Saberman

Re: Jobs on view user Thank you +1

Re: does anyone know what is most likeily to case these errors yea it was empty fields fixed now +1

Re: How to secure a few things! Thank you Optimus Prime and karlos!! i have actually learnt a something and can secure my site and +1 for both

can any one modify this for me so i can view jobs on view user   $qqery= $db->query(sprintf("SELECT u.`userid`, u.`username`, u.`level`, u.`money`, u.`crystals`, u.`laston`, u.`lastip`, u.`energy`, u.`will`, u.`maxwill`, u.`brave`, u.`maxbrave`, u.`maxenergy`, u.`hp`, u.`maxhp`, u.`location`, u.`hospital`, u.`jail`, u.`jail_reason`, u.`fedjail`, u.`user_level`, u.`gender`, u.`daysold`, u.`signedup`, u.`gang`, u.`donatordays`, u.`email`, u.`display_pic`, u.`duties`, u.`staffnotes`, u.`hospreason`, u.`lastip_login`, u.`lastip_signup`, u.`last_login`, u.`friend_count`, u.`enemy_count`, u.`sig`, u.`married`, c.`cityid`, c.`cityname`, h.`hID`, h.`hNAME`, h.`hWILL`, g.`gangID`, g.`gangNAME`, f.`fed_userid`, f.`fed_days`, f.`fed_jailedby`, f.`fed_reason`, uu.`userid` AS `fed_jailer_id`, uu.`username` AS `fed_jailer` FROM `users` u LEFT JOIN `cities` c ON u.`location` = c.`cityid` LEFT JOIN `houses` h ON u.`maxwill` = h.`hWILL` LEFT JOIN `gangs` g ON g.`gangID` = u.`gang` LEFT JOIN `fedjail` f ON f.`fed_userid` = u.`userid` LEFT JOIN `users` uu ON f.`fed_jailedby` = uu.`userid` WHERE u.`userid` = '%u'", $_GET['u']));[/code

Re: viewuser

Re: viewuser this is the current viewuser i am using i would pay 2 pounds for anyone who can convert it in to that layout please   <?php include_once (DIRNAME(__FILE__) . '/globals.php'); include_once (DIRNAME(__FILE__) . '/includes/bbcode/viewfuncs.php'); $_GET['u'] = abs(@intval($_GET['u'])); $_GET['to'] = abs(@intval($_GET['to'])); if($ir['location'] > 1) { die("You cant use this feature in a different city."); } if(!$_GET['u']) { echo 'Invalid use of file'; $h->endpage(); exit; } else { $Find = $db->query(sprintf("SELECT u.`userid`, u.`username`, u.`level`, u.`money`, u.`crystals`, u.`laston`, u.`lastip`, u.`energy`, u.`will`, u.`maxwill`, u.`brave`, u.`maxbrave`, u.`maxenergy`, u.`hp`, u.`maxhp`, u.`location`, u.`hospital`, u.`jail`, u.`jail_reason`, u.`fedjail`, u.`user_level`, u.`gender`, u.`daysold`, u.`signedup`, u.`gang`, u.`donatordays`, u.`email`, u.`display_pic`, u.`duties`, u.`staffnotes`, u.`hospreason`, u.`lastip_login`, u.`lastip_signup`, u.`last_login`, u.`friend_count`, u.`enemy_count`, u.`sig`, u.`married`, c.`cityid`, c.`cityname`, h.`hID`, h.`hNAME`, h.`hWILL`, g.`gangID`, g.`gangNAME`, f.`fed_userid`, f.`fed_days`, f.`fed_jailedby`, f.`fed_reason`, uu.`userid` AS `fed_jailer_id`, uu.`username` AS `fed_jailer` FROM `users` u LEFT JOIN `cities` c ON u.`location` = c.`cityid` LEFT JOIN `houses` h ON u.`maxwill` = h.`hWILL` LEFT JOIN `gangs` g ON g.`gangID` = u.`gang` LEFT JOIN `fedjail` f ON f.`fed_userid` = u.`userid` LEFT JOIN `users` uu ON f.`fed_jailedby` = uu.`userid` WHERE u.`userid` = '%u'", $_GET['u'])); if(mysql_num_rows($Find) == '0') { echo 'Sorry, we could not find a user with that ID, check your source.'; $h->endpage(); exit; } else { $r = $db->fetch_row($Find); $CheckUserLevel = array( '0' => 'NPC', '1' => 'Member', '2' => 'Admin/Owner', '3' => 'Secretary', '4' => 'Moderator', '5' => 'Assistant' ); $UserLevel = $CheckUserLevel[$r['user_level']]; $LastOn = ($r['laston'] > '0') ? date('F j, Y g:i:s a', $r['laston']) : 'Never'; $SignedUp = date('F j, Y g:i:s a', $r['signedup']); if ($r['laston'] > '0') { $LA = time() - $r['laston']; $Unit1 = "Seconds"; if ($LA >= '60') { $LA = abs(@intval($LA/'60')); $Unit1 = "Minutes"; } if($LA >= '60') { $LA = (int) ($LA/'60'); $Unit1 = "Hours"; if($LA >= '24') { $LA = (int) ($LA/'24'); $Unit1 = "Days"; } } $LastAction = $LA.' '.$Unit1.' ago'; } else { $LastAction = 'Never'; } $m=$db->query("SELECT * FROM users WHERE userid=".$r['married']); $par=$db->fetch_row($m); if($r['married'] != 0) { $partner= "[url='viewuser.php?u={$par[']<font color=green>{$par['username']}</font>[/url]"; } else { $partner= "<font color=red>N/A</font>"; } if ($r['fedjail']) { echo sprintf("<span style='color: #FF000;'><h3>You Cannot See %s (%s) Profile While In Federal Jail!</h3></span>", ($r['gender'] == 'Male') ? 'His' : 'Her', stripslashes($r['username']), ($r['gender'] == 'Male') ? 'He Is' : 'She Is'); echo sprintf("Days In Fed: %s Day(s) Left ", number_format($r['fed_days'])); echo sprintf("Reason: %s ", stripslashes($r['fed_reason'])); $h->endpage(); exit; } if ($r['hospital']) { echo sprintf("[b]<span style='color: #FF0000;'>In hospital for %s minutes. ", number_format($r['hospital'])); echo sprintf("Reason: %s </span>[/b]", stripslashes($r['hospreason'])); } if ($r['jail']) { echo sprintf("[b]<span style='color: #FF0000;'>In jail for %s minutes. ", number_format($r['jail'])); echo sprintf("Reason: %s </span>[/b]", stripslashes($r['jail_reason'])); } echo ' <table width="95%" border="1" cellspacing="0" cellpadding="3" class="table"> <tr>'; echo sprintf("<th colspan='3'><h3 style='text-align: left; text-decoration: underline;'>%s %s</h3></th>", ($r['donatordays']) ? '<span style="color: blue;">'.stripslashes($r['username']).'\'s Profile</span>' : stripslashes($r['username']).'\'s Profile', ($r['donatordays']) ? '[img=donator.gif]' : ''); echo ' </tr> <tr>'; echo sprintf("<th width='50%%'>%s General Info</th>", ($r['gender'] == 'Male') ? 'His' : 'Her'); echo sprintf("<th width='50%%'>%s Display Picture</th>", ($r['gender'] == 'Male') ? 'His' : 'Her'); echo ' </tr> <tr> <td>'; echo sprintf("Name: %s [%s] %s ", ($r['donatordays']) ? '<span style="color: blue;">'.stripslashes($r['username']).'</span>' : stripslashes($r['username']), number_format($r['userid']), ($r['donatordays']) ? '[img=donator.gif]' : ''); echo sprintf("User Level: %s ", $UserLevel); echo sprintf("Duties: %s ", stripslashes($r['duties'])); echo sprintf("Level: %s ", number_format($r['level'])); echo sprintf("Rank: %s ", get_gamerank($r['level'],$r['hPRICE'],$r)); echo sprintf("Property: %s ", stripslashes($r['hNAME'])); echo sprintf("Gender: %s ", $r['gender']); echo sprintf("Married: %s ", "[url='viewuser.php?u={$r[']{$par['username']}[/url]"); echo sprintf("Job: %s ", $r['jNAME']); echo sprintf("Days Old: %s ", number_format($r['daysold'])); echo sprintf("Location: %s ", stripslashes($r['cityname'])); if($ir['location'] != $r['location']) { echo sprintf("[[url='monorail.php?to=%u']Travel[/url]]", @intval($r['location'])); } echo ' '; echo sprintf("Friends: %s ", number_format($r['friend_count'])); echo sprintf("Enemies: %s ", number_format($r['enemy_count'])); echo sprintf("Health: %s/%s ", number_format($r['hp']), number_format($r['maxhp'])); echo 'Gang: '; if ($r['gang']) { echo sprintf("[url='gangs.php?action=view&ID=%u']%s[/url] ", @intval($r['gang']), stripslashes($r['gangNAME'])); } else { echo 'Not in a gang. '; } echo sprintf("Signed Up: %s ", $SignedUp); echo sprintf("Last Action: %s ", $LastAction); echo sprintf("Status: %s ", ($r['laston'] >= time()-'15'*'60') ? '<blink><span style="color: #0D961F;">[b]Online[/b]</span></blink>' : '<span style="color: #FF0000;">[b]Offline[/b]</span>'); echo ' </td> <td width="50%" style="text-align:center;">'; if($r['display_pic']) { echo sprintf("[img=%s]", $r['display_pic']); } else { echo '[img=Images/NoDP.png]'; } echo ' </td> </tr> <tr> <th colspan="4"><h3 style="text-align: left; text-decoration: underline;">Links</h3></th> </tr> <tr> <td colspan="2" style="text-align:center;"> <table width="100%" cellspacing="0" border="1"> <tr style="font-weight:bold;" align="center">'; echo sprintf("<td colspan='4'>[url='attack.php?ID=%u']Attack[/url]</td>", @intval($r['userid'])); echo ' </tr> <tr style="font-weight:bold;" align="center">'; echo sprintf("<td width='50%%' colspan='2'>[url='mailbox.php?action=compose&ID=%u']Send Mail[/url]</td>", @intval($r['userid'])); echo sprintf("<td width='50%%' colspan='2'>[url='eventdisplay.php?u=%u']View Saved Events[/url]</td>", @intval($r['userid'])); echo ' </tr> <tr style="font-weight:bold;" align="center">'; echo sprintf("<td>[url='sendcash.php?ID=%u']Send Cash[/url]</td>", @intval($r['userid'])); echo sprintf("<td>[url='sendcrys.php?ID=%u']Send Crystals[/url]</td>", @intval($r['userid'])); echo sprintf("<td>[url='display.php?ID=%u']Display Cabinet[/url]</td>", @intval($r['userid'])); echo ' </tr>'; if ($ir['user_level'] == '2' || $ir['user_level'] == '3' || $ir['user_level'] == '4' || $ir['user_level'] == '5') { echo ' <tr style="font-weight:bold;" align="center">'; echo sprintf("<td colspan='2'>[url='jailuser.php?userid=%u']Jail[/url]</td>", @intval($r['userid'])); echo sprintf("<td colspan='2'>[url='mailban.php?userid={$r[']MailBan[/url]</td>", @intval($r['userid'])); echo ' </tr>'; } if ($ir['donatordays'] > '0') { echo ' <tr style="font-weight:bold;" align="center">'; echo sprintf("<td colspan='2'>[url='friendslist.php?action=add&ID=%u']Add Friends[/url]</td>", @intval($r['userid'])); echo sprintf("<td colspan='2'>[url='blacklist.php?action=add&ID=%u']Add Enemies[/url]</td>", @intval($r['userid'])); echo ' </tr>'; } echo ' </table> </td> </tr> <tr> <th colspan="4"><h3 style="text-align: left; text-decoration: underline;">Profile Signiture</h3></th> </tr> <tr>'; if ($r['sig']) { echo '<td colspan="4">'.nl2br($bbc->bbcode_parse($r['sig'])).'</td>'; } else { echo '<td colspan="4" style="text-align: center;">This User Has No Profile Signiture.</td>'; } echo ' </tr>'; if($ir['user_level'] == '2' || $ir['user_level'] == '3' || $ir['user_level'] == '4' || $ir['user_level'] == '5') { function checkblank($in) { if(!$in) { return 'N/A'; } return $in; } echo ' <tr> <td style="text-align:center;" colspan="2">'; $r['lastiph'] = @gethostbyaddr($r['lastip']); $r['lastiph'] = checkblank($r['lastiph']); $r['lastip_loginh'] = @gethostbyaddr($r['lastip_login']); $r['lastip_loginh'] = checkblank($r['lastip_loginh']); $r['lastip_signuph'] = @gethostbyaddr($r['lastip_signup']); $r['lastip_signuph'] = checkblank($r['lastip_signuph']); echo ' <h3 style="text-align: left; text-decoration: underline;">Internet Info</h3> <table width="100%" border="1" cellspacing="0" class="table"> <tr> <th></th> <th>IP</th> <th>Hostname</th> </tr> <tr> <td>Last Hit</td>'; echo sprintf("<td>%s</td>", $r['lastip']); echo sprintf("<td>%s</td>", $r['lastiph']); echo ' </tr> <tr> <td>Last Login</td>'; echo sprintf("<td>%s</td>", $r['lastip_login']); echo sprintf("<td>%s</td>", $r['lastip_loginh']); echo ' </tr> <tr> <td>Signup</td>'; echo sprintf("<td>%s</td>", $r['lastip_signup']); echo sprintf("<td>%s</td>", $r['lastip_signuph']); echo ' </tr> </table> <form action="staffnotes.php" method="post"> Staff Notes: '; echo sprintf("<textarea rows='7' cols='60' name='staffnotes'>%s</textarea> ", htmlspecialchars(stripslashes($r['staffnotes']))); echo sprintf("<input type='hidden' name='ID' value='%u' />", @intval($_GET['u'])); echo '<input type="submit" value="Change" /> </form> </td> </tr>'; } echo' </table>'; } } $h->endpage(); ?>

Re: viewuser i just asked for something with similar layout because i really like the look of the viewuser i didnt ask for his viewuser.php

Re: viewuser alot of game have the same one so not all of them have the copyright over it

does anyone know where i can get a view user like the one on this game its awesome Http://Murder-City.net

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/shafiq/public_html/newspaper.php on line 685 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/shafiq/public_html/newspaper.php on line 687

Re: change user ids their is no need for a mod it is really quiet simple

Re: user_level colours   If you user a function to print out your usernames (Such as using Username($userid) instead of just using $ir['username']) this is very easy and just involves modifying the function, But if your not there are other ways you could attempt to do it globally on your game such as in the globals checking like this....   if($r['user_level'] == 2) { $r['username'] = "<span style="color:red">".$r['username']."</span>"; } else { $r['username'] = $r['username']; }   No idea if this will work but i suppose its worth a try... I use $r because i beleive Mccode uses that on most pages (Viewuser and so on). Report back if it works :) that didnt work this is how my current one looks like   echo sprintf("Name: %s [%s] %s ", ($r['donatordays']) ? '<span style="color: blue;">'.stripslashes($r['username']).'</span>' : stripslashes($r['username']), number_format($r['userid']), ($r['donatordays']) ? '[img=donator.gif]' : '');

does anyone know how this would be modified so the user_level 2 have red name and user_level 3 has purple and user_level 4 has orange and user_level 5 has pink

Re: secure i have secured the get and post is it is their anymore that could be secured <?php include "globals.php"; if($ir['location'] > 1) { die("You cant use this feature while in a different city."); } print "<center><font size='4' face='Arial, Helvetica, sans-serif'>Your Properties</font><hr width=75%>"; switch($_GET['action']) { case 'sell': sell_house(); break; case 'market': market_house(); break; case 'give': send_house(); break; case 'move': move_house(); break; default: your_houses(); break; } function your_houses() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prOWNER={$userid} ORDER BY h.hPRICE ASC",$c); if ($db->num_rows($q) == 0) { print "You have no houses."; } else { print "<table width=60% cellspacing=1>"; while($r=$db->fetch_row($q)) { print "<tr>"; $dfi=$db->query("SELECT * FROM users WHERE userid={$r['prOWNER']}",$c); $tb=$db->fetch_row($dfi); print "<td valign='center'> [b]Property: [/b]{$r['hNAME']} [b]Owner: [/b][url='viewuser.php?u={$tb[']{$tb['username']}[/url] [b]Upkeep: [/b]\${$r['hTAX']} [b]Will: [/b]{$r['hWILL']}</td> <td align='center'> [[url='properties.php?action=move&ID={$r[']Move In[/url]] "; $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$r['prID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($r['hWILL'] != '100' && $tr == '0') { print " [[url='properties.php?action=market&ID={$r[']Market[/url]] [[url='properties.php?action=give&ID={$r[']Give[/url]] "; } $hprice=money_formatter($r['hPRICE']); print "</tr><tr><td height='10'></td></tr>"; } print "</table> "; } } function send_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } if($_POST['user']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($q)==0) { print " Invalid house ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $_POST['user'] = abs((int) $_POST['user']); $m=$db->query("SELECT * FROM users WHERE userid={$_POST['user']} LIMIT 1",$c); if($db->num_rows($m) == 0) { print " You are trying to send to an invalid user! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if (!$_GET['ID']) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $rm=$db->fetch_row($m); $_POST['user'] = abs((int) $_POST['user']); $_GET['ID'] = abs((int) $_GET['ID']); $db->query("UPDATE properties SET prOWNER={$_POST['user']} WHERE prID={$_GET['ID']}",$c); } print " You sent the {$r['hNAME']} to {$rm['username']}. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; $_POST['user'] = abs((int) $_POST['user']); event_add($_POST['user'],"You received the {$r['hNAME']} from [url='viewuser.php?u=$userid']{$ir['username']}[/url]",$c,'transfer'); } } else if($_GET['ID']) { $_GET['ID'] = abs((int) $_GET['ID']); $id=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($id)==0) { print " Invalid house ID. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if ($_GET['ID']==0) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($id); print " [b]Enter the ID of the user you want to give the {$r['hNAME']} to.[/b] <form action='properties.php?action=give&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' />User ID: <input type='text' name='user' value='' /> <input type='submit' value='Give House' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { print " Invalid use of file. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } function market_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } $_POST['price'] = abs((int) $_POST['price']); if($_POST['price']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $db->query("INSERT INTO propertymarket VALUES ('','$userid',{$_POST['price']},'{$r['hID']}')", $c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); print " House added to market. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { $q=$db->query("SELECT * FROM properties WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); print " Adding a house to the property market... <form action='properties.php?action=market&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> Price: <input type='text' name='price' value='0' /> <input type='submit' value='Add' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } } function move_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); $r=$db->fetch_row($q); if ($r['prOWNER'] != $ir['userid']) { print " This house does not belong to you. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $mpq=$db->query("SELECT * FROM houses WHERE hWILL={$ir['maxwill']}",$c); $mp=$db->fetch_row($mpq); print " You moved into your {$r['hNAME']}! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; $db->query("INSERT INTO `properties` (`prID`, `prOWNER`, `prHOUSE`) VALUES ('', '$userid', '{$mp['hID']}');",$c); $db->query("UPDATE users SET maxwill={$r['hWILL']},will=0 WHERE userid=$userid",$c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); } } $h->endpage(); ?>

Re: secure so will these be enough to secure those $_POST['user'] = abs((int) $_POST['user']); $_GET['ID'] = abs((int) $_GET['ID']);

Re: secure i ment is the script secure and if not what need to be secured

can some plase check this script and tell me if it is secure and if not which part need to be secure   <?php include "globals.php"; if($ir['location'] > 1) { die("You cant use this feature while in a different city."); } print "<center><font size='4' face='Arial, Helvetica, sans-serif'>Your Properties</font><hr width=75%>"; switch($_GET['action']) { case 'sell': sell_house(); break; case 'market': market_house(); break; case 'give': send_house(); break; case 'move': move_house(); break; default: your_houses(); break; } function your_houses() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prOWNER={$userid} ORDER BY h.hPRICE ASC",$c); if ($db->num_rows($q) == 0) { print "You have no houses."; } else { print "<table width=60% cellspacing=1>"; while($r=$db->fetch_row($q)) { print "<tr>"; $dfi=$db->query("SELECT * FROM users WHERE userid={$r['prOWNER']}",$c); $tb=$db->fetch_row($dfi); print "<td valign='center'> [b]Property: [/b]{$r['hNAME']} [b]Owner: [/b][url='viewuser.php?u={$tb[']{$tb['username']}[/url] [b]Upkeep: [/b]\${$r['hTAX']} [b]Will: [/b]{$r['hWILL']}</td> <td align='center'> [[url='properties.php?action=move&ID={$r[']Move In[/url]] "; $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$r['prID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($r['hWILL'] != '100' && $tr == '0') { print " [[url='properties.php?action=market&ID={$r[']Market[/url]] [[url='properties.php?action=give&ID={$r[']Give[/url]] "; } $hprice=money_formatter($r['hPRICE']); print "</tr><tr><td height='10'></td></tr>"; } print "</table> "; } } function send_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } if($_POST['user']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($q)==0) { print " Invalid house ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $m=$db->query("SELECT * FROM users WHERE userid={$_POST['user']} LIMIT 1",$c); if($db->num_rows($m) == 0) { print " You are trying to send to an invalid user! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if (!$_GET['ID']) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $rm=$db->fetch_row($m); $db->query("UPDATE properties SET prOWNER={$_POST['user']} WHERE prID={$_GET['ID']}",$c); } print " You sent the {$r['hNAME']} to {$rm['username']}. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; event_add($_POST['user'],"You received the {$r['hNAME']} from [url='viewuser.php?u=$userid']{$ir['username']}[/url]",$c,'transfer'); } } else if($_GET['ID']) { $id=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($id)==0) { print " Invalid house ID. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if ($_GET['ID']==0) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($id); print " [b]Enter the ID of the user you want to give the {$r['hNAME']} to.[/b] <form action='properties.php?action=give&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' />User ID: <input type='text' name='user' value='' /> <input type='submit' value='Give House' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { print " Invalid use of file. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } function market_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } $_POST['price'] = abs((int) $_POST['price']); if($_POST['price']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $db->query("INSERT INTO propertymarket VALUES ('','$userid',{$_POST['price']},'{$r['hID']}')", $c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); print " House added to market. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { $q=$db->query("SELECT * FROM properties WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); print " Adding a house to the property market... <form action='properties.php?action=market&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> Price: <input type='text' name='price' value='0' /> <input type='submit' value='Add' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } } function move_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); $r=$db->fetch_row($q); if ($r['prOWNER'] != $ir['userid']) { print " This house does not belong to you. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $mpq=$db->query("SELECT * FROM houses WHERE hWILL={$ir['maxwill']}",$c); $mp=$db->fetch_row($mpq); print " You moved into your {$r['hNAME']}! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; $db->query("INSERT INTO `properties` (`prID`, `prOWNER`, `prHOUSE`) VALUES ('', '$userid', '{$mp['hID']}');",$c); $db->query("UPDATE users SET maxwill={$r['hWILL']},will=0 WHERE userid=$userid",$c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); } } $h->endpage(); ?>[/code

how do i end the <align 'left'> tag and how would i make it so it is only is aligned left by certain pixel

Re: urgent question so the recoded forums in dev forums are not secure then becausehe say that where he was hacking from

Re: house pic   Thank you very very much CrazyT mate this works perfectly +1

i am try to select the userids house pic but i get an error $qn=$db->query("SELECT hsepics FROM houses where hsepics={$ir['hsepics']}"); $n=$db->fetch_row($qn); does anyone know what it is QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Query was SELECT hsepics FROM houses where hsepics=

i am new to php and as i was looking thorugh some of the modifications i noticed that most player use stuff like %u in querys and i would just like to ask what they mean and what why and how can i find out their value and how can i set a valu to one

Re: urgent question well first thing you need to do is find this and search for other secures and try to secure it   $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];   in login, header and register.php and any other files you can find it in and replace it with this $IP = $_SERVER['REMOTE_ADDR'];

What do you think of my simple but fast loading login page it took me half an hour to make out of the standered mccodes login page and this page does not eat up too much bandwith which will be extremlly usefull if the game get alot of members

Re: menu help tryed that but it wont work for me