID"; $h->endpage(); exit; } else { $r=$db->fetch_row($id); } if(!$r['weapon']) { print "This item cannot be equipped to this slot."; $h->endpage(); exit; } if($_GET['type']) { if(!in_array($_GET['type'], array("equip_primary", "equip_secondary"))) { print "This slot ID is not valid."; $h->endpage(); exit; } if($r['effect1_on']) { $einfo=unserialize($r['effect1']); if(in_array($einfo['stat'], array('strength', 'agility', 'guard', 'labour', 'IQ'))) { $stats=$einfo['stat']; $upd=$einfo['inc_amount']; $db->query("UPDATE `userstats` SET $stats=$stats-$upd WHERE userid=$userid"); } else { if(in_array($einfo['stat'], array('strength', 'agility', 'guard', 'labour', 'IQ'))) { $stats=$einfo['stat']; $upd=$einfo['inc_amount']; $db->query("UPDATE `userstats` SET $stats=$stats+$upd WHERE userid=$userid"); } } } if($ir[$_GET['type']]) { item_add($userid, $ir[$_GET['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query("UPDATE users SET {$_GET['type']} = {$r['itmid']} WHERE userid={$userid}"); print "Item {$r['itmname']} equipped successfully."; } else { print "<h3>Equip Weapon</h3><hr /> <form action='equip_weapon.php' method='get'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> Please choose the slot to equip {$r['itmname']} to, if there is already a weapon in that slot, it will be removed back to your inventory. <input type='radio' name='type' value='equip_primary' checked='checked' /> Primary <input type='radio' name='type' value='equip_secondary' /> Secondary <input type='submit' value='Equip Weapon' /></form>"; } $h->endpage(); ?>   This is the unequip page that only works when you unequipped decrease stat option which it suppose to work with the increase option also. I've added the top query under globals also I doubt that is the problem I'm having... <?php include "globals.php"; $q=$db->query("SELECT * FROM items WHERE itmid IN({$ir['equip_primary']}, {$ir['equip_secondary']}, {$ir['equip_armor']})"); $r=$db->fetch_row($q); if(!in_array($_GET['type'], array("equip_primary", "equip_secondary", "equip_armor"))) { print "This slot ID is not valid."; $h->endpage(); exit; } if(!$ir[$_GET['type']]) { print "You do not have anything equipped in this slot."; $h->endpage(); exit; } if($r['effect1_on']) { $einfo=unserialize($r['effect1']); if($einfo['dir']=="neg") { if(in_array($einfo['stat'], array('strength', 'agility', 'guard', 'labour', 'IQ'))) { $stats=$einfo['stat']; $upd=$einfo['inc_amount']; $db->query("UPDATE `userstats` SET $stats=$stats+$upd WHERE userid=$userid"); } } else { if(in_array($ir[$einfo['stat']], array('strength', 'agility', 'guard', 'labour', 'IQ'))) { $einfo=unserialize($r['effect1']); $stats=$ir[$einfo['stat']]; $upd=$ir[$einfo['inc_amount']]; $db->query("UPDATE `userstats` SET $stats=$stats-$upd WHERE userid=$userid"); } } } item_add($userid, $ir[$_GET['type']], 1); $db->query("UPDATE users SET {$_GET['type']}=0 WHERE userid={$ir['userid']}"); $names=array( "equip_primary" => "Primary Weapon", "equip_secondary" => "Secondary Weapon", "equip_armor" => "Armor", ); print "The item in your {$names[$_GET['type']]} slot was successfully unequiped."; $h->endpage(); ?>